发布求助
文献互助 智能选刊 最新文献

2013 International Conference on Availability, Reliability and Security最新文献

筛选
英文 中文
Collaborative Security Management: Developing Ideas in Security Management for Air Traffic Control 协同安全管理:空中交通管制安全管理的发展思路
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.107
M. Hawley, P. Howard, R. Koelle, Peter Saxton
{"title":"Collaborative Security Management: Developing Ideas in Security Management for Air Traffic Control","authors":"M. Hawley, P. Howard, R. Koelle, Peter Saxton","doi":"10.1109/ARES.2013.107","DOIUrl":"https://doi.org/10.1109/ARES.2013.107","url":null,"abstract":"Air Traffic Management (ATM) could benefit from a collaborative approach to security management, particularly to improve situational awareness, quantitative risk assessments and the governance of security. Collaboration between organisations is becoming increasingly important in air traffic control as well as security in general. This emphasises the need to adapt security cultures from 'need to know' towards more direct sharing of knowledge and skills. An additional imperative for the air traffic management sector is that as operations and systems become increasingly integrated, Air Navigation Service Providers (ANSPs) become critically dependent on each other. Hence security of the organisation is bound with the security of the whole European system. To create a successful collaborative approach, security managers will need to adopt collaborative leadership skills and approaches. This can be achieved in an evolutionary way, which grows as the challenges to security become more demanding and complex, as the ATM system is modernised.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"107 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115381052","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Beyond Traceability: Compared Approaches to Consistent Security Risk Assessments 超越可追溯性:一致安全风险评估的比较方法
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.109
F. Bergomi, S. Paul, Bjørnar Solhaug, Raphaël Vignon-Davillier
{"title":"Beyond Traceability: Compared Approaches to Consistent Security Risk Assessments","authors":"F. Bergomi, S. Paul, Bjørnar Solhaug, Raphaël Vignon-Davillier","doi":"10.1109/ARES.2013.109","DOIUrl":"https://doi.org/10.1109/ARES.2013.109","url":null,"abstract":"As military and civil software-intensive information systems grow and become more and more complex, structured approaches, called architecture frameworks (AF), were developed to support their engineering. The concepts of these approaches were standardised under ISO/IEC 42010 - Systems and Software Engineering - Architecture Description. An Architecture Description is composed of Views, where each View addresses one or more engineering concerns. As mentioned in the standard, a multi-viewpoint approach requires the capacity to capture the different views, and maintain their mutual consistency. This paper addresses primarily the problem of integrating a model-based security risk assessment view to the mainstream system engineering view(s) and, to a lesser extent, the problem of maintaining the overall consistency of the views. Both business stakes and technical means are studied. We present two specific approaches, namely CORAS and Rinforzando. Both come with techniques and tool support to facilitate security risk assessment of complex and evolving critical infrastructures, such as ATM systems. The former approach offers static import/export relationships between artefacts, whereas the latter offers dynamic relationships. The pros and cons of each technical approach are discussed.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"94 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131478575","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Automated Synthesis and Ranking of Secure BPMN Orchestrators 安全BPMN协调器的自动合成和排序
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.4018/ijsse.2014040103
V. Ciancia, José Antonio Martín, F. Martinelli, I. Matteucci, M. Petrocchi, E. Pimentel
{"title":"Automated Synthesis and Ranking of Secure BPMN Orchestrators","authors":"V. Ciancia, José Antonio Martín, F. Martinelli, I. Matteucci, M. Petrocchi, E. Pimentel","doi":"10.4018/ijsse.2014040103","DOIUrl":"https://doi.org/10.4018/ijsse.2014040103","url":null,"abstract":"We describe a formal methodology for the automatic synthesis of a secure orchestrator for a set of BPMN processes. The synthesized orchestrator is able to guarantee that all the processes that are started reach their end, and the resulting orchestrator process is secure, that is, it does not allow discloure of certain secret messages. In this work we present an implementation of a forth and back translation from BPMN to crypto-CCS, in such a way to exploit the PaMoChSA tool for synthesizing orchestrators. Furthermore, we study the problem of ranking orchestrators based on quantitative valuations of a process, and on the temporal evolution of such valuations and their security, as a function of the knowledge of the attacker.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114520722","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
