发布求助
文献互助 智能选刊 最新文献

First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings.最新文献

筛选
英文 中文
Using the trees to find the forest trustworthy computing as a systems-level issue 使用树来找到森林可信计算作为一个系统级问题
First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings. Pub Date : 2003-03-24 DOI: 10.1109/IWIAS.2003.1192463
J. James, F. Mabry
{"title":"Using the trees to find the forest trustworthy computing as a systems-level issue","authors":"J. James, F. Mabry","doi":"10.1109/IWIAS.2003.1192463","DOIUrl":"https://doi.org/10.1109/IWIAS.2003.1192463","url":null,"abstract":"There is a need to provide information system managers with better tools to estimate the trustworthiness of an information system. We believe it is necessary to consider trustworthiness of an enterprise information system as being more than an estimate of the reliability of the individual components. Some approach for analyzing component-level attacks to evaluate the impact on enterprise-level goals is needed as well as some approach for analyzing a series of information system attacks as part of a possible attack plan against the enterprise. Lower-level sensing of malicious activities and reaction to these activities is necessary to maintain reliability of individual information system components. However, toomuch of the current research effort is directed at component-level activity detection and reaction and too little of the current effort is directed at enterprise-level detection and reaction. We provide some thoughts on what is needed to be able to accumulate estimates of reliabilities of information system components into estimates of trustworthiness of information systems.","PeriodicalId":186507,"journal":{"name":"First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings.","volume":"134 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128977088","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
A tamper-resistant framework for unambiguous detection of attacks in user space using process monitors 一个防篡改框架,用于使用进程监视器明确检测用户空间中的攻击
First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings. Pub Date : 2003-03-24 DOI: 10.1109/IWIAS.2003.1192456
R. Chinchani, S. Upadhyaya, K. Kwiat
{"title":"A tamper-resistant framework for unambiguous detection of attacks in user space using process monitors","authors":"R. Chinchani, S. Upadhyaya, K. Kwiat","doi":"10.1109/IWIAS.2003.1192456","DOIUrl":"https://doi.org/10.1109/IWIAS.2003.1192456","url":null,"abstract":"Replication and redundancy techniques rely on the assumption that a majority of components are always safe and voting is used to resolve any ambiguities. This assumption may be unreasonable in the context of attacks and intrusions. An intruder could compromise any number of the available copies of a service resulting in a false sense of security. The kernel based approaches have proven to be quite effective but they cause performance impacts if any code changes are in the critical path. We provide an alternate user space mechanism consisting of process monitors by which such user space daemons can be unambiguously monitored without causing serious performance impacts. A framework that claims to provide such a feature must itself be tamper-resistant to attacks. We theoretically analyze and compare some relevant schemes and show their fallibility. We propose our own framework that is based on some simple principles of graph theory and well-founded concepts in topological fault tolerance, and show that it can not only unambiguously detect any such attacks on the services but is also very hard to subvert. We also present some preliminary results as a proof of concept.","PeriodicalId":186507,"journal":{"name":"First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings.","volume":"163 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124576482","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
Computational complexity of the network routing logical security assessment process 网络路由逻辑安全评估过程的计算复杂度
First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings. Pub Date : 2003-03-24 DOI: 10.1109/IWIAS.2003.1192457
Cédric Llorens, Denis Valois, Yannick Le Teigner, Alexandre Gibouin
{"title":"Computational complexity of the network routing logical security assessment process","authors":"Cédric Llorens, Denis Valois, Yannick Le Teigner, Alexandre Gibouin","doi":"10.1109/IWIAS.2003.1192457","DOIUrl":"https://doi.org/10.1109/IWIAS.2003.1192457","url":null,"abstract":"We present how to assess the network routing logical security policy of an Internet Service Provider network, through a reverse-engineering process performed on the network router configurations. The paper covers the definition of a network routing logical security policy and how to implement it in the network router configurations. In addition, it details the algorithms and their asymptotic time complexity required to assess this security policy.","PeriodicalId":186507,"journal":{"name":"First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings.","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127683235","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Intrusion detection testing and benchmarking methodologies 入侵检测测试和基准测试方法
First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings. Pub Date : 2003-03-24 DOI: 10.1109/IWIAS.2003.1192459
N. Athanasiades, Randal T. Abler, J. Levine, H. Owen, G. Riley
