发布求助
文献互助 智能选刊 最新文献

2010 International Conference on Availability, Reliability and Security最新文献

筛选
英文 中文
Threat- and Risk-Analysis During Early Security Requirements Engineering 早期安全需求工程中的威胁和风险分析
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.14
Holger Schmidt
{"title":"Threat- and Risk-Analysis During Early Security Requirements Engineering","authors":"Holger Schmidt","doi":"10.1109/ARES.2010.14","DOIUrl":"https://doi.org/10.1109/ARES.2010.14","url":null,"abstract":"We present a threat and risk-driven methodology to security requirements engineering. Our approach has a strong focus on gathering, modeling, and analyzing the environment in which a secure ICT-system to be built is located. The knowledge about the environment comprises threat and risk models. This security-relevant knowledge is used to assess the adequacy of security mechanisms, which are selected to establish security requirements.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"70 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121566908","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Planning Dynamic Activity and Resource Allocations Using a Risk-Aware Business Process Management Approach 使用风险意识业务流程管理方法规划动态活动和资源分配
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.79
S. Tjoa, Stefan Jakoubi, S. Goluch, G. Kitzler
{"title":"Planning Dynamic Activity and Resource Allocations Using a Risk-Aware Business Process Management Approach","authors":"S. Tjoa, Stefan Jakoubi, S. Goluch, G. Kitzler","doi":"10.1109/ARES.2010.79","DOIUrl":"https://doi.org/10.1109/ARES.2010.79","url":null,"abstract":"The planning and effective usage of resources is a major challenge for organizations. More than ever through the global interconnections and the current economic situation the domain of resource allocation gains importance. Thus, within this paper we contribute to this research field by introducing a novel approach for dynamic activity and resource allocation using risk-aware business process simulations in order to facilitate and enhance planning and analysis activities. To clarify our work we show the application using a stylized business case.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121845899","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
A Complexity Based Model for Quantifying Forensic Evidential Probabilities 基于复杂性的法医证据概率量化模型
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.42
R. Overill, Jantje A. M. Silomon, Kam-pui Chow
{"title":"A Complexity Based Model for Quantifying Forensic Evidential Probabilities","authors":"R. Overill, Jantje A. M. Silomon, Kam-pui Chow","doi":"10.1109/ARES.2010.42","DOIUrl":"https://doi.org/10.1109/ARES.2010.42","url":null,"abstract":"An operational complexity model (OCM) is proposed to enable the complexity of both the cognitive and the computational components of a process to be determined. From the complexity of formation of a set of traces via a specified route a measure of the probability of that route can be determined. By determining the complexities of alternative routes leading to the formation of the same set of traces, the odds ratio indicating the relative plausibility of the alternative routes can be found. An illustrative application to a BitTorrent piracy case is presented, and the results obtained suggest that the OCM is capable of providing a realistic estimate of the odds ratio for two competing hypotheses. It is also demonstrated that the OCM can be straightforwardly refined to encompass a variety of circumstances.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115279709","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
Secure Group Communication Using Fractional Public Keys 使用分数公钥的安全组通信
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.13
Sigurd Eskeland, V. Oleshchuk
{"title":"Secure Group Communication Using Fractional Public Keys","authors":"Sigurd Eskeland, V. Oleshchuk","doi":"10.1109/ARES.2010.13","DOIUrl":"https://doi.org/10.1109/ARES.2010.13","url":null,"abstract":"In this paper, we present the novel concept of fractional public keys and an efficient zero-round multi-party Diffie-Hellman key agreement scheme that is based on fractional public keys. Shared group keys are computed highly efficiently by using the fractional public keys of multiple participants as exponents. The scheme provides therefore an efficient and elegant way of multi-party key agreement without key establishment data transmissions. The presented cryptographic scheme is collusion resistant to any number of users.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123834407","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Binomial-Mix-Based Location Anonymizer System with Global Dummy Generation to Preserve User Location Privacy in Location-Based Services 基于全局虚拟生成的二项混合位置匿名器系统保护用户位置隐私
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.76
Minh Tran, I. Echizen, A. Duong
{"title":"Binomial-Mix-Based Location Anonymizer System with Global Dummy Generation to Preserve User Location Privacy in Location-Based Services","authors":"Minh Tran, I. Echizen, A. Duong","doi":"10.1109/ARES.2010.76","DOIUrl":"https://doi.org/10.1109/ARES.2010.76","url":null,"abstract":"We propose a binomial-mix-based location anonymizer system with global dummy generation to protect user location privacy in location-based services in the face of attacks from a global active adversary and even with untrusted location-based service providers. Our proposed system overcomes the disadvantages of high latency in general-purpose mix-net systems when they are applied to location-based services, and the imprecision of query result or inefficiency due to large number of candidates in query result of existing obfuscation or spatial cloaking techniques. In our system, dummies (false locations) are generated globally in order to reduce the latency of requests to location-based services. A centralized dummy generation mechanism exploits all users' activities to optimize the system's behavior and performance. Because of the randomness provided by a binomial mix, our system prevents an adversary from determining with certainty whether a user is at a specific location. Our system also lets users define and update their personal location privacy maps and satisfies a probabilistic real-time condition that ensures delivery of any request within a predefined duration with high probability.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"176 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129545239","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
Improving Effectiveness of Intrusion Detection by Correlation Feature Selection 利用关联特征选择提高入侵检测的有效性
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.4018/jmcmc.2011010102
H. Nguyen, K. Franke, Slobodan V. Petrovic
