2010 International Conference on Availability, Reliability and Security最新文献

筛选
英文 中文
A Consideration of the Reliability of Registration and Attribute Exchange 注册与属性交换可靠性的思考
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.32
Yoshio Kakizaki, Keiichi Iwamura
{"title":"A Consideration of the Reliability of Registration and Attribute Exchange","authors":"Yoshio Kakizaki, Keiichi Iwamura","doi":"10.1109/ARES.2010.32","DOIUrl":"https://doi.org/10.1109/ARES.2010.32","url":null,"abstract":"Attribute information such as age, gender, and job is used in user registration and questionnaires.A verifier must consider what method to use for confirming attribute information when it is used online.For instance,the reliability of the information varies with the method:the verifier can accept the user's claim,confirm by certificate,confirm face-to-face or use other methods. Therefore, the reliability of attribute information becomes a problem when strict verification is necessary for a contract.In this paper,we consider the reliability of registration and attribute information that is exchanged and propose a method by which the reliability of attribute information and its grounds can be returned when attributes are exchanged.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"178 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115722113","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Strategies for Reducing Risks of Inconsistencies in Access Control Policies 降低访问控制策略不一致风险的策略
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.72
B. Stepien, S. Matwin, A. Felty
{"title":"Strategies for Reducing Risks of Inconsistencies in Access Control Policies","authors":"B. Stepien, S. Matwin, A. Felty","doi":"10.1109/ARES.2010.72","DOIUrl":"https://doi.org/10.1109/ARES.2010.72","url":null,"abstract":"Managing access control policies is a complex task. We argue that much of the complexity is unnecessary and mostly due to historical reasons. There are number of legacy policy specification languages that all have limitations of some kind. These limitations have forced policy implementers to use certain styles of writing policies, often resulting in inconsistencies. The detection and resolution of these inconsistencies has been widely researched and many solutions have been found. This paper highlights new possibilities for avoiding inconsistencies, drawing on the expressive power allowed in the condition field of rules in modern languages such as XACML. In particular, we show that making use of this expressive power has many advantages—it allows organizations to considerably reduce the number of policies and rules required to protect company assets; it provides improved views and summaries of related policies; and it allows increased scalability of analysis tools, such as tools that detect inconsistencies and tools that perform audits to verify compliance to regulations. Such tools are increasingly important in the current environment where the number of regulations governing company security continues to grow. In addition, we show how our user-friendly representation for the XACML language facilitates the use of complex conditions by increasing their readability. This increased readability has the additional benefit of allowing non-technical users to better understand the implementation of their policies. These factors all contribute to a lower risk of inconsistencies in policies.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130322485","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 20
Multiple Designated Verifiers Signatures Reconsidered 重新考虑多个指定验证者签名
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.58
Mebae Ushida, T. Izu, M. Takenaka, K. Ohta
{"title":"Multiple Designated Verifiers Signatures Reconsidered","authors":"Mebae Ushida, T. Izu, M. Takenaka, K. Ohta","doi":"10.1109/ARES.2010.58","DOIUrl":"https://doi.org/10.1109/ARES.2010.58","url":null,"abstract":"A multiple designated verifiers signature (MDVS) is introduced in 2004 by Laguillaumie-Vergnaud, in which specific verifiers chosen by the signer (designated verifiers) are the only entities who can verify the signature. They also constructed two concrete MDVS schemes MDVS1 and MDVS2 from bilinear maps which are proved to be secure in the random oracle model. This paper proposes a new forgery attack against MDVS1 and MDVS2, which allows an adversary, from a valid signature sigma on a document, to forge a signature on the same document. Because of the definition of the unforgeability of MDVS schemes, when all designated verifiers are colluded, thencan forge a signature on an arbitrary document (and thus the same document). However, the signer cannot distinguish who forged a signature (whether the adversary or the colluded designated verifiers) when the forged signature is given. Thus, the signer cannot convince the designated verifiers and this is critical for MDVS because the scheme is based on the trusty relationship between the signer and the designated verifiers. We also show the forgery attack against a DVS scheme proposed by Ohyama-Tanaka based on MDVS2.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130486061","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Trust Based Multi Path DSR Protocol 基于信任的多路径DSR协议
