发布求助
文献互助 智能选刊 最新文献

2008 Third International Conference on Risks and Security of Internet and Systems最新文献

筛选
英文 中文
Policy-based intrusion detection in Web applications by monitoring Java information flows 通过监视Java信息流在Web应用程序中进行基于策略的入侵检测
2008 Third International Conference on Risks and Security of Internet and Systems Pub Date : 2008-10-28 DOI: 10.1504/IJICS.2009.031040
Guillaume Hiet, Valérie Viet Triem Tong, L. Mé, B. Morin
{"title":"Policy-based intrusion detection in Web applications by monitoring Java information flows","authors":"Guillaume Hiet, Valérie Viet Triem Tong, L. Mé, B. Morin","doi":"10.1504/IJICS.2009.031040","DOIUrl":"https://doi.org/10.1504/IJICS.2009.031040","url":null,"abstract":"This article focuses on intrusion detection in systems using Web applications and COTS. We present a solution that combines policy-based intrusion detection and information flow control. We describe JBlare, an inline Java monitor that tracks inter-method flows in Java applications. This monitor collaborates with Blare, a monitor that tracks information flow in the whole system at the OS-level. The combination of these two detectors constitutes a policy-based Intrusion Detection System that can address a wide range of attacks.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114235686","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 24
Towards a new user Anonymity Preserving Protocol (APP) for MANETs 面向manet的新型用户匿名保护协议(APP)
2008 Third International Conference on Risks and Security of Internet and Systems Pub Date : 2008-10-01 DOI: 10.1109/CRISIS.2008.4757485
Nadia Chalabi, A. M'hamed, B. Messabih
{"title":"Towards a new user Anonymity Preserving Protocol (APP) for MANETs","authors":"Nadia Chalabi, A. M'hamed, B. Messabih","doi":"10.1109/CRISIS.2008.4757485","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757485","url":null,"abstract":"Thanks to the dynamic and decentralized nature of their infrastructure, mobile ad-hoc networks (MANET) contribute significantly to the deployment of services in pervasive environments. In the small area environments (houses, workplaces, hotspots, public areas, etc), these networks are not completely as secure as expected, according to user privacy. Within this kind of environment, it is still a challenging task to provide user authentication, without revealing the identity and/or the location of the communicating nodes. In this paper, we propose a new protocol called APP aiming to preserve user anonymity while providing authentication and secure routing among users within small area networks.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122124818","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Extended UML activity diagram for composing Grid services workflows 用于组合网格服务工作流的扩展UML活动图
2008 Third International Conference on Risks and Security of Internet and Systems Pub Date : 2008-10-01 DOI: 10.1109/CRISIS.2008.4757480
Y. Hlaoui, Leila Jemni Ben Ayed
{"title":"Extended UML activity diagram for composing Grid services workflows","authors":"Y. Hlaoui, Leila Jemni Ben Ayed","doi":"10.1109/CRISIS.2008.4757480","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757480","url":null,"abstract":"This paper focuses on how to model and compose workflow applications of Grid services without considering lower level description of the Grid environment. To reach this objective, we propose a model-driven approach (MDA) for developing workflow applications from existing Grid services. The workflows are built on an abstract level with semantic and syntactic descriptions of services available on the Grid using UML activity diagram language. As there are particular needs for modeling composed workflows of Grid services, we propose to extend the UML activity diagram notation. These extensions deal with additional information allowing a systematic composition of workflows and containing appropriate data to describe a Grid service. These data are useful for the execution of the resulting workflow.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121498729","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Towards a robust privacy and anonymity preserving architecture for ubiquitous computing 面向普适计算的健壮的隐私和匿名保护体系结构
2008 Third International Conference on Risks and Security of Internet and Systems Pub Date : 2008-10-01 DOI: 10.1109/CRISIS.2008.4757472
P. E. Abi-Char, M. Mokhtari, A. M'hamed, B. El-Hassan