{"title":"Improving Effectiveness of Intrusion Detection by Correlation Feature Selection","authors":"H. Nguyen, K. Franke, Slobodan V. Petrovic","doi":"10.4018/jmcmc.2011010102","DOIUrl":"https://doi.org/10.4018/jmcmc.2011010102","url":null,"abstract":"The quality of the feature selection algorithm is one of the most important factors that affects the effectiveness of an intrusion detection system (IDS). Achieving reduction of the number of relevant traffic features without negative effect on classification accuracy is a goal that greatly improves the overall effectiveness of the IDS. Obtaining a good feature set automatically without involving expert knowledge is a complex task. In this paper, we propose an automatic feature selection procedure based on the filter method used in machine learning. In particular, we focus on Correlation Feature Selection (CFS). By transforming the CFS optimization problem into a polynomial mixed 0−1 fractional programming problem and by introducing additional variables in the problem transformed in such a way, we obtain a new mixed 0 − 1 linear programming problem with a number of constraints and variables that is linear in the number of full set features. The mixed 0−1 linear programming problem can then be solved by means of branch-and-bound algorithm. Our feature selection algorithm was compared experimentally with the best-first-CFS and the genetic-algorithm-CFS methods regarding the feature selection capabilities. The classification accuracy obtained after the feature selection by means of the C4.5 and the BayesNet machines over the KDD CUP'99 IDS benchmarking data set was also tested. Experiments show that our proposed method outperforms the best first and genetic algorithm search strategies by removing much more redundant features and still keeping the classification accuracies or even getting better performances.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"29 8","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120912586","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 111
Patterns for Secure Boot and Secure Storage in Computer Systems 计算机系统中的安全引导和安全存储模式
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.110
Hans Löhr, A. Sadeghi, M. Winandy
{"title":"Patterns for Secure Boot and Secure Storage in Computer Systems","authors":"Hans Löhr, A. Sadeghi, M. Winandy","doi":"10.1109/ARES.2010.110","DOIUrl":"https://doi.org/10.1109/ARES.2010.110","url":null,"abstract":"Trusted Computing aims at enhancing the security of IT systems by using a combination of trusted hardware and software components to provide security guarantees. This includes system state integrity and the secure link between the software and hardware of a computing platform. Although security patterns exist for operating system security, access control, and authentication, there is still none of Trusted Computing aspects. In this paper, we introduce security patterns for secure boot and for secure storage, which are important basic Trusted Computing concepts. Secure boot is at the heart of most security solutions and secure storage is fundamental for application-level security: it ensures that the integrity of software is verified before accessing stored data. Our paper aims at complementing existing system security patterns by presenting the common patterns underlying the different realizations of secure boot and secure storage.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"138 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122243941","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 20
Multi-dimensional Uncertainty Analysis in Secure and Dependable Domain 安全可靠领域的多维不确定性分析
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.99
Y. Asnar, P. Giorgini
{"title":"Multi-dimensional Uncertainty Analysis in Secure and Dependable Domain","authors":"Y. Asnar, P. Giorgini","doi":"10.1109/ARES.2010.99","DOIUrl":"https://doi.org/10.1109/ARES.2010.99","url":null,"abstract":"Most of the critical aspects for secure and dependable systems, such as safety, integrity, availability, are related to uncertainty. Literature proposes many approaches to deal with uncertainty, mainly in the area of risk management and safety and reliability engineering. However, what is still missing is a clear understanding of the nature of uncertainty that very often has produced mistreatments in the design. In this paper, we propose a conceptual model for uncertainty that can be used to deal with systems’ qualities such as security and dependability. Particularly, we will consider the relation between uncertainty risk and how risk affects quality attributes of the system. We use a case study in Air Traffic Management to illustrate our approach.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128486116","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Investigating the Limitations of Java Annotations for Input Validation 研究用于输入验证的Java注释的局限性
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.29
Federico Mancini, D. Hovland, K. Mughal
{"title":"Investigating the Limitations of Java Annotations for Input Validation","authors":"Federico Mancini, D. Hovland, K. Mughal","doi":"10.1109/ARES.2010.29","DOIUrl":"https://doi.org/10.1109/ARES.2010.29","url":null,"abstract":"Recently Java annotations have received a lot of attention as a possible way to simplify the usage of various frameworks, ranging from persistence and verification to security. In this paper we discuss our experiences in implementing an annotation framework for input validation purposes. We investigate the advantages and more importantly their limitations in the design of validation tests. We conclude that annotations are a good choice for specifying common validation tests. However, the limitations of annotations have an impact on creating and using generic tests and tests involving multiple properties.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"60 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134058732","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Heuristics for Detecting Botnet Coordinated Attacks 检测僵尸网络协同攻击的启发式方法
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.68
Kazuya Kuwabara, H. Kikuchi, M. Terada, Masashi Fujiwara
{"title":"Heuristics for Detecting Botnet Coordinated Attacks","authors":"Kazuya Kuwabara, H. Kikuchi, M. Terada, Masashi Fujiwara","doi":"10.1109/ARES.2010.68","DOIUrl":"https://doi.org/10.1109/ARES.2010.68","url":null,"abstract":"This paper studies the analysis on the Cyber Clean Center (CCC) Data Set 2009, consisting of raw packets captured more than 90 independent honeypots, in order for detecting behavior of downloads and the port-scans. The analyses show that some new features of the coordinated attacks performed by Botnet, e.g., some particular strings contained in packets in downloading malwares, and the common patterns in downloading malwares from distributed servers. Based on the analysis, the paper proposes the heuristic techniques for detection of malwares made by Botnet coordinated attack and reports the accuracy of the proposed heuristics. The detection process is automated in the proposed decision tree consisting of statistics, such as, a number of total inbound packets, and an average rate of downloading malwares.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133392038","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信