发布求助
文献互助 智能选刊 最新文献

2008 Third International Conference on Risks and Security of Internet and Systems最新文献

筛选
英文 中文
Security analysis of the Dependability, Security Reconfigurability framework 安全可靠性分析,安全可重构框架
2008 Third International Conference on Risks and Security of Internet and Systems Pub Date : 2008-10-01 DOI: 10.1109/CRISIS.2008.4757468
T. Hartog, G. Kleinhuis
{"title":"Security analysis of the Dependability, Security Reconfigurability framework","authors":"T. Hartog, G. Kleinhuis","doi":"10.1109/CRISIS.2008.4757468","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757468","url":null,"abstract":"Introducing security and security functionality in a large scale communication and information system will increase the complexity of these systems. Complexity in general is seen as an important aspect of possible insecure systems. In this paper we describe the threats that need to be addressed if a specific security solution like the DESEREC (dependability and security by enhanced reconfigurability) framework is deployed in a large scale communication and information system. Also the necessary minimal countermeasures and corresponding security requirements are described. This work reflects our experiences within the DESEREC project, partly funded by the European Union.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115977125","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Aspect-based enforcement of formal delegation policies 正式委托策略的基于方面的实施
2008 Third International Conference on Risks and Security of Internet and Systems Pub Date : 2008-10-01 DOI: 10.1109/CRISIS.2008.4757459
Slim Kallel, A. Charfi, M. Mezini, M. Jmaiel
{"title":"Aspect-based enforcement of formal delegation policies","authors":"Slim Kallel, A. Charfi, M. Mezini, M. Jmaiel","doi":"10.1109/CRISIS.2008.4757459","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757459","url":null,"abstract":"Delegation is a powerful concept in access control systems, which allows users to assign all or part of their permissions to other users. Several types of delegation models for role-based access control have been proposed so far. However, most existing works focus on the specification of delegation policies and there is very little work on the monitoring and enforcement of such policies at runtime. In this paper, we use a security approach combining formal methods and aspect-oriented programming for specifying and enforcing delegation policies. In our approach, delegation models and their characteristics are specified formally using TemporalZ, which is a combination of Z notation and temporal logic. Then, we verify the formal specification to ensure consistency using theorem proving. Finally, we generate automatically a set of aspects in the aspect-oriented language ALPHA from the TemporalZ specifications. These aspects enforce the specified delegation policies at runtime.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121481820","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
EESP: A Security protocol that supports QoS management esp:支持QoS管理的安全协议
2008 Third International Conference on Risks and Security of Internet and Systems Pub Date : 2008-10-01 DOI: 10.1109/CRISIS.2008.4757476
M. Mostafa, A. A. E. Kalam, C. Fraboul
{"title":"EESP: A Security protocol that supports QoS management","authors":"M. Mostafa, A. A. E. Kalam, C. Fraboul","doi":"10.1109/CRISIS.2008.4757476","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757476","url":null,"abstract":"In order to effectively manage network resources and to serve different traffic needs, several works have been done in the QoS area. Basically, ldquomulti-field (MF) packet classifiersrdquo classify a packet by looking for multiple fields of the IP/TCP headers, recognize which flow the packet belongs to, and according to this information, provide service differentiation in IP networks. However, for security purposes, existing security protocols (such as the IPSec Encapsulating Security Payload (ESP) algorithm) hides much of this information in their encrypted payloads, preventing network control devices such as routers and switches from utilizing this information in performing classification appropriately. The ESPQ (ESP considered QoS) protocol deals with this problem but unfortunately, it has some security weaknesses. In this paper we present the ESPQ vulnerabilities and we propose EESP (Enhanced encapsulated security payload) as a security protocol that provides both security and QoS.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127385280","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
An ontology-based approach to react to network attacks 一种基于本体的网络攻击响应方法
2008 Third International Conference on Risks and Security of Internet and Systems Pub Date : 2008-10-01 DOI: 10.1504/IJICS.2009.031041
N. Cuppens-Boulahia, F. Cuppens, J. D. Vergara, Enrique Vázquez, Javier Guerra, Hervé Debar
{"title":"An ontology-based approach to react to network attacks","authors":"N. Cuppens-Boulahia, F. Cuppens, J. D. Vergara, Enrique Vázquez, Javier Guerra, Hervé Debar","doi":"10.1504/IJICS.2009.031041","DOIUrl":"https://doi.org/10.1504/IJICS.2009.031041","url":null,"abstract":"To address the evolution of security incidents in current communication networks it is important to react quickly and efficiently to an attack. The RED (Reaction after Detection) project is defining and designing solutions to enhance the detection/reaction process, improving the overall resilience of IP networks to attacks and help telecommunication and service providers to maintain sufficient quality of service and respect service level agreements. Within this project, a main component is in charge of instantiating new security policies that counteract the network attacks. This paper proposes an ontology-based approach to instantiate these security policies. This technology provides a way to map alerts into attack contexts, which are used to identify the policies to be applied in the network to solve the threat. For this, ontologies to describe alerts and policies are defined, using inference rules to perform such mappings.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":"103 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121623870","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 39
VisAA: Visual analyzer for assembler Visual analyzer for汇编程序
2008 Third International Conference on Risks and Security of Internet and Systems Pub Date : 2008-10-01 DOI: 10.1109/CRISIS.2008.4757482
Philippe Andouard, Olivier Ly, Davy Rouillard
{"title":"VisAA: Visual analyzer for assembler","authors":"Philippe Andouard, Olivier Ly, Davy Rouillard","doi":"10.1109/CRISIS.2008.4757482","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757482","url":null,"abstract":"Reading and understanding the structure of assembly code is often a tedious and difficult task. It becomes much more difficult when exact timing analysis on control flow paths is required to detect timing attacks. We describe our semi-automated tool VisAA used for visualization of control flow information and timing analysis of execution paths to detect portions of code vulnerable to timing attacks on 8-bit AVR microchip assembly code. Our system provides a great aid by saving much human effort in unravelling and analyzing assembly code.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129178008","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