{"title":"Towards a robust privacy and anonymity preserving architecture for ubiquitous computing","authors":"P. E. Abi-Char, M. Mokhtari, A. M'hamed, B. El-Hassan","doi":"10.1109/CRISIS.2008.4757472","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757472","url":null,"abstract":"Anonymous authentication is a means of authorizing a user without revealing his/her identification. Mobile technologies such as radiofrequency identification (RFID) tags, PDAs and mobile phone systems are increasingly being deployed in pervasive computing. These mobile devices have raised public concern regarding violation of privacy, anonymity and information confidentiality. Considering these concerns, there is a growing need to discover and develop techniques and methods to overcome the threats described above. In this paper we propose an architecture which enhances the privacy and anonymity of users in ubiquitous computing and yet preserves the security requirements of the system. Our proposed architecture is based on elliptic curve techniques, on MaptoCurve or MapToPoint function, on Weil pairing techniques and finally on elliptic curve based Okamoto identification scheme. In addition, we present a formal validation of our protocol by using the AVISPA tool. The main comparative study of our proposed architecture is to provide privacy and anonymity for mobile users. Our proposed architecture achieves many of desirable security requirements.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114825137","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Efficient detection of DDoS attacks with important attributes 有效检测具有重要属性的DDoS攻击
2008 Third International Conference on Risks and Security of Internet and Systems Pub Date : 2008-10-01 DOI: 10.1109/CRISIS.2008.4757464
Wei Wang, Sylvain Gombault
{"title":"Efficient detection of DDoS attacks with important attributes","authors":"Wei Wang, Sylvain Gombault","doi":"10.1109/CRISIS.2008.4757464","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757464","url":null,"abstract":"DDoS attacks are major threats in current computer networks. However, DDoS attacks are difficult to be quickly detected. In this paper, we introduce a system that only extracts several important attributes from network traffic for DDoS attack detection in real computer networks. We collect a large set of DDoS attack traffic by implementing various DDoS attacks as well as normal data during normal usage. Information Gain and Chi-square methods are used to rank the importance of 41 attributes extracted from the network traffic with our programs. Bayesian networks as well as C4.5 are then employed to detect attacks as well as to determine what size of attributes is appropriate for fast detection. Empirical results show that only using the most important 9 attributes, the detection accuracy remains the same or even has some improvements compared with that of using all the 41 attributes based on Bayesian Networks and C4.5 methods. Only using several attributes also improves the efficiency in terms of attributes constructing, models training as well as intrusion detection.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132416399","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 43
A new covert channel in WIFI networks WIFI网络中的一种新的隐蔽信道
2008 Third International Conference on Risks and Security of Internet and Systems Pub Date : 2008-10-01 DOI: 10.1109/CRISIS.2008.4757487
Lilia Frikha, Z. Trabelsi
{"title":"A new covert channel in WIFI networks","authors":"Lilia Frikha, Z. Trabelsi","doi":"10.1109/CRISIS.2008.4757487","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757487","url":null,"abstract":"Covert channels are not a new topic. However they remain an interesting research area. The most proposed techniques are located in the upper layers of the OSI model. In this paper, we present a new covert channel in the data link layer dedicated to wireless local area networks. It uses either sequence control or initial vector fields or both of them depending on the configuration of the network. We present also some measurements to protect the proposed channel against steganalysis and sniffing.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123642049","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Automated reaction based on risk analysis and attackers skills in intrusion detection systems 入侵检测系统中基于风险分析和攻击者技能的自动反应
2008 Third International Conference on Risks and Security of Internet and Systems Pub Date : 2008-10-01 DOI: 10.1109/CRISIS.2008.4757471
Wael Kanoun, N. Cuppens-Boulahia, F. Cuppens, J. Araújo
{"title":"Automated reaction based on risk analysis and attackers skills in intrusion detection systems","authors":"Wael Kanoun, N. Cuppens-Boulahia, F. Cuppens, J. Araújo","doi":"10.1109/CRISIS.2008.4757471","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757471","url":null,"abstract":"Nowadays, intrusion detection systems do not only aim to detect attacks; but they go beyond by providing reaction mechanisms to cope with detected attacks, or at least reduce their effects. Previous research works have proposed several methods to automatically select possible countermeasures capable of ending the detected attack, but without taking into account their side effects. In fact, countermeasures can be as harmful as the detected attack. Moreover, sometimes selected countermeasures are not adapted to the attackerpsilas actions and/or knowledge. In this paper, we propose to turn the reaction selection process intelligent by giving means to (i) quantify the effectiveness and select the countermeasure that has the minimum negative side effect on the information system by adopting a risk assessment and analysis approach, and (ii) assess the skill and knowledge level of the attacker from a defensive point of view.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130041489","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 41
