发布求助
文献互助 智能选刊 最新文献

2013 International Conference on Availability, Reliability and Security最新文献

筛选
英文 中文
IT Service Continuity: Achieving Embeddedness through Planning IT服务连续性:通过规划实现嵌入性
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.45
Marko Niemimaa, Jonna Järveläinen
{"title":"IT Service Continuity: Achieving Embeddedness through Planning","authors":"Marko Niemimaa, Jonna Järveläinen","doi":"10.1109/ARES.2013.45","DOIUrl":"https://doi.org/10.1109/ARES.2013.45","url":null,"abstract":"Business customers and regulations as well as different IT service management frameworks expect that IT services are continuously operating. A service interruption might have severe impact on customer relationships, business, sales or image of the company. Therefore, organisations spend enormous amounts of time in continuity and recovery planning for IT services, and several continuity planning methodologies have been introduced. However, the connection between continuity planning and continuity management is somewhat unclear, and embedding the continuity practices into organisations have not been discussed in detail in planning methodologies. This paper will focus on how IT service continuity planning embeds continuity by reviewing continuity planning methods. The continuity planning practices that influence achieving embedded ness are analysed from qualitative and quantitative data from large organisations operating in Finland. The findings suggest that a number of planning practices support the transition from planning to embedded ness, such as creating awareness, increasing commitment, integrating the continuity practices into organisational processes and learning from incidents.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130434744","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
On Selecting Critical Security Controls 关于选择关键安全控制
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.77
J. Breier, L. Hudec
{"title":"On Selecting Critical Security Controls","authors":"J. Breier, L. Hudec","doi":"10.1109/ARES.2013.77","DOIUrl":"https://doi.org/10.1109/ARES.2013.77","url":null,"abstract":"Selection of proper security controls is an important part of building a secure information infrastructure in an organization. There exist many databases of security controls, but the final selection is left on security managers that have to make decisions based on their skills and experience. In this paper, we propose a novel approach, based on grey relational analysis combined with the TOPSIS decision making method, providing a quantitative technique for the security controls selection and prioritization. Our method can help security managers more effectively perform their decisions in this field.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"93 2","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131771089","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
A Classifier of Malicious Android Applications 恶意Android应用程序分类器
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.80
G. Canfora, F. Mercaldo, C. A. Visaggio
{"title":"A Classifier of Malicious Android Applications","authors":"G. Canfora, F. Mercaldo, C. A. Visaggio","doi":"10.1109/ARES.2013.80","DOIUrl":"https://doi.org/10.1109/ARES.2013.80","url":null,"abstract":"Malware for smart phones is rapidly spreading out. This paper proposes a method for detecting malware based on three metrics, which evaluate: the occurrences of a specific subset of system calls, a weighted sum of a subset of permissions that the application required, and a set of combinations of permissions. The experimentation carried out suggests that these metrics are promising in detecting malware, but further improvements are needed to increase the quality of detection.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127909748","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 79
Resource Pool Oriented Trust Management for Cloud Infrastructure 面向资源池的云基础设施信任管理
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.35
Gansen Zhao, Haiyu Wang, Chunming Rong, Yong Tang
{"title":"Resource Pool Oriented Trust Management for Cloud Infrastructure","authors":"Gansen Zhao, Haiyu Wang, Chunming Rong, Yong Tang","doi":"10.1109/ARES.2013.35","DOIUrl":"https://doi.org/10.1109/ARES.2013.35","url":null,"abstract":"IaaS encourages pooled resource management model, which provides transparency on the management and provision of IT resources. The transparency, hiding physical details of the underlying resources, makes it difficult for cloud users/services to identify trusted resources for service deployment, resulting in potential risks of deploying critical services on untrusted resources. This paper proposes a pool oriented trust management mechanism for cloud infrastructures, allowing the construction and identification of trusted clusters consisted of trusted resources, with strict membership management to accept only trusted physical resources. Resources of a trusted cluster expose identical trust properties/attributes to cloud users, enabling users to verify the trust on the resources without the need of identifying individual physical resource. Hence, service deployment and migration can be augmented with the above trust verification to ensure that services are always deployed on trusted resources.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127951626","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Measuring Anonymity with Plausibilistic Entropy 用似然熵测量匿名性
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.19
I. Goriac
{"title":"Measuring Anonymity with Plausibilistic Entropy","authors":"I. Goriac","doi":"10.1109/ARES.2013.19","DOIUrl":"https://doi.org/10.1109/ARES.2013.19","url":null,"abstract":"To prove that a certain protocol provides a certain security property (e.g. anonymity) one must first formally define that property in the context of a logical framework capable of expressing the relevant aspects of that protocol and then perform the actual inference steps (preferably automatically). After the qualitative aspect of the property is successfully addressed the next issue is the strength of the property - how to express it quantitatively so that it can be compared both to some business requirements and to other implementing protocols. The framework that we build upon is the MAS epistemic logic introduced by Halpern and O'Neill in their approach for defining anonymity both possibilistically and probabilistically. Our contribution employs the highly general plausibilistic approach in order to provide a numeric measure for anonymity that can also be extended to other properties as well. We propose a formula for calculating a particular kind of entropy suited for characterising partially ordered sets used to define plausibility measures and, on top of it, a quantitative definition for anonymity. We believe that the theory presented here is capable of filling the gap between the very general qualitative definition of anonymity and the information intensive probabilistic approach that might not always be applicable.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121370184","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Validating Security Design Patterns Application Using Model Testing 使用模型测试验证安全设计模式应用程序
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.13
Takanori Kobashi, Nobukazu Yoshioka, T. Okubo, H. Kaiya, H. Washizaki, Y. Fukazawa
