发布求助
文献互助 智能选刊 最新文献

2010 International Conference on Availability, Reliability and Security最新文献

筛选
英文 中文
Fighting Phishing with Trusted Email 用可信的电子邮件打击网络钓鱼
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.98
Jordan Crain, L. Opyrchal, A. Prakash
{"title":"Fighting Phishing with Trusted Email","authors":"Jordan Crain, L. Opyrchal, A. Prakash","doi":"10.1109/ARES.2010.98","DOIUrl":"https://doi.org/10.1109/ARES.2010.98","url":null,"abstract":"Phishing is the combination of social engineering and technical exploits designed to convince a victim to provide personal information, usually for the monetary gain of the attacker (phisher). Attempts to stop phishing by preventing a user from interacting with a malicious web site have shown to be ineffective. We introduce a method to aid in the prevention of phishing by combining automatic and transparent email signing with an email client plugin. The plugin can detect unsigned spoofed messages. In this manner, the user is prevented (or at least discouraged) from visiting malicious web sites, thus stopping the data-gathering phase of the phishing attack before it begins. We describe the system, implementation, weaknesses, and our ongoing user experiments.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128685701","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
A New DRM Architecture with Strong Enforcement 具有强执行力的新DRM体系结构
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.26
Sascha Müller, S. Katzenbeisser
{"title":"A New DRM Architecture with Strong Enforcement","authors":"Sascha Müller, S. Katzenbeisser","doi":"10.1109/ARES.2010.26","DOIUrl":"https://doi.org/10.1109/ARES.2010.26","url":null,"abstract":"We propose a new DRM architecture that utilizes a two-step enforcement process to enable strong security even in the case of a compromised DRM viewer. This is achieved by using novel cryptographic techniques of attribute-based encryption that make it possible to limit access to media to a subset of users that has to fulfill certain properties which are specified during the encryption process. We call these properties static rules. Static rules add an additional layer to the dynamic DRM enforcement framework that has to be overcome by potential attackers even if a DRM media operates in an unprotected environment. Finally, we demonstrate the practicability of this architecture by describing how static rules can be automatically extracted from licenses formulated in the standardized Open Digital Rights Language (ODRL).","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128586534","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
Katana: A Hot Patching Framework for ELF Executables 武士刀:ELF可执行文件的热补丁框架
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.112
Ashwin Ramaswamy, S. Bratus, Sean W. Smith, M. Locasto
{"title":"Katana: A Hot Patching Framework for ELF Executables","authors":"Ashwin Ramaswamy, S. Bratus, Sean W. Smith, M. Locasto","doi":"10.1109/ARES.2010.112","DOIUrl":"https://doi.org/10.1109/ARES.2010.112","url":null,"abstract":"Despite advances in software modularity, security, and reliability,offline patching remains the predominant form of updating or protecting commodity software. Unfortunately, the mechanics of hot patching (the process of upgrading a program while it executes) remain understudied, even though such a capability offers practical benefits for both consumer and mission-critical systems. A reliable hot patching procedure would serve particularly well by reducing the downtime necessary for critical functionality or security upgrades. Yet, hot patching also carries the risk -- real or perceived -- of leaving the system in an inconsistent state, which leads many owners to forego its benefits as too risky. In this paper, we propose a novel method for hot patching ELF binaries that supports (a) synchronized global data and code updates and (b)reasoning about the results of applying the hot patch. We propose a format, which we call a Patch Object, for encoding patches as a special type of ELF relocatable object file. Our tool, Katana, automatically creates these patch objects as a by-product of the standard source build process. Katana also allows an end-user to apply the Patch Objects to a running process. In essence, our method can be viewed as an extension of the Application Binary Interface (ABI), and we argue for its inclusion in future ABI standards.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"122 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115787723","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 29
A Multi-stage Methodology for Ensuring Appropriate Security Culture and Governance 确保适当的安全文化和治理的多阶段方法
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.118
S. Ghernaouti-Helie, I. Tashi, David Simms
