发布求助
文献互助 智能选刊 最新文献

2013 International Conference on Availability, Reliability and Security最新文献

筛选
英文 中文
Enhancing Security Testing via Automated Replication of IT-Asset Topologies 通过自动复制it资产拓扑来增强安全性测试
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-11-07 DOI: 10.1109/ARES.2013.46
H. Birkholz, Ingo Sieverdingbeck, N. Kuntze, C. Rudolph
{"title":"Enhancing Security Testing via Automated Replication of IT-Asset Topologies","authors":"H. Birkholz, Ingo Sieverdingbeck, N. Kuntze, C. Rudolph","doi":"10.1109/ARES.2013.46","DOIUrl":"https://doi.org/10.1109/ARES.2013.46","url":null,"abstract":"Security testing of IT-infrastructure in a production environment can have a negative impact on business processes supported by IT-assets. A test bed can be used to provide an alternate testing environment in order to mitigate this impact. Unfortunately, for small and medium enterprises, maintaining a physical test bed and its consistency with the production environment is a cost-intensive task. In this paper, we present the Infrastructure Replication Process (IRP) and a corresponding Topology Editor, to provide a cost-efficient method that makes security testing in small and medium enterprises more feasible. We utilize a virtual environment as a test bed and provide a structured approach that takes into account the differences between a physical and a virtual environment. Open standards, such as SCAP, OVAL or XCCDF, and the utilization the Interconnected-asset Ontology-IO-support the integration of the IRP into existing (automated) processes. We use the implementation of a prototype to present a proof-of-concept that shows how typical challenges regarding security testing can be successfully mitigated via the IRP.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"61 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116911493","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Fraud Detection in Mobile Payments Utilizing Process Behavior Analysis 基于过程行为分析的移动支付欺诈检测
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.87
R. Rieke, M. Zhdanova, J. Repp, R. Giot, Chrystel Gaber
{"title":"Fraud Detection in Mobile Payments Utilizing Process Behavior Analysis","authors":"R. Rieke, M. Zhdanova, J. Repp, R. Giot, Chrystel Gaber","doi":"10.1109/ARES.2013.87","DOIUrl":"https://doi.org/10.1109/ARES.2013.87","url":null,"abstract":"Generally, fraud risk implies any intentional deception made for financial gain. In this paper, we consider this risk in the field of services which support transactions with electronic money. Specifically, we apply a tool for predictive security analysis at runtime which observes process behavior with respect to transactions within a money transfer service and tries to match it with expected behavior given by a process model. We analyze deviations from the given behavior specification for anomalies that indicate a possible misuse of the service related to money laundering activities. We evaluate the applicability of the proposed approach and provide measurements on computational and recognition performance of the tool - Predictive Security Analyser - produced using real operational and simulated logs. The goal of the experiments is to detect misuse patterns reflecting a given money laundering scheme in synthetic process behavior based on properties captured from real world transaction events.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120964330","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 41
Taxonomy for Social Network Data Types from the Viewpoint of Privacy and User Control 隐私与用户控制视角下的社交网络数据类型分类
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.18
Christian Richthammer, M. Netter, Moritz Riesner, G. Pernul
{"title":"Taxonomy for Social Network Data Types from the Viewpoint of Privacy and User Control","authors":"Christian Richthammer, M. Netter, Moritz Riesner, G. Pernul","doi":"10.1109/ARES.2013.18","DOIUrl":"https://doi.org/10.1109/ARES.2013.18","url":null,"abstract":"The growing relevance and usage intensity of Online Social Networks (OSNs) along with the accumulation of a large amount of user data has led to privacy concerns among researchers and end users. Despite a large body of research addressing OSN privacy issues, little differentiation of data types on social network sites is made and a generally accepted classification and terminology for such data is missing, hence leading to confusion in related discussions. This paper proposes a taxonomy for data types on OSNs based on a thorough literature analysis and a conceptualization of typical OSN user activities. It aims at clarifying discussions among researchers, benefiting comparisons of data types within and across OSNs and at educating the end user about characteristics and implications of OSN data types. The taxonomy is evaluated by applying it to four major OSNs.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122384124","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Taxonomy for Port Security Systems 港口保安系统分类法
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.78
T. Gustavi, P. Svenson