Application framework for high security requirements in R&D environments based on quantum cryptography 基于量子密码的研发环境中高安全要求的应用框架
2008 Third International Conference on Risks and Security of Internet and Systems Pub Date : 2008-10-01 DOI: 10.1109/CRISIS.2008.4757478
C. Kollmitzer, O. Maurhart, S. Schauer, S. Rass
{"title":"Application framework for high security requirements in R&D environments based on quantum cryptography","authors":"C. Kollmitzer, O. Maurhart, S. Schauer, S. Rass","doi":"10.1109/CRISIS.2008.4757478","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757478","url":null,"abstract":"Companies running research and development (R&D) departments invest considerable effort into the protection of results and security of communication channels. In cases where particular expertise is unavailable within the company, R&D may be partially outsourced to external specialists being universities or independent research centers. In any such case where highly valuable data is to be exchanged between departments of a company or a university, quantum cryptography offers a convenient way to protect the investment and revenue tied to the research. Upon recent results within the EU-project SECOQC, we present an application framework that is suitable for meeting R&D security requirements. We draw from the latest experimental results, demonstrating the feasibility and efficiency of using quantum cryptography in that context.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115892803","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
A comparative study of secret code variants in terms of keystroke dynamics 从击键动力学角度对密码变体进行比较研究
2008 Third International Conference on Risks and Security of Internet and Systems Pub Date : 2008-10-01 DOI: 10.1109/CRISIS.2008.4757473
N. Pavaday, K. Soyjaudah
{"title":"A comparative study of secret code variants in terms of keystroke dynamics","authors":"N. Pavaday, K. Soyjaudah","doi":"10.1109/CRISIS.2008.4757473","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757473","url":null,"abstract":"The rise of the Internet and the push for ubiquitous computing has brought a proliferation of numerous single method solutions, forcing users to remember numerous secret codes, a task that is becoming increasingly difficult. On the web, codes are used by publications, blogs, Webmail, e-commerce sites, and financial institutions. Elsewhere, they serve as authentication mechanism for Internet service providers (ISPs), email servers, local and remote host account, ATM, voicemails and so on. Existing textual passwords, token based systems, and other methods often do not offer the necessary security standard. Fortunately biometric systems that are based on the biological features of the user when typing texts are very promising in enhancing the de facto textual password. The main objective of this paper is to assess and report on the suitability of keystroke dynamics in protecting access to resources when users are typing the different types of password that exist.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123551805","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Reputation based clustering algorithm for security management in ad hoc networks with liars 具有说谎者的自组织网络中基于信誉的安全管理聚类算法
2008 Third International Conference on Risks and Security of Internet and Systems Pub Date : 2008-10-01 DOI: 10.1504/IJICS.2009.031032
Mohamed Elhoucine Elhdhili, Lamia Ben Azzouz, F. Kamoun
{"title":"Reputation based clustering algorithm for security management in ad hoc networks with liars","authors":"Mohamed Elhoucine Elhdhili, Lamia Ben Azzouz, F. Kamoun","doi":"10.1504/IJICS.2009.031032","DOIUrl":"https://doi.org/10.1504/IJICS.2009.031032","url":null,"abstract":"Clustering in ad hoc networks consists in dividing the network into clusters (groups) managed by elected nodes called clusterheads. This technique has been used for different goals as routing efficiency, transmission management and information collection. As far as we know, no existing clustering algorithms have taken into account the existence of malicious nodes for clusterheads election and maintenance. These nodes can lie to be elected as clusterheads. Consequently the network might be managed by most of them. To solve this problem, we propose a reputation based clustering algorithm (RECA) that aims to elect trustworthy, stable and high energy clusterheads that can be used to manage the security of the network. Simulations were conducted to evaluate RECA performances in the presence of liars. Results show that it converges to a stable and convenient network division into clusters with no untrustworthy clusterheads and mainly one hop members.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129674026","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信