发布求助
文献互助 智能选刊 最新文献

2013 International Conference on Availability, Reliability and Security最新文献

筛选
英文 中文
Estimating the Value of Personal Information with SNS Utility 利用SNS效用估算个人信息的价值
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.67
Memiko Ootsuki, N. Sonehara
{"title":"Estimating the Value of Personal Information with SNS Utility","authors":"Memiko Ootsuki, N. Sonehara","doi":"10.1109/ARES.2013.67","DOIUrl":"https://doi.org/10.1109/ARES.2013.67","url":null,"abstract":"Along with the dramatic growth in the use of the Internet, online services such as social networking sites have become more and more popular and sophisticated. However, at the same time, the collection of life-log data, and in particular the use of this collected personal information, has widely raised public concern regarding privacy protection. In this study, we divide personal information into three categories and find that people are more sensitive about their personal identifiers than other types of information such as demographic information or preferences. We also attempt to measure the value compatibility with online services by using survey questions that ask online users how much they are willing to pay to protect (limited disclosure or complete non-disclosure) their personal information. The responses revealed that people are willing to shoulder the cost to keep using online services if they think the service is attractive enough.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"35 9","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"113977040","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Run-Time Risk Management in Adaptive ICT Systems 自适应ICT系统的运行时风险管理
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.20
M. Surridge, B. Nasser, Xiaoyu Chen, A. Chakravarthy, P. Melas
{"title":"Run-Time Risk Management in Adaptive ICT Systems","authors":"M. Surridge, B. Nasser, Xiaoyu Chen, A. Chakravarthy, P. Melas","doi":"10.1109/ARES.2013.20","DOIUrl":"https://doi.org/10.1109/ARES.2013.20","url":null,"abstract":"We will present results of the SERSCIS project related to risk management and mitigation strategies in adaptive multi-stakeholder ICT systems. The SERSCIS approach involves using semantic threat models to support automated design-time threat identification and mitigation analysis. The focus of this paper is the use of these models at run-time for automated threat detection and diagnosis. This is based on a combination of semantic reasoning and Bayesian inference applied to run-time system monitoring data. The resulting dynamic risk management approach is compared to a conventional ISO 27000 type approach, and validation test results presented from an Airport Collaborative Decision Making (A-CDM) scenario involving data exchange between multiple airport service providers.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131358510","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
Reputation-Controlled Business Process Workflows 声誉控制的业务流程工作流
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.11
B. Aziz, G. Hamilton
{"title":"Reputation-Controlled Business Process Workflows","authors":"B. Aziz, G. Hamilton","doi":"10.1109/ARES.2013.11","DOIUrl":"https://doi.org/10.1109/ARES.2013.11","url":null,"abstract":"This paper presents a model solution for controlling the execution of BPEL business processes based on reputation constraints at the level of the services, the service providers and the BPEL workflow. The reputation constraints are expressed as part of an SLA and are then enforced at runtime by a reputation monitoring system. We use our model to demonstrate how trust requirements based on such reputation constraints can be upheld in a real world example of a distributed map processing defined as a BPEL workflow.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134017465","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Revisiting Circuit Clogging Attacks on Tor 重新审视对Tor的电路阻塞攻击
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.17
Eric Chan-Tin, Ji-Ahn Shin, Jiangmin Yu
{"title":"Revisiting Circuit Clogging Attacks on Tor","authors":"Eric Chan-Tin, Ji-Ahn Shin, Jiangmin Yu","doi":"10.1109/ARES.2013.17","DOIUrl":"https://doi.org/10.1109/ARES.2013.17","url":null,"abstract":"Tor is a popular anonymity-providing network used by over 500,000 users daily. The Tor network is made up of volunteer relays. To anonymously connect to a server, a user first creates a circuit, consisting of three relays, and routes traffic through these proxies before connecting to the server. The client is thus hidden from the server through three Tor proxies. If the three Tor proxies used by the client could be identified, the anonymity of the client would be reduced. One particular way of identifying the three Tor relays in a circuit is to perform a circuit clogging attack. This attack requires the client to connect to a malicious server (malicious content, such as an advertising frame, can be hosted on a popular server). The malicious server alternates between sending bursts of data and sending little traffic. During the burst period, the three relays used in the circuit will take longer to relay traffic due to the increase in processing time for the extra messages. If Tor relays are continuously monitored through network latency probes, an increase in network latency indicates that this Tor relay is likely being used in that circuit. We show, through experiments on the real Tor network, that the Tor relays in a circuit can be identified. A detection scheme is also proposed for clients to determine whether a circuit clogging attack is happening. The costs for both the attack and the detection mechanism are small and feasible in the current Tor network.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"115 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123455991","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