{"title":"Validating Security Design Patterns Application Using Model Testing","authors":"Takanori Kobashi, Nobukazu Yoshioka, T. Okubo, H. Kaiya, H. Washizaki, Y. Fukazawa","doi":"10.1109/ARES.2013.13","DOIUrl":"https://doi.org/10.1109/ARES.2013.13","url":null,"abstract":"Software developers are not necessarily security specialists, security patterns provide developers with the knowledge of security specialists. Although security patterns are reusable and include security knowledge, it is possible to inappropriately apply a security pattern or that a properly applied pattern does not mitigate threats and vulnerabilities. Herein we propose a method to validate security pattern applications. Our method provides extended security patterns, which include requirement- and design-level patterns as well as a new model testing process using these patterns. Developers specify the threats and vulnerabilities in the target system during an early stage of development, and then our method validates whether the security patterns are properly applied and assesses whether these vulnerabilities are resolved.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128610388","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
Pretty Understandable Democracy - A Secure and Understandable Internet Voting Scheme 相当可理解的民主-一个安全和可理解的互联网投票计划
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.27
Jurlind Budurushi, Stephan Neumann, M. Olembo, M. Volkamer
{"title":"Pretty Understandable Democracy - A Secure and Understandable Internet Voting Scheme","authors":"Jurlind Budurushi, Stephan Neumann, M. Olembo, M. Volkamer","doi":"10.1109/ARES.2013.27","DOIUrl":"https://doi.org/10.1109/ARES.2013.27","url":null,"abstract":"Internet voting continues to raise interest. A large number of Internet voting schemes are available, both in use, as well as in research literature. While these schemes are all based on different security models, most of these models are not adequate for high-stake elections. Furthermore, it is not known how to evaluate the understandability of these schemes (although this is important to enable voters' trust in the election result). Therefore, we propose and justify an adequate security model and criteria to evaluate understandability. We also describe an Internet voting scheme, Pretty Understandable Democracy, show that it satisfies the adequate security model and that it is more understandable than Pretty Good Democracy, currently the only scheme that also satisfies the proposed security model.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"90 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116817345","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 24
Probabilistic Contract Compliance for Mobile Applications 移动应用程序的概率合同遵从性
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.79
G. Dini, F. Martinelli, A. Saracino, D. Sgandurra
{"title":"Probabilistic Contract Compliance for Mobile Applications","authors":"G. Dini, F. Martinelli, A. Saracino, D. Sgandurra","doi":"10.1109/ARES.2013.79","DOIUrl":"https://doi.org/10.1109/ARES.2013.79","url":null,"abstract":"We propose PICARD (ProbabIlistic Contract on Android), a framework to generate probabilistic contracts to detect repackaged applications for Android smart phones. A contract describes the sequences of actions that an application is allowed to perform at run-time, i.e. its legal behavior. In PICARD, contracts are generated from the set of traces that represent the usage profile of the application. Both the contract and the application's run-time behavior are represented through clustered probabilistic automata. At run-time, the PICARD monitoring system verifies the compliance of the application trace with the contract. This approach is useful in detecting repackaged applications, whose behavior is strongly similar to the original application but it differs only from small paths in the traces. In this paper, we discuss the framework of PICARD for describing and generating contracts through probabilistic automata and introduce the notion of Action Node, a cluster of related system calls, used to represent high level operations. Then, we present a first set of preliminary experiments on repackaged applications, to evaluate the viability of the proposed approach.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116883986","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
An Ontology for Malware Analysis 恶意软件分析本体
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.73
David A. Mundie, David M. McIntire
{"title":"An Ontology for Malware Analysis","authors":"David A. Mundie, David M. McIntire","doi":"10.1109/ARES.2013.73","DOIUrl":"https://doi.org/10.1109/ARES.2013.73","url":null,"abstract":"Malware analysis is an information security field that needs a more scientific basis for communicating requirements, hiring, training, and retaining staff, building training curricula, and sharing information among analysis teams. Our group is building an OWL-based malware analysis ontology to provide that more scientific approach. We have built a malware analysis dictionary and taxonomy, and are currently combining those with a competency model with the goal of creating an ontology-based competency framework. This paper describes the state of the work and the methodology used.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117168453","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
Anonymizing Face Images by Using Similarity-Based Metric 基于相似度度量的人脸图像匿名化
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.68
Tomoya Muraki, Shintaro Oishi, Masatsugu Ichino, I. Echizen, H. Yoshiura
{"title":"Anonymizing Face Images by Using Similarity-Based Metric","authors":"Tomoya Muraki, Shintaro Oishi, Masatsugu Ichino, I. Echizen, H. Yoshiura","doi":"10.1109/ARES.2013.68","DOIUrl":"https://doi.org/10.1109/ARES.2013.68","url":null,"abstract":"Vast numbers of face images are posted and circulated daily on social network and photo-sharing sites. Some face images are linked to the person's name, like those on user profile pages, while others are anonymized due to privacy concerns. If an anonymized face image is linked to a named one, that person's privacy is infringed. One way to overcome this privacy problem is to anonymize face images when they are posted on social networks. However, current face anonymization methods fail to meet two key requirements: being provably secure against de-anonymization and enabling users to control the trade-off between security and usability (similarity to the original face) of the anonymized face images. We are developing a similarity-based method for face anonymization that meets both requirements in those cases where a new face image of a person is to be posted when many face images including those of that person are already posted. The basic idea is to hide the new face image in s face images that are equally similar to the face image of the same person. We theoretically demonstrated that the probability of an attacker correctly linking the anonymized face image to an image of the same person is less than 1/s. We also showed theoretically and confirmed experimentally, with 150 sample face images, that the larger the s, the less usable the anonymized face image. The security of our method holds in spite of future improvements in face recognition tools.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"125 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116647911","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信