{"title":"Intrusion detection testing and benchmarking methodologies","authors":"N. Athanasiades, Randal T. Abler, J. Levine, H. Owen, G. Riley","doi":"10.1109/IWIAS.2003.1192459","DOIUrl":"https://doi.org/10.1109/IWIAS.2003.1192459","url":null,"abstract":"The ad-hoc methodology that is prevalent in today's testing and evaluation of network intrusion detection algorithms and systems makes it difficult to compare different algorithms and approaches. After conducting a survey of the literature on the methods and techniques being used, it can be seen that a new approach that incorporates an open source testing methodology and environment would benefit the information assurance community. After summarizing the literature and presenting several example test and evaluation environments that have been used in the past, we propose a new open source evaluation environment and methodology for use by researchers and developers of new intrusion detection and denial of service detection and prevention algorithms and methodologies.","PeriodicalId":186507,"journal":{"name":"First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings.","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129952938","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 78
Stochastic protocol modeling for anomaly based network intrusion detection 基于异常的网络入侵检测随机协议建模
First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings. Pub Date : 2003-03-24 DOI: 10.1109/IWIAS.2003.1192454
J. Tapiador, P. García-Teodoro, J. D. Verdejo
{"title":"Stochastic protocol modeling for anomaly based network intrusion detection","authors":"J. Tapiador, P. García-Teodoro, J. D. Verdejo","doi":"10.1109/IWIAS.2003.1192454","DOIUrl":"https://doi.org/10.1109/IWIAS.2003.1192454","url":null,"abstract":"A new method for detecting anomalies in the usage of protocols in computer networks is presented. The proposed methodology is applied to TCP and disposed in two steps. First, a quantization of the TCP header space is accomplished, so that a unique symbol is associated with each TCP segment. TCP-based network traffic is thus captured, quantized and represented by a sequence of symbols. The second step in our approach is the modeling of these sequences by means of a Markov chain. The analysis of the model obtained for diverse TCP sources reveals that it captures adequately the essence of the protocol dynamics. Once the model is built it is possible to use it as a representation of the normal usage of the protocol, so that deviations from the behavior provided by the model can be considered as a sign of protocol misusage.","PeriodicalId":186507,"journal":{"name":"First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings.","volume":"180 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124507867","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 63
Intrusion Detection Force: an infrastructure for Internet-scale intrusion detection 入侵检测力:用于互联网规模入侵检测的基础设施
First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings. Pub Date : 2003-03-24 DOI: 10.1109/IWIAS.2003.1192460
L. Teo, Yuliang Zheng, Gail-Joon Ahn
{"title":"Intrusion Detection Force: an infrastructure for Internet-scale intrusion detection","authors":"L. Teo, Yuliang Zheng, Gail-Joon Ahn","doi":"10.1109/IWIAS.2003.1192460","DOIUrl":"https://doi.org/10.1109/IWIAS.2003.1192460","url":null,"abstract":"Intrusion detection systems (IDSs) are usually deployed within the confines of an organization. There is usually no exchange of information between an IDS in one organization with those in other organizations. The effectiveness of IDSs at detecting present-day sophisticated attacks would increase significantly if there are inter-organizational communication and sharing of information among IDSs. We envision a global Internet-scale defense infrastructure, which we call the Intrusion Detection Force (IDF), that would protect organizations and defend the Internet as a whole. The paper provides a blueprint of the IDF, where we discuss the requirements to deploy such an infrastructure, and describe its architecture and design in terms of its basic building blocks and major components. We also describe a few at:applications of the IDF architecture, and provide a small experimental prototype that we are currently extending as part of our vision to implement the full IDF infrastructure.","PeriodicalId":186507,"journal":{"name":"First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings.","volume":"232 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132259601","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 27
IT design criteria for damage reduction 减少损坏的IT设计标准
First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings. Pub Date : 2003-03-24 DOI: 10.1109/IWIAS.2003.1192458
Volker Hammer