A Reputation-Based Clustering Mechanism for MANET Routing Security 基于声誉的MANET路由安全聚类机制
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.42
Aida Ben Chehida Douss, Ryma Abassi, S. Fatmi
{"title":"A Reputation-Based Clustering Mechanism for MANET Routing Security","authors":"Aida Ben Chehida Douss, Ryma Abassi, S. Fatmi","doi":"10.1109/ARES.2013.42","DOIUrl":"https://doi.org/10.1109/ARES.2013.42","url":null,"abstract":"A Mobile Ad hoc NETwork (MANET) is a collection of mobile nodes having no fixed topology and cooperating with each other. Due to these particularities, classical routing protocols cannot be used and some specific ones have been proposed. Because routing process is fundamental in a MANET deployment, it constitutes a privileged target of attackers. In this paper we propose a novel reputation-based clustering mechanism to locate malicious nodes and isolate them. In order to reduce network overhead and to handle network topology dynamicity, the proposed mechanism is based on a specific clustering environment. The clustering maintenance complexity is for its part reduced by the use of a reputation based delegation process allowing the cluster-head to delegate its privileges to a chosen cluster member in case of displacement or lack of energy. Moreover, node's reputation handling allows the detection and isolation of malicious nodes. Five modules constitute this mechanism: a monitoring module to detect malicious nodes, a reputation module to update reputation values, an isolation module to discard malicious nodes, an identity recognition module to assess alerts sources and a delegation module to allow clusterhead privileges delegation.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"194 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124316486","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 16
Sink or SWIM: Information Security Requirements in the Sky 下沉或游泳:天空中的信息安全要求
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.106
M. Jaatun, Tor Erlend Fægri
{"title":"Sink or SWIM: Information Security Requirements in the Sky","authors":"M. Jaatun, Tor Erlend Fægri","doi":"10.1109/ARES.2013.106","DOIUrl":"https://doi.org/10.1109/ARES.2013.106","url":null,"abstract":"Despite the inherently cooperative nature of air traffic control, the ICT infrastructure supporting it has, metaphorically speaking, largely remained isolated islands of technology. To this day, most of the interaction between ATM centers is based on voice and point-to-point data communication. Speed and accuracy of coordination is thus frequently limited by human capacities. This also imposes severe restrictions on the scale of coordination efforts among ATM centers. There are, however, changes underway. The main ambition of the System-Wide Information Management (SWIM) concept is to realize a European-wide network of interconnected ATM systems that promises, among other things, to bring substantial gains in efficiency of coordination and improved utilization of valuable airspace. This paper presents challenges, approaches and experiences from ongoing work on security requirements within SWIM.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125050508","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
iOS Forensics: How Can We Recover Deleted Image Files with Timestamp in a Forensically Sound Manner? iOS取证:我们如何恢复删除的图像文件与时间戳在法医声音的方式?
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.50
A. Ariffin, Christian D'Orazio, Kim-Kwang Raymond Choo, J. Slay
{"title":"iOS Forensics: How Can We Recover Deleted Image Files with Timestamp in a Forensically Sound Manner?","authors":"A. Ariffin, Christian D'Orazio, Kim-Kwang Raymond Choo, J. Slay","doi":"10.1109/ARES.2013.50","DOIUrl":"https://doi.org/10.1109/ARES.2013.50","url":null,"abstract":"IOS devices generally allow users to synch their images (pictures) and video files using iTunes between Apple products (e.g. an iPhone and a Mac Book Pro). Recovering deleted images, particularly in a forensically sound manner, from iOS devices can be an expensive and challenging exercise (due to the hierarchical encrypted file system, etc). In this paper, we propose an operational technique that allows digital forensic practitioners to recover deleted image files by referring to iOS journaling file system. Using an iPhone as a case study, we then conduct a forensic analysis to validate our proposed technique.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116310873","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 22
An Approach Based on Model-Driven Engineering to Define Security Policies Using OrBAC 基于模型驱动工程的OrBAC安全策略定义方法
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.44
Denisse Muñante Arzapalo, L. Gallon, P. Aniorté
