发布求助
文献互助 智能选刊 最新文献

2015 10th International Conference on Availability, Reliability and Security最新文献

筛选
英文 中文
Optimizing IT Service Costs with Respect to the Availability Service Level Objective 根据可用性服务水平目标优化IT服务成本
2015 10th International Conference on Availability, Reliability and Security Pub Date : 2015-08-24 DOI: 10.1109/ARES.2015.11
Sascha Bosse, Matthias Splieth, K. Turowski
{"title":"Optimizing IT Service Costs with Respect to the Availability Service Level Objective","authors":"Sascha Bosse, Matthias Splieth, K. Turowski","doi":"10.1109/ARES.2015.11","DOIUrl":"https://doi.org/10.1109/ARES.2015.11","url":null,"abstract":"Meeting the availability service level objective while minimizing the costs of the IT service provision is a major challenge for IT service designers. In order to optimize component choices and redundancy mechanisms, the redundancy allocation problem (RAP) was defined. RAP solution algorithms support decision makers with (sub)optimal design configurations that trade-off availability and costs. However, the existing RAP definitions are not suitable for IT service design since they do not include inter-component dependencies such as common mode failures. Therefore, a RAP definition is provided in this paper in which the characteristics of modern IT systems such as standby mechanisms, performance degradation and generic dependencies are integrated. The RAP definition and an adapted genetic algorithm are applied to optimize the costs of an excerpt of an application service provider's IT system landscape. The results demonstrate that the developed approach is applicable and suitable to minimize IT service costs while fulfilling the availability guarantees that are documented in service level agreements.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131765142","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Advanced Identity and Access Policy Management Using Contextual Data 使用上下文数据的高级身份和访问策略管理
2015 10th International Conference on Availability, Reliability and Security Pub Date : 2015-08-24 DOI: 10.1109/ARES.2015.40
Matthias Hummer, Michael Kunz, M. Netter, L. Fuchs, G. Pernul
{"title":"Advanced Identity and Access Policy Management Using Contextual Data","authors":"Matthias Hummer, Michael Kunz, M. Netter, L. Fuchs, G. Pernul","doi":"10.1109/ARES.2015.40","DOIUrl":"https://doi.org/10.1109/ARES.2015.40","url":null,"abstract":"Due to compliance and IT security requirements, company-wide Identity and Access Management within organizations has gained significant importance in research and practice over the last years. Companies aim at standardizing user management policies in order to reduce administrative overhead and strengthen IT security. Despite of its relevance, hardly any supportive means for the automated detection and refinement as well as management of policies are available. As a result, policies outdate over time, leading to security vulnerabilities and inefficiencies. Existing research mainly focuses on policy detection without providing the required guidance for policy management. This paper closes the existing gap by proposing a Dynamic Policy Management Process which structures the activities required for policy management in Identity and Access Management environments. In contrast to current approaches it fosters the consideration of contextual user management data for policy detection and refinement and offers result visualization techniques that foster human understanding. In order to underline its applicability, this paper provides a naturalistic evaluation based on real-life data from a large industrial company.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"61 8","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131874273","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Advanced Attribute-Based Key Management for Mobile Devices in Hybrid Clouds 混合云中移动设备基于属性的高级密钥管理
2015 10th International Conference on Availability, Reliability and Security Pub Date : 2015-08-24 DOI: 10.1109/ARES.2015.27
Jaemin Park, Eunchan Kim, Sungjin Park, Cheoloh Kang
{"title":"Advanced Attribute-Based Key Management for Mobile Devices in Hybrid Clouds","authors":"Jaemin Park, Eunchan Kim, Sungjin Park, Cheoloh Kang","doi":"10.1109/ARES.2015.27","DOIUrl":"https://doi.org/10.1109/ARES.2015.27","url":null,"abstract":"Mobile cloud computing requires the efficient approach to access the outsourced data in public clouds due to resource scarceness of mobile devices. To this end, the outsourced data should be protected efficiently from being accessed in plaintext by unauthorized users and public clouds. User revocation should be appropriately managed to guarantee backward secrecy, collusion resistance, and key freshness. In this paper, we present AKMD (Advanced Attribute-based Key Management for Mobile Devices in Hybrid Clouds), an improved key management in hybrid clouds using cipher text-policy attribute-based encryption to allow only authorized users to access the outsourced data stored in public clouds while guaranteeing the efficiency by delegating the key management tasks to private clouds. We introduce new two procedures to handle user revocations, rekey of data encryption keys and policy renewal to support the backward secrecy and key freshness. Our implementation and analysis show that AKMD improves efficiency in security computations and key storage space for mobile devices and guarantees the improved security.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115152623","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Countermeasures for Covert Channel-Internal Control Protocols 隐蔽通道内部控制协议的对策
2015 10th International Conference on Availability, Reliability and Security Pub Date : 2015-08-24 DOI: 10.1109/ARES.2015.88
J. Kaur, S. Wendzel, M. Meier