{"title":"A Multi-stage Methodology for Ensuring Appropriate Security Culture and Governance","authors":"S. Ghernaouti-Helie, I. Tashi, David Simms","doi":"10.1109/ARES.2010.118","DOIUrl":"https://doi.org/10.1109/ARES.2010.118","url":null,"abstract":"The assessment of the adequacy and appropriateness of the security infrastructure in place within an organization poses a significant challenge to those responsible for security management, those responsible for corporate compliance, and senior management who seek a reasonable balance between robust security and ease of use for legitimate users. The process of assessment, validation and improvement is continuous and follows a number of clearly defined steps, each of which builds on the comfort obtained from the previous one and which confirms the consistency of the measures in place with the overall strategy and policies, all the while referring to the specific context and requirements of the organization. This paper describes a framework for the assessment of security governance that can be applied to organizations in the public and private sectors with differing security cultures, discusses the methods of implementing, tailoring the methodology and evaluating the results of the analysis, details a number of critical success factors, and concludes with a case study from the manufacturing sector.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115372260","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Application and Economic Implications of an Automated Requirement-Oriented and Standard-Based Compliance Monitoring and Reporting Prototype 面向需求和基于标准的自动化遵从性监控和报告原型的应用和经济意义
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.88
M. Kehlenbeck, Thorben Sandner, M. Breitner
{"title":"Application and Economic Implications of an Automated Requirement-Oriented and Standard-Based Compliance Monitoring and Reporting Prototype","authors":"M. Kehlenbeck, Thorben Sandner, M. Breitner","doi":"10.1109/ARES.2010.88","DOIUrl":"https://doi.org/10.1109/ARES.2010.88","url":null,"abstract":"Compliance management is a challenging task affected by continuously increasing legal requirements. Compliance with legal requirements can be assured by the incorporation of control activities into business processes. But the maintenance and monitoring of these control activities is a complex, time-consuming and often manual task. However, the timely communication of control exceptions is an important factor for the success of compliance management. The present paper presents an innovative prototypical implementation of an automated compliance monitoring and reporting system. This system is based on established standards and existing technologies. In particular, business processes are notated in BPMN and modeled in XPDL, control activities are linked to risks using COSO, control exceptions are defined using SWRL and access control data is transformed from proprietary models to XACML. The development of the prototype was aligned with common design-science research. The application of the developed prototype and its economic implications are concisely discussed with respect to different business requirements and information needs.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"07 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127217839","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Choosing Authentication Techniques in E-procurement System in Serbia 塞尔维亚电子采购系统中认证技术的选择
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.82
M. Milovanović, Marija Bogicevic, Miroslav Lazovic, Dejan B. Simic, D. Starcevic
{"title":"Choosing Authentication Techniques in E-procurement System in Serbia","authors":"M. Milovanović, Marija Bogicevic, Miroslav Lazovic, Dejan B. Simic, D. Starcevic","doi":"10.1109/ARES.2010.82","DOIUrl":"https://doi.org/10.1109/ARES.2010.82","url":null,"abstract":"E-Government can provide a citizen with better and/or more convenient services as opposed to the traditional government services. Application of electronic approach in completing an e-Procurement process opens up a lot of issues regarding security. The transparent nature of the process at hand is requiring a sophisticated security system. Unauthorized access or different kinds of intrusion present a legitimate threat. On the other hand, the attempt to develop such a system in developing countries like Serbia may face many difficulties. Some of the difficulties may be caused by legal obstacles, technical weaknesses, or human resistance towards change. This paper presents a review of authentication techniques used in the European e-Government systems and according to that this paper is focused on the methods we used to overcome those difficulties, as well as on the provision of a strong security system that would guarantee the protection of sensitive data.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127319208","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
2-clickAuth Optical Challenge-Response Authentication 2-clickAuth光挑战-响应认证
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.85
Anna Vapen, David Byers, N. Shahmehri
{"title":"2-clickAuth Optical Challenge-Response Authentication","authors":"Anna Vapen, David Byers, N. Shahmehri","doi":"10.1109/ARES.2010.85","DOIUrl":"https://doi.org/10.1109/ARES.2010.85","url":null,"abstract":"Internet users today often have usernames and passwords at multiple web sites. To simplify things, many sites support some form of federated identity management, such as OpenID, that enables users to have a single account that allows them to log on to many different sites by authenticating to a single identity provider. Most identity providers perform authentication using a username and password. Should these credentials be compromised, e.g. captured by a key logger or malware on an untrusted computer, all the user’s accounts become compromised. Therefore a more secure authentication method is desirable. We have implemented 