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.87
Poonam Gera, K. Garg, M. Misra
{"title":"Trust Based Multi Path DSR Protocol","authors":"Poonam Gera, K. Garg, M. Misra","doi":"10.1109/ARES.2010.87","DOIUrl":"https://doi.org/10.1109/ARES.2010.87","url":null,"abstract":"Ad-hoc networks establish communication in improvised environments without requiring any fixed infrastructure. These networks are inherently prone to security attacks, with node mobility being the primary cause in allowing security breaches. Therefore secure routing is a must for such networks. A number of secure routing protocols based on trust have recently been proposed. However, all these protocols use the traditional route discovery model, where a node drops RREQ packet if its own ID is in the source route of the packet, or if it has previously processed the packet. A misbehaving node takes advantage of this vulnerability and forwards the RREQ fast, so that the RREQ received from other nodes are dropped and the path discovered includes itself (the misbehaving node). In this paper, we present a unique trust based method which is not vulnerable to this behavior. In our method, each node broadcasts a RREQ packet if it is received from different neighbors. A secure and efficient route to the destination is calculated as a weighted average of the trust value of the nodes in the route, with respect to its behavior observed by its neighboring nodes and the number of nodes in the route. We evaluate the misbehaving node detection rate and the efficiency of our method along a number of parameters. Results show that our method increases the throughput of the network while discovering a secure route.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127027770","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 28
Towards a Privacy-Enhanced Social Networking Site 迈向隐私增强的社交网站
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.97
Esma Aïmeur, S. Gambs, Ai Ho
{"title":"Towards a Privacy-Enhanced Social Networking Site","authors":"Esma Aïmeur, S. Gambs, Ai Ho","doi":"10.1109/ARES.2010.97","DOIUrl":"https://doi.org/10.1109/ARES.2010.97","url":null,"abstract":"Social Networking Sites (SNS), such as Facebook and LinkedIn, have become the established place for keeping contact with old friends and meeting new acquaintances. As a result, a user leaves a big trail of personal information about him and his friends on the SNS, sometimes even without being aware of it. This information can lead to privacy drifts such as damaging his reputation and credibility, security risks (for instance identity theft) and profiling risks. In this paper, we first highlight some privacy issues raised by the growing development of SNS and identify clearly three privacy risks. While it may seem a priori that privacy and SNS are two antagonist concepts, we also identified some privacy criteria that SNS could fulfill in order to be more respectful of the privacy of their users. Finally, we introduce the concept of a Privacy-enhanced Social Networking Site (PSNS) and we describe Privacy Watch, our first implementation of a PSNS.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129231544","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 76
Secure Bindings of SAML Assertions to TLS Sessions SAML断言到TLS会话的安全绑定
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.89
Florian Kohlar, Jörg Schwenk, Meiko Jensen, S. Gajek
{"title":"Secure Bindings of SAML Assertions to TLS Sessions","authors":"Florian Kohlar, Jörg Schwenk, Meiko Jensen, S. Gajek","doi":"10.1109/ARES.2010.89","DOIUrl":"https://doi.org/10.1109/ARES.2010.89","url":null,"abstract":"In recent research work, two approaches to protect SAML based Federated Identity Management (FIM) against man-in-the-middle attacks have been proposed. One approach is to bind the SAML assertion and the SAML artifact to the public key contained in a TLS client certificate. Another approach is to strengthen the Same Origin Policy of the browser by taking into account the security guarantees TLS gives. In this paper, we present a third approach which is of further interest beyond IDM protocols: we bind the SAML assertion to the TLS session that has been agreed upon between client and the service provider and thus provide anonymity of the browser.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121589333","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Dual-Level Attack Detection and Characterization for Networks under DDoS DDoS下网络的双级攻击检测与表征
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.84
A. Sardana, R. Joshi