{"title":"Countermeasures for Covert Channel-Internal Control Protocols","authors":"J. Kaur, S. Wendzel, M. Meier","doi":"10.1109/ARES.2015.88","DOIUrl":"https://doi.org/10.1109/ARES.2015.88","url":null,"abstract":"Network covert channels have become a sophisticated means for transferring hidden information over the network, and thereby breaking the security policy of a system. Covert channel-internal control protocols, called micro protocols, have been introduced in the recent years to enhance capabilities of network covert channels. Micro protocols are usually placed within the hidden bits of a covert channel's payload and enable features such as reliable data transfer, session management, and dynamic routing for network covert channels. These features provide adaptive and stealthy communication channels for malware, especially bot nets. Although many techniques are available to counter network covert channels, these techniques are insufficient for countering micro protocols. In this paper, we present the first work to categorize and implement possible countermeasures for micro protocols that can ultimately break sophisticated covert channel communication. The key aspect of proposing these countermeasures is based on the interaction with the micro protocol. We implemented the countermeasures for two micro protocol-based tools: Ping Tunnel and Smart Covert Channel Tool. The results show that our techniques are able to counter micro protocols in an effective manner compared to current mechanisms, which do not target micro protocol-specific behavior.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114349174","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
On the Isofunctionality of Network Access Control Lists 浅谈网络访问控制列表的功能
2015 10th International Conference on Availability, Reliability and Security Pub Date : 2015-08-24 DOI: 10.1109/ARES.2015.78
Malek Belhaouane, Joaquín García, Hervé Debar
{"title":"On the Isofunctionality of Network Access Control Lists","authors":"Malek Belhaouane, Joaquín García, Hervé Debar","doi":"10.1109/ARES.2015.78","DOIUrl":"https://doi.org/10.1109/ARES.2015.78","url":null,"abstract":"In a networking context, Access Control Lists (ACLs) refer to security rules associated to network equipment, such as routers, switches and firewalls. Methods and tools to automate the management of ACLs distributed among several equipment shall verify if the corresponding ACLs are functionally equivalent. In this paper, we address such a verification process. We present a formal method to verify when two ACLs are iso functional and illustrate our proposal over a practical example.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115320128","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Securing Web Applications with Better "Patches": An Architectural Approach for Systematic Input Validation with Security Patterns 用更好的“补丁”保护Web应用程序:使用安全模式进行系统输入验证的体系结构方法
2015 10th International Conference on Availability, Reliability and Security Pub Date : 2015-08-24 DOI: 10.1109/ARES.2015.106
J.-W. Sohn, J. Ryoo
{"title":"Securing Web Applications with Better \"Patches\": An Architectural Approach for Systematic Input Validation with Security Patterns","authors":"J.-W. Sohn, J. Ryoo","doi":"10.1109/ARES.2015.106","DOIUrl":"https://doi.org/10.1109/ARES.2015.106","url":null,"abstract":"Some of the most rampant problems in software security originate from improper input validation. This is partly due to ad hoc approaches taken by software developers when dealing with user inputs. Therefore, it is a crucial research question in software security to ask how to effectively apply well-known input validation and sanitization techniques against security attacks exploiting the user input-related weaknesses found in software. This paper examines the current ways of how input validation is conducted in major open-source projects and attempts to confirm the main source of the problem as these ad hoc responses to the input validation-related attacks such as SQL injection and cross-site scripting (XSS) attacks through a case study. In addition, we propose a more systematic software security approach by promoting the adoption of proactive, architectural design-based solutions to move away from the current practice of chronic vulnerability-centric and reactive approaches.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"96 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122554611","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Modeling Fraud Prevention of Online Services Using Incident Response Trees and Value at Risk 利用事件响应树和风险值对在线服务的欺诈预防建模
2015 10th International Conference on Availability, Reliability and Security Pub Date : 2015-08-24 DOI: 10.1109/ARES.2015.17
D. Gorton
{"title":"Modeling Fraud Prevention of Online Services Using Incident Response Trees and Value at Risk","authors":"D. Gorton","doi":"10.1109/ARES.2015.17","DOIUrl":"https://doi.org/10.1109/ARES.2015.17","url":null,"abstract":"Authorities like the Federal Financial Institutions Examination Council in the US and the European Central Bank in Europe have stepped up their expected minimum security requirements for financial institutions, including the requirements for risk analysis. In a previous article, we introduced a visual tool and a systematic way to estimate the probability of a successful incident response process, which we called an incident response tree (IRT). In this article, we present several scenarios using the IRT which could be used in a risk analysis of online financial services concerning fraud prevention. By minimizing the problem of underreporting, we are able to calculate the conditional probabilities of prevention, detection, and response in the incident response process of a financial institution. We also introduce a quantitative model for estimating expected loss from fraud, and conditional fraud value at risk, which enables a direct comparison of risk among online banking channels in a multi-channel environment.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"170 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128646193","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
How Much Cloud Can You Handle? 你能处理多少云?
