发布求助
文献互助 智能选刊 最新文献

2013 International Conference on Availability, Reliability and Security最新文献

筛选
英文 中文
Evaluation of Airport Security Training Programs: Perspectives and Issues 机场保安培训计划的评估:观点和问题
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.100
W. Shim, F. Massacci, M. D. Gramatica, A. Tedeschi, A. Pollini
{"title":"Evaluation of Airport Security Training Programs: Perspectives and Issues","authors":"W. Shim, F. Massacci, M. D. Gramatica, A. Tedeschi, A. Pollini","doi":"10.1109/ARES.2013.100","DOIUrl":"https://doi.org/10.1109/ARES.2013.100","url":null,"abstract":"While many governments and airport operators have emphasized the importance of security training and committed a large amount of budget to security training programs, the implementation of security training programs was not proactive but reactive. Moreover, most of the security training programs were employed as a demand or a trend-chasing activity from the government. In order to identify issues in airport security training and to develop desirable security training procedures in an airport, this preliminary study aims at providing (1) the description of current state of airport security training and training in general, (2) the study design and interview guide for studying airport security training, and (3) expected outcome from the study.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"296 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115426352","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Reconsidering Intrusion Monitoring Requirements in Shared Cloud Platforms 重新考虑共享云平台中的入侵监控需求
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.83
Kahina Lazri, S. Laniepce, J. Ben-othman
{"title":"Reconsidering Intrusion Monitoring Requirements in Shared Cloud Platforms","authors":"Kahina Lazri, S. Laniepce, J. Ben-othman","doi":"10.1109/ARES.2013.83","DOIUrl":"https://doi.org/10.1109/ARES.2013.83","url":null,"abstract":"Multi-tenancy is the core feature that enables efficiency and cost effectiveness of cloud computing. However, it brings several new security concerns. Ensuring 'strong isolation' between co-localized tenants remains the most critical issue. This work aims at highlighting new attack strategies brought by the resource sharing paradigm in multi-tenant elastic IaaS Clouds in order to understand impacts of these attacks on the design of Intrusion Detection Systems in Cloud. The first part of this paper surveys the literature related to accepted vulnerabilities. Several Proofs of Concept are described and classified according to the results of the exploitation of these vulnerabilities. In the second part, we argue the existence of new attack strategies able to take advantage of the mechanisms which enable autonomic elasticity. These mechanisms are by nature sensitive to VMs resource consumption which can be easily manipulated by attacks. Finally, we give a representation of the presented vulnerabilities to engage a discussion on the limitations of pure user-centric security monitoring approaches for guaranteeing VM security.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115452285","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Social Issues of Big Data and Cloud: Privacy, Confidentiality, and Public Utility 大数据与云的社会问题:隐私、保密与公用事业
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.66
Koichiro Hayashi
{"title":"Social Issues of Big Data and Cloud: Privacy, Confidentiality, and Public Utility","authors":"Koichiro Hayashi","doi":"10.1109/ARES.2013.66","DOIUrl":"https://doi.org/10.1109/ARES.2013.66","url":null,"abstract":"Business people and academia are now excited about Big Data and Cloud Computing as the new and most innovative means for enhancing productivity and customer satisfaction. Simultaneously, there are strong concerns about privacy not only among privacy advocates but among consumers in general, and how to strike a right balance is the main theme in every field of science. However, it is quite strange that very little attention has been paid to the concept of confidentiality, which must be the core element of privacy. This paper first tries to analyze the following two dichotomies as a basis for possible policy considerations: (1) privacy approach in the United States versus confidentiality approach in the United Kingdom, though they share the same common law tradition, and (2) clear demarcation between Information Service and Telecommunications in the United States, dating back to the Computer Inquiry in the 1970s. This paper also analyzes the features of the Cloud and discusses the possibility of treating it as a new type of Public Utility, namely Information Utility. This hypothesis should be rejected, because there are crucial differences in market structures, regardless of clear similarities in service features. Instead, this paper emphasizes the necessity of protecting confidentiality as an industrial norm. Taking into account the long tradition of free market for computing industries, self-regulation is basically preferable to government regulation. But from a different viewpoint of \"nudge\", a hybrid combination of libertarianism and paternalism, this paper concludes by proposing five short recommendations including fair contract terms as well as unbundling confidentiality from privacy.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"929 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126079160","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