A Byzantine solution to early detect massive attacks 早期发现大规模攻击的拜占庭式解决方案
2008 Third International Conference on Risks and Security of Internet and Systems Pub Date : 2008-10-01 DOI: 10.1109/CRISIS.2008.4757470
Khaled Barbaria, Belhassen Zouari
{"title":"A Byzantine solution to early detect massive attacks","authors":"Khaled Barbaria, Belhassen Zouari","doi":"10.1109/CRISIS.2008.4757470","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757470","url":null,"abstract":"The quality and the timeliness of the detection of massive attacks significantly limit their great danger. In this paper, we describe an existing solution based on a centralized treatment of threat reports generated by probes deployed at the edges of a national Cyber-space. We also propose a more reliable architecture based on a consensus algorithm that solves the interactive consistency problem under the Byzantine assumptions. We prove the correctness of our algorithm and show its contribution to the early detection of massive attacks.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126531053","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Verification of Workflow processes under multilevel security considerations 在多级安全考虑下验证工作流过程
2008 Third International Conference on Risks and Security of Internet and Systems Pub Date : 2008-10-01 DOI: 10.1109/CRISIS.2008.4757466
Kamel Barkaoui, R. Ayed, H. Boucheneb, A. Hicheur
{"title":"Verification of Workflow processes under multilevel security considerations","authors":"Kamel Barkaoui, R. Ayed, H. Boucheneb, A. Hicheur","doi":"10.1109/CRISIS.2008.4757466","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757466","url":null,"abstract":"Traditional modelling and analysis of workflow aims at verifying the correctness of its control flow. When dealing with workflow security, the compliance of information flow with the adopted security policies needs also to be analyzed. In this paper, we propose a two-steps verification approach. While the first step is concerned by soundness of the workflow, the second one is concerned by the data consistency with respect to a multilevel security policy where the granting of access rights to objects by the workflow system is done according to information flow rules of Bell-LaPadula model. Our approach is based on the ECATNet formalism. It offers means to incorporate the security constraints on information flow into an initial WF net modeling the control flow of a workflow specification. We then show how to analyze the impact of the security rules on the whole Workflow through the model checker of the MAUDE environment and how to relax them before producing the correct specification and submitting it to the workflow system.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126842433","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Economic-based vs. nature-inspired intruder detection in sensor networks 基于经济的与基于自然的传感器网络入侵者检测
2008 Third International Conference on Risks and Security of Internet and Systems Pub Date : 2008-10-01 DOI: 10.1109/CRISIS.2008.4757477
F. Mili, S. Ghanekar, Nancy Alrajei
{"title":"Economic-based vs. nature-inspired intruder detection in sensor networks","authors":"F. Mili, S. Ghanekar, Nancy Alrajei","doi":"10.1109/CRISIS.2008.4757477","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757477","url":null,"abstract":"Protecting computer networks from accidental and malicious harm is a critical issue. Researchers have sought a variety of solutions ranging from the purely statistical approach to approaches inspired from a variety of fields such as economics and biology. In this paper, we focus on the issue of intruder detection and propose two complementary approaches, one economics-based, the other biology-inspired. We discuss the effectiveness of these two approaches put together as compared to each one alone based on Matlab simulations.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":"65 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127317230","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Revisiting enforceable security policies 重新审视可执行的安全策略
2008 Third International Conference on Risks and Security of Internet and Systems Pub Date : 2008-10-01 DOI: 10.1109/CRISIS.2008.4757483
Naoyuki Nagatou
{"title":"Revisiting enforceable security policies","authors":"Naoyuki Nagatou","doi":"10.1109/CRISIS.2008.4757483","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757483","url":null,"abstract":"We algebraically characterize a class of enforceable security policies by execution monitoring using a modal logic. We regard monitors as processes in Milnerpsilas CCS and security policies as formulas in the modal logic. We show that a set of processes occurring in a monitor must be within the greatest fixed point for the formula, following Schneiderpsilas definition on execution monitors. We also consider monitors that can derive some sequences from a single captured action sequence. To discuss such monitors, we introduce variables ranging over sets of processes in CCS. We then show that there is fixed points under the extension. This work may help us to understand such monitors to detect covert channels at run time and to analyze safety properties for multithreads, which need to examine multiple paths.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115305282","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Formal procedural security modeling and analysis 形式化的过程安全建模和分析
2008 Third International Conference on Risks and Security of Internet and Systems Pub Date : 2008-10-01 DOI: 10.1109/CRISIS.2008.4757486
Komminist Weldemariam, Adolfo Villafiorita
{"title":"Formal procedural security modeling and analysis","authors":"Komminist Weldemariam, Adolfo Villafiorita","doi":"10.1109/CRISIS.2008.4757486","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757486","url":null,"abstract":"We are involved in a project related to the evaluation and possible introduction of e-voting for elections held in the Autonomous Province of Trento. One of the goals of the project is defining the laws and the procedures that will regulate e-voting and guarantee the same or an higher level of security than the traditional, paper-based, elections. To do so, we are tackling the problem (also) at the procedural level, namely, we are trying to understand weaknesses and strengths of the procedures regulating elections in Italy, in order to analyze possible attacks and their effects. The analyzes are based on formal specifications of the procedures and on model checkers to help us derive possible attacks. We believe the approach to be useful to help us systematically identifying the limits of the current procedures (i.e. under what hypotheses attacks are undetectable) and, consequently, to state more precisely under what hypotheses and conditions we can guarantee reasonably secure elections.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":"113 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123305434","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信