{"title":"Taxonomy for Port Security Systems","authors":"T. Gustavi, P. Svenson","doi":"10.1109/ARES.2013.78","DOIUrl":"https://doi.org/10.1109/ARES.2013.78","url":null,"abstract":"In this paper we describe the construction of a taxonomy for port security systems that we performed as part of the EU FP-7 project SUPPORT (Security UPgrade for Ports). The purpose of the taxonomy is to enable port stakeholders to exchange information and to provide them with computer-based automatic decision support systems, assisting the human operator in the assessment of threat levels for a number of pre-defined threats. The decision support system uses text based automatic reasoning and high-level information fusion to identify threat indicators in the input data. Thus, the existence of a taxonomy containing well-defined terms that can be used by the reasoning system is essential. In the paper we describe the method used to construct the taxonomy, viz. first constructing a draft taxonomy and then gathering feedback on this using questionnaires. The questionnaires were motivated by the necessity to embody experience and knowledge from different groups of people involved in the project, most of which are not used to formally defining their vocabulary. Over-all, the method proved to work well and produced the expected result, namely a basic taxonomy that can be used by a decision support system, and that can be extended during the project according to need.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"57 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122193077","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Towards an Ontology for Cloud Security Obligations 面向云安全义务的本体
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.76
K. Bernsmed, A. Undheim, P. H. Meland, M. Jaatun
{"title":"Towards an Ontology for Cloud Security Obligations","authors":"K. Bernsmed, A. Undheim, P. H. Meland, M. Jaatun","doi":"10.1109/ARES.2013.76","DOIUrl":"https://doi.org/10.1109/ARES.2013.76","url":null,"abstract":"This paper presents an ontology for Cloud security obligations, which is based on a number of industry accepted standards and guidelines. The ontology terms and relationships have been defined in the W3C ontology language OWL and includes a number of technical security controls that can be implemented by public Cloud providers. This paper outlines the ontology and demonstrates how it can be used in two different application areas.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129001652","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Addressing Security Issues of Electronic Health Record Systems through Enhanced SIEM Technology 通过增强SIEM技术解决电子健康记录系统的安全问题
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.85
Cesario Di Sarno, Valerio Formicola, M. Sicuranza, Giovanni Paragliola
{"title":"Addressing Security Issues of Electronic Health Record Systems through Enhanced SIEM Technology","authors":"Cesario Di Sarno, Valerio Formicola, M. Sicuranza, Giovanni Paragliola","doi":"10.1109/ARES.2013.85","DOIUrl":"https://doi.org/10.1109/ARES.2013.85","url":null,"abstract":"Electronic Health Records (EHR) are digital documents containing citizen medical information that can be used for advanced eHealth services, like emergency patient summary retrieving, historical data and events analysis, remote medical report access, e-Prescription. In this work we present the case study of an EHR management infrastructure, namely the InFSE, which implements a federated network of regional autonomous districts deployed on national scale. Despite the adoption of access control mechanisms based on authenticated transactions and assertions, the InFSE can be illegitimately used to retrieve patient health data and violate the citizen's privacy. We propose an enhanced Security Information and Event Management (SIEM) system, namely MASSIF, which is able to discover business logic anomalies and protect the identities of involved parties. In particular we focus on the software modules that perform sophisticated data aggregation and analysis, and provide fault and intrusion tolerant storage facilities, namely the Generic Event Translator, the Security Probes and the Trustworthy Event Storage. The components have been integrated on the widely used open source OSSIM SIEM and validated on a realistic test bed based on elements of the InFSE infrastructure.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130636098","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Structured Pattern-Based Security Requirements Elicitation for Clouds 基于结构化模式的云安全需求引出
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.61
Kristian Beckers, M. Heisel, Isabelle Côté, Ludger Goeke, Selim Güler
{"title":"Structured Pattern-Based Security Requirements Elicitation for Clouds","authors":"Kristian Beckers, M. Heisel, Isabelle Côté, Ludger Goeke, Selim Güler","doi":"10.1109/ARES.2013.61","DOIUrl":"https://doi.org/10.1109/ARES.2013.61","url":null,"abstract":"Economic benefits make cloud computing systems a very attractive alternative to traditional IT-systems. However, numerous concerns about the security of cloud computing services exist. Potential cloud customers have to be confident that the cloud services they acquire are secure for them to use. Therefore, they have to have a clear set of security requirements covering their security needs. Eliciting these requirements is a difficult task, because of the amount of stakeholders and technical components to consider in a cloud environment. That is why we propose a structured, pattern-based method supporting eliciting security requirements. The method guides a potential cloud customer to model a cloud system via our cloud system analysis pattern. The instantiated pattern establishes the context of a cloud scenario. Then, the information of the instantiated pattern can be used to fill-out our textual security requirements patterns. The presented method is tool-supported. Our tool supports the instantiation of the cloud system analysis pattern and automatically transferes the information from the instance to the security requirements patterns. In addition, we have validation conditions that check e.g., if a security requirement refers to at least one element in the cloud. We illustrate our method using an online-banking system as running example.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121310297","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
