发布求助
文献互助 智能选刊 最新文献

2010 International Conference on Availability, Reliability and Security最新文献

筛选
英文 中文
From Contextual Permission to Dynamic Pre-obligation: An Integrated Approach 从情境许可到动态预义务:一种综合方法
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.71
Yehia Elrakaiby, F. Cuppens, N. Cuppens-Boulahia
{"title":"From Contextual Permission to Dynamic Pre-obligation: An Integrated Approach","authors":"Yehia Elrakaiby, F. Cuppens, N. Cuppens-Boulahia","doi":"10.1109/ARES.2010.71","DOIUrl":"https://doi.org/10.1109/ARES.2010.71","url":null,"abstract":"Pre-obligations denote actions which may be required before access is granted. The successful fulfillment of pre-obligations authorizes the requested access. Thus, preobligations induce interactions between the obligation and authorization policy states. This paper studies these interactionsby formalizing the evolution of the authorization and obligation states when pre-obligations are supported. The main advantage of the presented approach is that pre-obligations are given both declarative semantics based on predicate logic and operational semantics based on Event-Condition-Action (ECA) rules. Furthermore, the presented framework enables policy designers to easily choose to evaluate any pre-obligation either(1) statically (an access request is denied if the pre-obligation has not been fulfilled); (2) or dynamically (users are given the possibility to fulfill the pre-obligation after the access request and before access is authorized).","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"137 ","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131437698","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Estimating Hidden Message Length in Binary Image Embedded by Using Boundary Pixels Steganography 利用边界像素隐写技术估计二值图像的隐藏信息长度
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.65
Chiew Kang Leng, J. Pieprzyk
{"title":"Estimating Hidden Message Length in Binary Image Embedded by Using Boundary Pixels Steganography","authors":"Chiew Kang Leng, J. Pieprzyk","doi":"10.1109/ARES.2010.65","DOIUrl":"https://doi.org/10.1109/ARES.2010.65","url":null,"abstract":"In this paper, we propose a new steganalytic method to detect the message hidden in a black and white image using the steganographic technique developed by Liang, Wang and Zhang. Our detection method estimates the length of hidden message embedded in a binary image. Although the hidden message embedded is visually imperceptible, it changes some image statistic (such as inter-pixels correlation). Based on this observation, we first derive the 512 patterns histogram from the boundary pixels as the distinguishing statistic, then we compute the histogram difference to determine the changes of the 512 patterns histogram induced by the embedding operation. Finally we propose histogram quotient to estimate the length of the embedded message. Experimental results confirm that the proposed method can effectively and reliably detect the length of the embedded message.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115407346","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 20
Reselling Digital Content 转售数码内容
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.18
L. Aimani, Yona Raekow
{"title":"Reselling Digital Content","authors":"L. Aimani, Yona Raekow","doi":"10.1109/ARES.2010.18","DOIUrl":"https://doi.org/10.1109/ARES.2010.18","url":null,"abstract":"Digital content, protected by specific terms of use, is currently delivered to customers via a few selected content providers. Allowing arbitrary entities,not just trusted content providers, to resell legitimately purchased,protected digital content to another entity, adds additional challenges to a DRM environment. In this paper, we formally model the problem of reselling digital content, and we provide a secure construction based on one-time(proxy) signatures. Our construction allows an arbitrary seller to resell its digital content to any buyer. We ensure that the identity of the buyer is only known to the seller. The buyer can verify that the purchased content is genuine. After the transaction is completed only the legitimate current owner can use the digital content. Any illegal use can be identified by a trusted authority.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124205085","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
A Framework to Guide the Implementation of Proactive Digital Forensics in Organisations 指导组织实施主动数字取证的框架
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.62
T. Grobler, C. Louwrens, S. V. Solms
{"title":"A Framework to Guide the Implementation of Proactive Digital Forensics in Organisations","authors":"T. Grobler, C. Louwrens, S. V. Solms","doi":"10.1109/ARES.2010.62","DOIUrl":"https://doi.org/10.1109/ARES.2010.62","url":null,"abstract":"Most organizations underestimate the demand for digital evidence [1]. Often, when evidence is required to prove fraudulent transactions, not enough or trustworthy evidence is available to link the attacker to the incident. It isessential for organizations to prepare themselves for digital Forensic (DF) investigations and ensure that entireorganizational operating environment is prepared for example for an investigation (criminal or internal) or acompliance tests. The accepted literature on DF readinessconcentrates mainly on evidence identification, handling andstorage, first line incident response and training requirements [2]. It does not consider the proactiveapplication of DF tools to enhance the corporate governancestructures (specifically Information Technology (IT) governance). Pro-active DF (ProDF) as defined in this paperwill enable an organization to take the initiative byimplementing adequate measures to become DF ready,demonstrate due diligence for good corporate Governance,specifically IT Governance and provide a mechanism toassess and improve IT Governance frameworks. The purpose of this paper is to define, identify goals, steps, anddeliverables of ProDF, identify dimensions of DF, and propose a theoretical DF management framework to guidethe implementation of ProDF in an organization.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116915097","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 55
A Semi-Markov Survivability Evaluation Model for Intrusion Tolerant Database Systems 入侵容忍数据库系统的半马尔可夫生存能力评估模型
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.90
A. Wang, Su Yan, Peng Liu