A Problem-Based Threat Analysis in Compliance with Common Criteria 符合通用标准的基于问题的威胁分析
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.21
Kristian Beckers, Denis Hatebur, M. Heisel
{"title":"A Problem-Based Threat Analysis in Compliance with Common Criteria","authors":"Kristian Beckers, Denis Hatebur, M. Heisel","doi":"10.1109/ARES.2013.21","DOIUrl":"https://doi.org/10.1109/ARES.2013.21","url":null,"abstract":"In order to gain their customers' trust, software vendors can certify their products according to security standards, e.g., the Common Criteria (ISO 15408). A Common Criteria certification requires a comprehensible documentation of the software product, including a detailed threat analysis. In our work, we focus on improving that threat analysis. Our method is based upon an attacker model, which considers attacker types like software attacker that threaten only specific parts of a system. We use OCL expressions to check if all attackers for a specific domain have been considered. For example, we propose a computer-aided method that checks if all software systems have either considered a software attacker or documented an assumption that excludes software attackers. Hence, we propose a structured method for threat analysis that considers the Common Criteria's (CC) demands for documentation of the system in its environment and the reasoning that all threats are discovered. We use UML4PF, a UML profile and support tool for Jackson's problem frame method and OCL for supporting security reasoning, validation of models, and also to generate Common Criteria-compliant documentation. Our threat analysis method can also be used for threat analysis without the common criteria, because it uses a specific part of the UML profile that can be adapted to other demands with little effort. We illustrate our approach with the development of a smart metering gateway system.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"52 1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123458551","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 20
Some General Properties of Multi-state Physical Models 多态物理模型的一些一般性质
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.96
P. Rocchi, G. Tsitsiashvili
{"title":"Some General Properties of Multi-state Physical Models","authors":"P. Rocchi, G. Tsitsiashvili","doi":"10.1109/ARES.2013.96","DOIUrl":"https://doi.org/10.1109/ARES.2013.96","url":null,"abstract":"The present contribution centers on the physical models of the stochastic system, in particular we investigate the general properties of functioning and repair/maintenance states of systems. Each macro-state has a number of sub-states that assume different patterns. We depict artificial systems with a linear pattern, and biological systems with a mesh patter. The behavior of each pattern, calculated by means of the Boltzmann-like entropy, is consistent with empirical data. Moreover the present work focuses on the reparability function - derived by the Boltzmann-like entropy - which describes common features of repairable systems.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125328331","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Overview of Recent Advances in CCTV Processing Chain in the INDECT and INSIGMA Projects CCTV处理链在INDECT和INSIGMA项目中的最新进展综述
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.112
A. Dziech, Jaroslaw Bialas, A. Glowacz, Pawel Korus, M. Leszczuk, Andrzej Matiolański, R. Baran
{"title":"Overview of Recent Advances in CCTV Processing Chain in the INDECT and INSIGMA Projects","authors":"A. Dziech, Jaroslaw Bialas, A. Glowacz, Pawel Korus, M. Leszczuk, Andrzej Matiolański, R. Baran","doi":"10.1109/ARES.2013.112","DOIUrl":"https://doi.org/10.1109/ARES.2013.112","url":null,"abstract":"Intelligent monitoring is currently one of the most prominent research areas. Numerous aspects of such schemes need to be addressed by implementation of various modules covering a wide range of algorithms, beginning from video analytic modules, through quality assessment, up to integrity verification. The goal of this paper is to provide a brief overview of the most recent research results regarding various aspects of the video surveillance processing chain. Specifically, the paper describes a scheme for automatic recognition of the make and model of passing vehicles, the state-of-the-art in quality assessment for recognition tasks, and a system for verification of digital evidence integrity. Concluding remarks highlight the perspectives for further development of the described techniques, and the related research directions.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"53 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126060862","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Scope of Security Properties of Sanitizable Signatures Revisited 重新讨论可消毒液签名的安全属性范围