2015 10th International Conference on Availability, Reliability and Security Pub Date : 2015-08-24 DOI: 10.1109/ARES.2015.38
M. Jaatun, Inger Anne Tøndel
{"title":"How Much Cloud Can You Handle?","authors":"M. Jaatun, Inger Anne Tøndel","doi":"10.1109/ARES.2015.38","DOIUrl":"https://doi.org/10.1109/ARES.2015.38","url":null,"abstract":"Outsourcing computing and storage to the cloud does not eliminate the need for handling of information security incidents. However, the long provider chains and unclear responsibilities in the cloud make incident response difficult. In this paper we present results from interviews in critical infrastructure organisations that highlight incident handling needs that would apply to cloud customers, and suggest mechanisms that facilitate inter-provider collaboration in handling of incidents in the cloud, improving the accountability of the cloud service providers.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130892700","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Virtual Machine Introspection: Techniques and Applications 虚拟机自省:技术和应用
2015 10th International Conference on Availability, Reliability and Security Pub Date : 2015-08-24 DOI: 10.1109/ARES.2015.43
Yacine Hebbal, S. Laniepce, Jean-Marc Menaud
{"title":"Virtual Machine Introspection: Techniques and Applications","authors":"Yacine Hebbal, S. Laniepce, Jean-Marc Menaud","doi":"10.1109/ARES.2015.43","DOIUrl":"https://doi.org/10.1109/ARES.2015.43","url":null,"abstract":"Virtual Machine Introspection (VMI) is a technique that enables monitoring virtual machines at the hypervisor layer. This monitoring concept has gained recently a considerable focus in computer security research due to its complete but semantic less visibility on virtual machines activities and isolation from them. VMI works range from addressing the semantic gap problem to leveraging explored VMI techniques in order to provide novel hypervisor-based services that belong to different fields. This paper aims to survey and classify existing VMI techniques and their applications.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128863768","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 47
Enabling Constraints and Dynamic Preventive Access Control Policy Enforcement in the Cloud 在云中启用约束和动态预防性访问控制策略实施
2015 10th International Conference on Availability, Reliability and Security Pub Date : 2015-08-24 DOI: 10.1109/ARES.2015.33
S. Fugkeaw, Hiroyuki Sato
{"title":"Enabling Constraints and Dynamic Preventive Access Control Policy Enforcement in the Cloud","authors":"S. Fugkeaw, Hiroyuki Sato","doi":"10.1109/ARES.2015.33","DOIUrl":"https://doi.org/10.1109/ARES.2015.33","url":null,"abstract":"Existing access control solutions applying Cipher text Policy Attribute based Encryption (CP-ABE) scheme usually rely on the static access enforcement based on the access control policy. In real-world scenario, the static pattern of access control policy may not be sufficient to effectively respond the security problems or advanced access control requirements. In this paper, we enhance our collaborative access control model: C-CP-ARBE, to be capable to support a more rigorous access control with security constraints and preventive access policy (PAP) enforcement feature. To this end, we design constraints specification model and PAP enforcement scheme in multi-authority cloud storage systems. We employ Multi-Agent System (MAS) to automate the authentication and authorization function as well as to increase the performance of overall cryptographic processes. As of MAS concept, the scalability and separation of security functions of our access control system are enhanced. Finally, we present the experiments to demonstrate the improved efficiency and practicality of our proposed scheme.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"150 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116342348","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信