{"title":"A Semi-Markov Survivability Evaluation Model for Intrusion Tolerant Database Systems","authors":"A. Wang, Su Yan, Peng Liu","doi":"10.1109/ARES.2010.90","DOIUrl":"https://doi.org/10.1109/ARES.2010.90","url":null,"abstract":"Survivability modeling and evaluation have gained increasing importance. Most existing models assume that the distributions for transitions between states are exponential. However, this assumption does not hold in many real cases. To address this problem, we propose a novel semi-Markov survivability evaluation model, which allows the transitions between states to follow nonexponential distributions. Novel quantitative measures are also proposed to characterize the capability of a resilient system in surviving intrusions. Model validation, which is possibly the most important step in the life cycle of model development, is largely overlooked in previous research. In this paper, a real intrusion tolerant database system ITDB is implemented to validate the proposed state-space models. Empirical experiments show that the semi-Markov model predicts the system behaviors with high accuracy. Furthermore, in this paper we evaluate the impact of intrinsic system deficiencies and attack behaviors on the survivability of intrusion tolerant database systems.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"79 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117212150","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
Development of ICT Infrastructure for Local Socio-Economic System in Japan Another Approach Toward Cybersecurity in the Non-urban Area 日本地方社会经济系统的ICT基础设施发展——非城市地区网络安全的另一种途径
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.114
H. Nagano
{"title":"Development of ICT Infrastructure for Local Socio-Economic System in Japan Another Approach Toward Cybersecurity in the Non-urban Area","authors":"H. Nagano","doi":"10.1109/ARES.2010.114","DOIUrl":"https://doi.org/10.1109/ARES.2010.114","url":null,"abstract":"This paper is aimed at discussing possible ICT infrastructure for the local socio-economic system in Japan.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128207148","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Probabilistic Approach for On-Line Sum-Auditing 一种基于概率的在线和审计方法
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.46
G. Canfora, B. Cavallo
{"title":"A Probabilistic Approach for On-Line Sum-Auditing","authors":"G. Canfora, B. Cavallo","doi":"10.1109/ARES.2010.46","DOIUrl":"https://doi.org/10.1109/ARES.2010.46","url":null,"abstract":"In this paper we consider the problem of auditing databases which support statistical sum-queries to protect the security of sensitive information. We study the special case in which the domain of the sensitive information is a discrete set; in particular, we focus on a boolean domain. Principles and techniques developed for the security of statistical databases in the case of continuous attributes do not apply here. We provide a probabilistic framework for the on-line sum-auditing and we show that sum-queries can be audited by means of a Bayesian network. Finally, we provide a preliminary analysis of the usefulness of the probabilistic approach.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129356337","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
A Design Pattern for Event-Based Processing of Security-Enriched SOAP Messages 基于事件处理安全增强SOAP消息的设计模式
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.23
Nils Gruschka, Meiko Jensen, Luigi Lo Iacono
{"title":"A Design Pattern for Event-Based Processing of Security-Enriched SOAP Messages","authors":"Nils Gruschka, Meiko Jensen, Luigi Lo Iacono","doi":"10.1109/ARES.2010.23","DOIUrl":"https://doi.org/10.1109/ARES.2010.23","url":null,"abstract":"For Web Services in Cloud Computing contexts, the efficient processing of XML documents is a major topic of interest. Especially for WS-Security-enriched messages, processing performance nowadays tends to become a major issue. Streaming XML processing approaches lead to valuable optimization due to lower resource consumption, but their adoption requires major conceptional changes in the processing application.In this paper, we present a pattern for architectural concepts that employ the SAX-based streaming processing approach. Its major benefit--apart from providing the performance advantage--consists in a convenient, modular architecture that can easily be extended with new modules and new types of events without modification of existing modules.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126874186","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
A Prototype for Support of Computer Forensic Analysis Combined with the Expected Knowledge Level of an Attacker to More Efficiently Achieve Investigation Results 一种结合攻击者预期知识水平支持计算机取证分析的原型,以更有效地实现调查结果
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.25
M. Bielecki, G. Quirchmayr
{"title":"A Prototype for Support of Computer Forensic Analysis Combined with the Expected Knowledge Level of an Attacker to More Efficiently Achieve Investigation Results","authors":"M. Bielecki, G. Quirchmayr","doi":"10.1109/ARES.2010.25","DOIUrl":"https://doi.org/10.1109/ARES.2010.25","url":null,"abstract":"This paper describes a novel approach to combine the strengths of an automated presentation and argumentation support system with a classification of cybercriminals similar to the ones used in law enforcement work. The discussed concept is still in an early stage of development with no substantiated scientific results. The beginning of the paper is dedicated to the description of a prototype based on an automated forensic support system called ¿CFAA¿ (¿Computer Forensic Analyzer and Advisor¿). This description is followed by a short classification of current cybercriminals and their knowledge levels. This classification is a slight modification of the one described in \"Scene of the Cybercrime\" by Debra Littlejohn Shinder. The paper then continues with the presentation of an envisaged approach towards combining the software tool with the determined classification to increase the efficiency of the forensic analysis. The core aim of this paper is to demonstrate the possible increase of efficiency with adjusting the appropriate cybercriminal levels according to the forensic investigation.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123201695","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Supporting Authorization Policy Modification in Agile Development of Web Applications 支持Web应用敏捷开发中的授权策略修改
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.19
Steffen Bartsch
{"title":"Supporting Authorization Policy Modification in Agile Development of Web Applications","authors":"Steffen Bartsch","doi":"10.1109/ARES.2010.19","DOIUrl":"https://doi.org/10.1109/ARES.2010.19","url":null,"abstract":"Web applications are increasingly developed in Agile development processes. Business-centric Web applications need complex authorization policies to securely implement business processes. As part of the Agile process, integrating domain experts into the development of RBAC authorization policies improves the policies, but remains difficult. For policy modifications, high numbers of options need to be considered. To ease the management task and integrate domain experts, we propose an algorithm and prototype tool. The AI-based change-support algorithm helps to find the suitable modification actions according to desired changes that are given in policy test cases. We also present a prototype GUI for domain experts to employ the algorithm and report on early results of non-security experts using the tool in a real-world business Web application.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114228854","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信