{"title":"IT design criteria for damage reduction","authors":"Volker Hammer","doi":"10.1109/IWIAS.2003.1192458","DOIUrl":"https://doi.org/10.1109/IWIAS.2003.1192458","url":null,"abstract":"In order to obtain security from the perspective of a social system, not only the damage probability but also the maximum possible damage must be reduced. Analysing social risk assessment shows us that the latter issue needs more attention. Moreover, autonomous decisions about risk as well as experience gathering are relevant factors of social risk assessment. IT systems therefore need to include appropriate features in order to comply with these factors. The paper explains how these features can be identified using requirements analysis, starting from the social goals. Ten highly reusable socio-technical criteria can be derived from social goals during this process. Complying features especially support responses of the social system in case of a technical system disturbance.","PeriodicalId":186507,"journal":{"name":"First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings.","volume":"195 S556","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"113972701","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Designing a framework for active worm detection on global networks 设计一种基于全局网络的主动蠕虫检测框架
First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings. Pub Date : 2003-03-24 DOI: 10.1109/IWIAS.2003.1192455
V. Berk, G. Bakos, R. Morris
{"title":"Designing a framework for active worm detection on global networks","authors":"V. Berk, G. Bakos, R. Morris","doi":"10.1109/IWIAS.2003.1192455","DOIUrl":"https://doi.org/10.1109/IWIAS.2003.1192455","url":null,"abstract":"Past active Internet worms have caused widespread damage. Knowing the connection characteristics of such a worm very early in its proliferation cycle might provide first responders with an opportunity to intercept a global scale epidemic. We are presenting a scalable framework for detecting, in near-real-time, active Internet worms on global networks, both public and private. By aggregating network error messages resulting from failed attempts at packet delivery, we are able to infer deviant connection behavior of hosts on interconnected networks. The Internet Control Message Protocol (ICMP) provides such error notification. Using a potentially unlimited number of collectors and analyzers, we identify 'blooms' of activity. The connection characteristics of these 'blooms' are then correlated to identify worm-like behavior, and an alert is raised. Promising results have been produced with a simulated Internet worm, demonstrating that new worms can be detected within the first few minutes after release, depending on the level of participating router coverage.","PeriodicalId":186507,"journal":{"name":"First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings.","volume":"337 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122751905","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 80
Protecting the integrity of an entire file system 保护整个文件系统的完整性
First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings. Pub Date : 2003-03-24 DOI: 10.1109/IWIAS.2003.1192462
Fujita Tomonori, Ogawara Masanori
{"title":"Protecting the integrity of an entire file system","authors":"Fujita Tomonori, Ogawara Masanori","doi":"10.1109/IWIAS.2003.1192462","DOIUrl":"https://doi.org/10.1109/IWIAS.2003.1192462","url":null,"abstract":"This paper describes Arbre, a file system designed to run on untrusted remote storage connected to a server by networking fabrics. Arbre structures all blocks as a tree, and stores a pointer pointing to a block and a cryptographic hash of the block's contents together. This scheme allows Arbre to protect the integrity of the entire file system rather than the integrity of each block or each file individually. In addition, the root of a tree is not written to disk after until all modified data are written to disk, and modified data are always written to new locations on disk. With this scheme, in the event of a system failure, both meta-data and file-data are maintained in a consistent state, and there is no possibility that users see any inconsistency between contents of a block and its hash.","PeriodicalId":186507,"journal":{"name":"First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings.","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123416783","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
A guard architecture for improved coalition operations 改进联合作战的警卫架构
First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings. Pub Date : 2003-03-24 DOI: 10.1109/IWIAS.2003.1192461
T. Gibson
{"title":"A guard architecture for improved coalition operations","authors":"T. Gibson","doi":"10.1109/IWIAS.2003.1192461","DOIUrl":"https://doi.org/10.1109/IWIAS.2003.1192461","url":null,"abstract":"Current US military operations with coalition partners or allies are hampered by a lack of computer network interoperability. While this problem can probably be solved long-term for all computer services by new technology, centrally administered, secured, and widely available electronic mail (for authorized and registered users) with attachments between the US SECRET IP Routed Network (SIPRNET) and our foreign partner's classified networks lies within our grasp now. While email is not the ultimate answer, it is the 70% solution. The way to achieve this is to modify our existing mail guard policy and change how the mail guards are administered. The paper explains how the current system works, what the policy should be, and proposes a specific technical solution. Neither the technical solution nor the policy change can be effective without the other; both are required to make the whole work.","PeriodicalId":186507,"journal":{"name":"First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings.","volume":"519 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133226139","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信