{"title":"An Approach Based on Model-Driven Engineering to Define Security Policies Using OrBAC","authors":"Denisse Muñante Arzapalo, L. Gallon, P. Aniorté","doi":"10.1109/ARES.2013.44","DOIUrl":"https://doi.org/10.1109/ARES.2013.44","url":null,"abstract":"In the field of access control, many security breaches occur because of a lack of early means to evaluate if access control policies are adequate to satisfy privileges requested by subjects which try to perform actions on objects. This paper proposes an approach based on UMLsec, to tackle this problem. We propose to extend UMLsec, and to add OrBAC elements. In particular, we add the notions of context, inheritance and separation. We also propose a methodology for modeling a security policy and assessing the security policy modeled, based on the use of MotOrBAC. This assessment is proposed in order to guarantee security policies are well-formed, to analyse potential conflicts, and to simulate a real situation.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126610867","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Model-Assisted Access Control Implementation for Code-centric Ruby-on-Rails Web Application Development 以代码为中心的Ruby-on-Rails Web应用程序开发的模型辅助访问控制实现
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.47
S. Munetoh, Nobukazu Yoshioka
{"title":"Model-Assisted Access Control Implementation for Code-centric Ruby-on-Rails Web Application Development","authors":"S. Munetoh, Nobukazu Yoshioka","doi":"10.1109/ARES.2013.47","DOIUrl":"https://doi.org/10.1109/ARES.2013.47","url":null,"abstract":"In a Web application framework suitable for a code-centric development approach, maintaining the faultlessness of the security features is an issue because the security features are dispersed throughout the code during the implementation. In this paper, we propose a method and develop a static verification tool for Web applications that checks the completeness of the security features implementation. The tool generates a navigation model from an application code while retaining the security properties and then checks the consistency of the security properties on the model since access control is relevant to the application behavior. We applied the proposed tool to various Ruby on Rails Web application source codes and then tested their authentication and authorization features. Results showed that the tool is an effective aid in the implementation of security features in code-centric and iterative Web application development.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"50 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127120049","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Isolation of Malicious External Inputs in a Security Focused Adaptive Execution Environment 在以安全为重点的自适应执行环境中隔离恶意外部输入
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.15
Aaron M. Paulos, P. Pal, R. Schantz, B. Benyo, David Johnson, Mike Hibler, E. Eide
{"title":"Isolation of Malicious External Inputs in a Security Focused Adaptive Execution Environment","authors":"Aaron M. Paulos, P. Pal, R. Schantz, B. Benyo, David Johnson, Mike Hibler, E. Eide","doi":"10.1109/ARES.2013.15","DOIUrl":"https://doi.org/10.1109/ARES.2013.15","url":null,"abstract":"Reliable isolation of malicious application inputs is necessary for preventing the future success of an observed novel attack after the initial incident. In this paper we describe, measure and analyze, Input-Reduction, a technique that can quickly isolate malicious external inputs that embody unforeseen and potentially novel attacks, from other benign application inputs. The Input-Reduction technique is integrated into an advanced, security-focused, and adaptive execution environment that automates diagnosis and repair. In experiments we show that Input-Reduction is highly accurate and efficient in isolating attack inputs and determining casual relations between inputs. We also measure and show that the cost incurred by key services that support reliable reproduction and fast attack isolation is reasonable in the adaptive execution environment.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126589488","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Towards Web-Based Biometric Systems Using Personal Browsing Interests 基于个人浏览兴趣的基于网络的生物识别系统
2013 International Conference on Availability, Reliability and Security Pub Date : 2013-09-02 DOI: 10.1109/ARES.2013.36
Lukasz Olejnik, C. Castelluccia
{"title":"Towards Web-Based Biometric Systems Using Personal Browsing Interests","authors":"Lukasz Olejnik, C. Castelluccia","doi":"10.1109/ARES.2013.36","DOIUrl":"https://doi.org/10.1109/ARES.2013.36","url":null,"abstract":"We investigate the potential to use browsing habits and browser history as a new authentication and identification system for the Web with potential applications to anomaly and fraud detection. For the first time, we provide an empirical analysis using data from $4,578$ users. We employ the traditional biometric analysis and show that the False Acceptance Rate can be low ($FAR=1.1%$), though this results in a relatively high False Rejection Rate ($FRR=13.8%$). The scheme may either be utilized by Web service providers (with access to user's browser history) or any Webmaster, using other specialized techniques such as timing-based browser cache sniffing or a browser extension. We construct such a proof-of-concept extension.","PeriodicalId":302747,"journal":{"name":"2013 International Conference on Availability, Reliability and Security","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122568600","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信