{"title":"Dual-Level Attack Detection and Characterization for Networks under DDoS","authors":"A. Sardana, R. Joshi","doi":"10.1109/ARES.2010.84","DOIUrl":"https://doi.org/10.1109/ARES.2010.84","url":null,"abstract":"DDoS attacks aim to deny legitimate users of the services. In this paper, we introduce novel dual - level attack detection (D-LAD) scheme for defending against the DDoS attacks. At higher and coarse level, the macroscopic level detectors (MaLAD) attempt to detect congestion inducing attacks which cause apparent slowdown in network functionality. The large volumes attacks are detected early at border routers in transit network before they converge at the victim. At lower and fine level, the microscopic level detectors (MiLAD) detect sophisticated attacks that cause network performance to degrade gracefully and stealth attacks that remain undetected in transit domain and do not impact the victim. These attacks have dramatic impact on victim and are detected at border routers in stub domain near the victim. We employ the concepts of varying threshold and change point detection on entropy to enhance the detection rate. Honeypots help achieve high filtering accuracy. Results demonstrate that in addition to being competitive than other techniques with respect to detection rate and false alarm rate, our scheme is very effective and works well in the presence of different DDoS attacks. The proposed technique provides the quite demanded solution to the DDoS problem.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"209 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115734872","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
A Secure and Scalable Grid-Based Content Management System 一个安全的、可扩展的基于网格的内容管理系统
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.80
B. Aziz, Á. Arenas, G. Cortese, B. Crispo, Silvio Causetti
{"title":"A Secure and Scalable Grid-Based Content Management System","authors":"B. Aziz, Á. Arenas, G. Cortese, B. Crispo, Silvio Causetti","doi":"10.1109/ARES.2010.80","DOIUrl":"https://doi.org/10.1109/ARES.2010.80","url":null,"abstract":"We present in this paper a secure and scalable Grid-based content management system for the management of high-volume multimedia data in the domain of the publishing industry. This is achieved by leveraging on existing individual solutions, such as the Alfresco content management system, the SRM standard for building scalable solutions based on the Grid and the GridTrust services for building trustworthy and secure Grid systems. Our solution brings closer the use of the Grid to the enterprise community within the context of a real world use case scenario. The solution facilitates the fine-grained usage control of the storage resources and a reputation-based matching between resource policies and users' past behaviour.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134081545","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
A Taxonomy Refining the Security Requirements for Electronic Voting: Analyzing Helios as a Proof of Concept 细化电子投票安全需求的分类法:分析Helios作为概念证明
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.106
L. Langer, Axel Schmidt, J. Buchmann, M. Volkamer
{"title":"A Taxonomy Refining the Security Requirements for Electronic Voting: Analyzing Helios as a Proof of Concept","authors":"L. Langer, Axel Schmidt, J. Buchmann, M. Volkamer","doi":"10.1109/ARES.2010.106","DOIUrl":"https://doi.org/10.1109/ARES.2010.106","url":null,"abstract":"Over the past years an approved set of security requirements for electronic voting has been established. However, there is no consistent perception of the exact content and scope of these requirements. Therefore, the corner stone for a comprehensive taxonomy refining the security requirements for electronic voting was laid in [1]. In order to verify the validity of this taxonomy, we apply it to the voting schemes Helios 1.0 and 2.0. We provide amendments to the original taxonomy and demonstrate that it successfully distinguishes between different, but related voting schemes, thus supporting its relevance for the study of electronic voting systems.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"100 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134213133","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 22
Secured Key Distribution Scheme for Cryptographic Key Management System 加密密钥管理系统中的安全密钥分发方案
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.96
Kyawt Kyawt Khaing, Khin Mi Mi Aung
{"title":"Secured Key Distribution Scheme for Cryptographic Key Management System","authors":"Kyawt Kyawt Khaing, Khin Mi Mi Aung","doi":"10.1109/ARES.2010.96","DOIUrl":"https://doi.org/10.1109/ARES.2010.96","url":null,"abstract":"Key distribution is the task of distributing secret keys between transmitter and receiver by providing security properties. Our key distribution scheme is beneficial for key transactions where the data encrypting key is encrypted with an upper-level key encrypting key and transmitted to the receiving side. We assume there is a trusted authority (TA) in the network which choose a secret key for communicating, and transits it to parties that wants to communicate with. There could be two or more parties that establish a secret key. At the end of a key tree two parties share a key K. The value of K is not known to any other party except TA. This scheme limits amount of cipher text available to an attacker and also limit exposure in event of key compromise. While the other schemes focus to reduce computation, or the amount of data the needs to be exchanged, our scheme is cable of Self-Adaptive key establishment for Large-Scale users as well as reduces the computational complexity.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"284 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131635585","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信