A Reference Model of Information Assurance & Security 信息保障的参考模型安全
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.72
Yulia Cherdantseva, Jeremy Hilton
{"title":"A Reference Model of Information Assurance & Security","authors":"Yulia Cherdantseva, Jeremy Hilton","doi":"10.1109/ARES.2013.72","DOIUrl":"https://doi.org/10.1109/ARES.2013.72","url":null,"abstract":"Information Assurance & Security (IAS) is a dynamic domain which changes continuously in response to the evolution of society, business needs and technology. This paper proposes a Reference Model of Information Assurance & Security (RMIAS), which endeavours to address the recent trends in the IAS evolution, namely diversification and deperimetrisation. The model incorporates four dimensions: Information System Security Life Cycle, Information Taxonomy, Security Goals and Security Countermeasures. In addition to the descriptive knowledge, the RMIAS embeds the methodological knowledge. A case study demonstrate show the RMIAS assists with the development and revision of an Information Security Policy Document.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126863534","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 133
A Generation Method of Cryptographic Keys for Enterprise Communication Systems 企业通信系统密钥的生成方法
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.54
Aleksandar Hudic, E. Revell, D. Simos
{"title":"A Generation Method of Cryptographic Keys for Enterprise Communication Systems","authors":"Aleksandar Hudic, E. Revell, D. Simos","doi":"10.1109/ARES.2013.54","DOIUrl":"https://doi.org/10.1109/ARES.2013.54","url":null,"abstract":"In this work, we initially describe a method patented in cite{Revell2012} for key generation in a symmetric channel between different nodes that are located within a trusted network. In the aftermath, we describe the different phases of the invented method in cryptographic terms and we analyze security aspects with respect to a proper implementation. We conclude by giving some arguments that justify the usage of this method in enterprise communication systems.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"50 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121714127","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Model-Based Generation of Synthetic Disk Images for Digital Forensic Tool Testing 基于模型的数字取证工具合成磁盘图像生成
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.65
York Yannikos, Christian Winter
{"title":"Model-Based Generation of Synthetic Disk Images for Digital Forensic Tool Testing","authors":"York Yannikos, Christian Winter","doi":"10.1109/ARES.2013.65","DOIUrl":"https://doi.org/10.1109/ARES.2013.65","url":null,"abstract":"Testing digital forensic tools is important to determine relevant tool properties like effectiveness and efficiency. Since many different forensic tool categories exist, different testing techniques and especially suitable test data are required. Considering test data for disk analysis and data recovery tools, synthetic disk images provide significant advantages compared to disk images created from real-world storage devices. In this work we propose a framework for generating synthetic disk images for testing digital forensic analysis tools. The framework provides functionality for building models of real-world scenarios in which data on a storage device like a hard disk is created, changed, or deleted. Using such a model our framework allows simulating actions specified in the model in order to generate synthetic disk images with realistic characteristics. These disk images can then be used for testing the performance of forensic disk analysis and data recovery tools.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124705750","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Secure Engineering and Modelling of a Metering Devices System 计量装置系统的安全工程与建模
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.56
J. Ruiz, M. Arjona, A. Maña, N. Carstens
{"title":"Secure Engineering and Modelling of a Metering Devices System","authors":"J. Ruiz, M. Arjona, A. Maña, N. Carstens","doi":"10.1109/ARES.2013.56","DOIUrl":"https://doi.org/10.1109/ARES.2013.56","url":null,"abstract":"This paper presents a security engineering process for the modelling of security-sensitive systems using a real use case of metering devices. The process provides a security framework that can be used with other existing processes (such as the agile ones). It helps to develop and model systems bearing in mind their heterogeneity, real-time and dynamic behaviors. Besides, due to the critical nature of some of these systems (nuclear, emergency systems, military, etc.) it provides tools for identifying, working and solving security threats by using the knowledge of domain experts. This is very important because threats, properties, solutions, etc. that are valid or relevant in a given domain, are not applicable to other domains and are subject to constant changes. The security requirements of the systems are fulfilled by means of domain-specific security knowledge. These artefacts contain the specific information of a domain (security properties, elements, assumptions, threats, tests, etc.). The solutions are presented as Security Patterns. Each one describes an implementation solution by using one or several Security Building Blocks (SBBs). The security engineering process presented here describes how to model a security-enhanced system model using a library of domain security knowledge. The process has been developed along with a Magic Draw plugin that covers all the possible functionalities, making the work with the models and the security elements very simple and easy for the user.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133672376","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