2-clickAuth, an optical challenge-response solution where a web camera and a camera phone are used for authentication. Two-dimensional barcodes are used for the communication between phone and computer, which allows 2-clickAuth to transfer relatively large amounts of data in a short period of time. 2-clickAuth is considerably more secure than passwords while still being easy to use and easy to distribute to users. This makes 2-clickAuth a viable alternative to passwords in systems where enhanced security is desired, but availability, ease-of-use, and cost cannot be compromised. We have implemented an identity provider in the OpenID federated identity management system that uses 2-clickAuth for authentication, making 2-clickAuth available to all users of sites that support OpenID, including Facebook, Sourceforge and MySpace.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126593508","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 33
Enhanced Chaotic Stream Cipher for WSNs wsn的增强型混沌流密码
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.93
R. Silva, R. G. Crespo, M. Nunes
{"title":"Enhanced Chaotic Stream Cipher for WSNs","authors":"R. Silva, R. G. Crespo, M. Nunes","doi":"10.1109/ARES.2010.93","DOIUrl":"https://doi.org/10.1109/ARES.2010.93","url":null,"abstract":"This paper presents a stream cipher named eLoBa - ''enhanced Lorenz Based'', for Wireless Sensor Networks. eLoBa presents considerable improvements to a recently proposed PRNG based on Chaos, that increases its performance and security namely against algebraic attacks. We describe the eLoBa architecture and evaluate its security and performance comparing eLoBa with AES in counter mode. We show that eLoBa requires less computing power being 40% faster then AES in counter mode. eLoBa also decreases the protocol overhead in the transport of IP packets in Wireless Sensor Networks.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"95 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121711711","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Experimental Results on Cheon's Algorithm Cheon算法的实验结果
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.55
T. Izu, M. Takenaka, Masaya Yasuda
{"title":"Experimental Results on Cheon's Algorithm","authors":"T. Izu, M. Takenaka, Masaya Yasuda","doi":"10.1109/ARES.2010.55","DOIUrl":"https://doi.org/10.1109/ARES.2010.55","url":null,"abstract":"The discrete logarithm problem (DLP) is one of the familiar problem on which cryptographic schemes rely. In 2006, Cheon proposed an algorithm for solving DLP with auxiliary input which works better than conventional algorithms. This paper firstly reports experimental results on Cheon's algorithm for DLP on a super singular elliptic curve defined over $GF(3^{127})$, which is used for efficient pairing computation in practice. About 8 hours and 34 MByte data-base are required for the 1st step of Cheon's algorithm, and about 6 hours and 23 MByte data-base for the 2nd step. In total, about 14 hours are required for solving the problem. Our results imply that the security evaluation from a viewpoint of Cheon's algorithm is crucial.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"407 17","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120891773","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Towards an Ontology-Based Solution for Managing License Agreement Using Semantic Desktop 基于本体的语义桌面许可协议管理解决方案
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.104
Mansoor Ahmed, Amin Andjomshoaa, M. Asfand-e-yar, A. Tjoa, Abid Khan
{"title":"Towards an Ontology-Based Solution for Managing License Agreement Using Semantic Desktop","authors":"Mansoor Ahmed, Amin Andjomshoaa, M. Asfand-e-yar, A. Tjoa, Abid Khan","doi":"10.1109/ARES.2010.104","DOIUrl":"https://doi.org/10.1109/ARES.2010.104","url":null,"abstract":"Whenever software is installed on a computer system, one has to agree to the end-user license agreement. The software license agreement grants licensee certain rights in software usage, but usually the ownership rights of the software stays with licensor. The licensor may also hold the right to restrict the usage of the software and can revoke the agreement if the licensee violates the license terms. Without agreeing with the license terms and conditions, the end-user is not authorized to use the software and could face penalties as described in the law. The main problem is that the percentage of the users who actually read the end-user license agreement which are almost incomprehensible for the average software user is very low. Mostly the end-user does not pay much attention to reading the license agreement because they believe that nearly all the end-user license agreements are practically the same. This misunderstanding makes them not fully read the agreement and just scroll the agreement and accept the terms and conditions. What they do not realize is that by breaking the license agreement they could be confronted with some penalties as described in the law. To overcome the problem of human inefficiency of understanding the license agreement, we have introduced a machine readable representation of the license agreement based on Semantic Web Technologies.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"53 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123130372","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信