Statistical Inference for Multi-state Systems: The Weibull Case 多状态系统的统计推断:威布尔情况
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.99
A. Makrides, A. Karagrigoriou
{"title":"Statistical Inference for Multi-state Systems: The Weibull Case","authors":"A. Makrides, A. Karagrigoriou","doi":"10.1109/ARES.2013.99","DOIUrl":"https://doi.org/10.1109/ARES.2013.99","url":null,"abstract":"Markov processes are widely used for reliability analysis because the number of failures in arbitrary time intervals in many practical cases can be described as a Poisson process and the time up to the failure and repair time are often exponentially distributed. In this work we focus on the estimation of both the intensity rates and transition probabilities via output performance observations using as an alternative distribution, the well known Weibull distribution.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"56 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121599345","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Artificial Aging of Mobile Devices Using a Simulated GSM/GPRS Network 基于模拟GSM/GPRS网络的移动设备人工老化研究
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.64
R. Stobe, Hans Höfken, Marko Schuba, Michael Breuer
{"title":"Artificial Aging of Mobile Devices Using a Simulated GSM/GPRS Network","authors":"R. Stobe, Hans Höfken, Marko Schuba, Michael Breuer","doi":"10.1109/ARES.2013.64","DOIUrl":"https://doi.org/10.1109/ARES.2013.64","url":null,"abstract":"The analysis of mobile devices is a fast moving area in digital forensics. Investigators frequently are challenged by devices which are not supported by existing mobile forensic tools. Low level techniques like de-soldering the flash memory chip and extracting its data provide an investigator with the exhibits internal memory, however, the interpretation of the data can be difficult as mobile device and flash chip manufacturers use their own proprietary techniques to encode and store data. The approach presented in this paper helps investigators to analyze this proprietary encoding by feeding a reference device identical to the exhibit with real data in a controlled way. This \"artificial ageing\" of the reference device is achieved using an isolated GSM/GPRS network plus additional software in a lab environment. After the ageing process is completed, the internal memory of the reference device can be acquired and used to reverse engineer the high level file system and the encoding of the data previously fed to the phone, like received SMS messages or calls. When sufficient knowledge about the interpretation of the memory image has been built up, it can be applied to the original evidence in order to analyze data and files relevant for the case. The successful operation of the solution is demonstrated in a proof of concept for SMS messages.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128130948","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Reliability Prediction for Component-Based Software Systems with Architectural-Level Fault Tolerance Mechanisms 基于架构级容错机制的组件软件系统可靠性预测
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.22667/JOWUA.2014.03.31.004
T. Pham, X. Défago
{"title":"Reliability Prediction for Component-Based Software Systems with Architectural-Level Fault Tolerance Mechanisms","authors":"T. Pham, X. Défago","doi":"10.22667/JOWUA.2014.03.31.004","DOIUrl":"https://doi.org/10.22667/JOWUA.2014.03.31.004","url":null,"abstract":"Reliability, one of the most important quality attributes of a software system, should be considered early in the development. Software fault tolerance mechanisms (FTMs) are often included in a software system to improve the system reliability. Their reliability impact highly depends on the application context. Existing reliability prediction approaches for component-based software systems either do not support modeling FTMs or have a limited expressiveness of FTMs. In this paper, we present a novel extension built upon the core model of a recent component-based reliability prediction approach to offer an explicit and flexible definition of reliability-relevant behavioral aspects (i.e. error detection and error handling) of FTMs, and an efficient evaluation of their reliability impact in the dependence of the whole system architecture and usage profile. Our approach is validated in two case studies, by modeling the reliability, conducting reliability predictions and sensitivity analyses, and demonstrating its ability to support design decisions.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128201848","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信