On Secure Multi-party Computation in Bandwidth-Limited Smart-Meter Systems 有限带宽智能电表系统中的安全多方计算研究
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.137
Mario Kirschbaum, Thomas Plos, Jörn-Marc Schmidt
{"title":"On Secure Multi-party Computation in Bandwidth-Limited Smart-Meter Systems","authors":"Mario Kirschbaum, Thomas Plos, Jörn-Marc Schmidt","doi":"10.1109/ARES.2013.137","DOIUrl":"https://doi.org/10.1109/ARES.2013.137","url":null,"abstract":"The emergence of decentralized energy production pushes the deployment of smart-grid solutions. While the availability of fine-grained consumption data via smart-meter measurements provides several advantages for energy providers (e.g., grid automation, accurate forecasts), they also raise concerns about the privacy of the users. In this paper we present an efficient and privacy-aware communication protocol for future smart-grid solutions. The protocol is based on secure multi-party computation (SMC) and allows deducing the aggregated consumption data of a group of smart meters without disclosing the consumption data of individual smart meters. Moreover, by using a special initialization phase the communication effort is significantly reduced compared to classical SMC-based approaches. For aggregating the consumption data of 100 smart meters, our proposed protocol requires less than one second when assuming a communication bandwidth of 100, kbits/s.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117212429","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
GVScan: Scanning Networks for Global Vulnerabilities GVScan:扫描网络以查找全局漏洞
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.88
F. Baiardi, Fabio Corò, F. Tonelli, Luca Guidi
{"title":"GVScan: Scanning Networks for Global Vulnerabilities","authors":"F. Baiardi, Fabio Corò, F. Tonelli, Luca Guidi","doi":"10.1109/ARES.2013.88","DOIUrl":"https://doi.org/10.1109/ARES.2013.88","url":null,"abstract":"A global vulnerability is a set of vulnerabilities in one or several nodes of an ICT infrastructure. These vulnerabilities enable some attacks that may be sequentialized so that the privileges that each attack requires are acquired through the previous ones. Current vulnerability scanners cannot discover global vulnerabilities because they analyze each node in isolation, without correlating the vulnerabilities in the same or in distinct nodes. To discover global vulnerabilities, an analysis has to correlate node vulnerabilities according to the architecture and the topology of the infrastructure. After defining a formal analysis to discover global vulnerabilities and the corresponding attack sequences, we present GVScan, a tool to automate the analysis based upon a classification of vulnerabilities. A first application of GVScan to a real infrastructure is described together with an evaluation of its accuracy.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114281755","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 23
Modelling and Analysis of Release Order of Security Algorithms Using Stochastic Petri Nets 基于随机Petri网的安全算法释放顺序建模与分析
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.58
Suliman A. Alsuhibany, A. Moorsel
{"title":"Modelling and Analysis of Release Order of Security Algorithms Using Stochastic Petri Nets","authors":"Suliman A. Alsuhibany, A. Moorsel","doi":"10.1109/ARES.2013.58","DOIUrl":"https://doi.org/10.1109/ARES.2013.58","url":null,"abstract":"While security algorithms are utilized to protect system resources from misuse, using a single algorithm such as CAPTCHAs and Spam-Filters as a defence mechanism can work to protect a system against current attacks. However, as attackers learn from their attempts, this algorithm will eventually become useless and the system is no longer protected. We propose to look at a set of algorithms as a combined defence mechanism to maximize the time taken by attackers to break a system. When studying sets of algorithms, diverse issues arise in terms of how to construct them and in which order or in which combination to release them. In this paper, we propose a model based on Stochastic Petri Nets, which describe the interaction between an attacker, the set of algorithms used by a system, and the knowledge gained by the attacker with each attack. In particular, we investigate the interleaving of dependent algorithms, which have overlapping rules, with independent algorithms, which have a disjoint set of rules. Based on the proposed model, we have analyzed and evaluated how the order can impact the time taken by an attacker to break a set of algorithms. Given the mean time to security failure (MTTSF) for a system to reach a failure state, we identify an improved approach to the release order of a set of algorithms in terms of maximizing the time taken by the attacker to break them. Further, we show a prediction of the attacker's knowledge acquisition progress during the attack process.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122461878","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信