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.26
H. Meer, H. C. Pöhls, J. Posegga, Kai Samelin
{"title":"Scope of Security Properties of Sanitizable Signatures Revisited","authors":"H. Meer, H. C. Pöhls, J. Posegga, Kai Samelin","doi":"10.1109/ARES.2013.26","DOIUrl":"https://doi.org/10.1109/ARES.2013.26","url":null,"abstract":"Sanitizable signature schemes allow for altering signed data in a signer-controlled way by a semi-trusted third party. This is contrary to standard digital signature schemes, which do not permit any modifications by any party without invalidating the signature. Due to transparency, a strong privacy notion, outsiders cannot see if the signature for a message was created by the signer or by the semi-trusted party. Accountability allows the signer to prove to outsiders if a message was original or touched by the semi-trusted party. Currently, block-level accountability requires to drop transparency. We allow for accountability for sanitizable signatures with transparency on the block-level. Additionally, we generalize the concept of block-level properties to groups. This offers a even more fine-grained control and leads to more efficient schemes. We prove that group-level definitions imply both the block-level and message-level notions. We derive a provably secure construction, achieving our enhanced notions. A further modification of our construction achieves efficient group-level non-interactive public accountability. This construction only requires a constant amount of signature generations to achieve this property. Finally, we have implemented our constructions and the scheme introduced by Brzuska et al. at PKC '09 and provide a detailed performance analysis of our reference implementations.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116176608","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Federated Identity Management and Usage Control - Obstacles to Industry Adoption 联邦身份管理和使用控制——行业采用的障碍
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.10
Jostein Jensen, Åsmund Ahlmann Nyre
{"title":"Federated Identity Management and Usage Control - Obstacles to Industry Adoption","authors":"Jostein Jensen, Åsmund Ahlmann Nyre","doi":"10.1109/ARES.2013.10","DOIUrl":"https://doi.org/10.1109/ARES.2013.10","url":null,"abstract":"Federated identity management and usage control technologies have received considerable attention from the research community during the past decade. We have investigated the views of, and attitudes towards, adopting federated identity management and usage control technologies in the oil and gas industry in Norway through two case studies. Although the industry combines extensive inter-organisational collaboration and information sharing with high demands for security, the adoption is thus far low. In this paper we review the results of the case studies jointly and attempt to give an industry-view on the obstacles to adoption. Further, we propose a set of strategies to overcome the obstacles and improve the rate of adoption. More empirical research should be carried out to complement the views put forth in this paper, and to supplement the suggested strategies to facilitate technology adoption.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127615953","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Detection of Hidden Fraudulent URLs within Trusted Sites Using Lexical Features 使用词法功能检测可信站点内隐藏的欺诈性url
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.31
E. Sorio, Alberto Bartoli, Eric Medvet
{"title":"Detection of Hidden Fraudulent URLs within Trusted Sites Using Lexical Features","authors":"E. Sorio, Alberto Bartoli, Eric Medvet","doi":"10.1109/ARES.2013.31","DOIUrl":"https://doi.org/10.1109/ARES.2013.31","url":null,"abstract":"Internet security threats often involve the fraudulent modification of a web site, often with the addition of new pages at URLs where no page should exist. Detecting the existence of such hidden URLs is very difficult because they do not appear during normal navigation and usually are not indexed by search engines. Most importantly, drive-by attacks leading users to hidden URLs, for example for phishing credentials, may fool even tech-savvy users, because such hidden URLs are increasingly hosted within trusted sites, thereby rendering HTTPS authentication ineffective. In this work, we propose an approach for detecting such URLs based only on their lexical features, which allows alerting the user before actually fetching the page. We assess our proposal on a dataset composed of thousands of URLs, with promising results.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114883227","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 16
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信