发布求助
文献互助 智能选刊 最新文献

2010 International Conference on Availability, Reliability and Security最新文献

筛选
英文 中文
Formal Specification and Analysis of an E-voting System 电子投票系统的形式化规范与分析
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.83
Komminist Weldemariam, R. Kemmerer, Adolfo Villafiorita
{"title":"Formal Specification and Analysis of an E-voting System","authors":"Komminist Weldemariam, R. Kemmerer, Adolfo Villafiorita","doi":"10.1109/ARES.2010.83","DOIUrl":"https://doi.org/10.1109/ARES.2010.83","url":null,"abstract":"Electronic voting systems are a perfect example of security-critical computing. One of the critical and complex parts of such systems is the voting process, which is responsible for correctly and securely storing intentions and actions of the voters. Unfortunately, recent studies revealed that various e-voting systems show serious specification, design, and implementation flaws. The application of formal specification and verification can greatly help to better understand the system requirements of e-voting systems by thoroughly specifying and analyzing the underlying assumptions and the security specific properties.This paper presents the specification and verification of the electronic voting process for the Election Systems & Software (ES&S) system. We used the ASTRAL language to specify the voting process of ES&S machines and the critical security requirements for the system. Proof obligations that verify that the specified system meets the critical requirements were automatically generated by the ASTRAL Software Development Environment (SDE). The PVS interactive theorem prover was then used to apply the appropriate proof strategies and discharge the proof obligations.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114954604","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
Measuring the Level of Security Introduced by Security Patterns 度量安全模式引入的安全级别
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.111
E. Fernández, Nobukazu Yoshioka, H. Washizaki, M. VanHilst
{"title":"Measuring the Level of Security Introduced by Security Patterns","authors":"E. Fernández, Nobukazu Yoshioka, H. Washizaki, M. VanHilst","doi":"10.1109/ARES.2010.111","DOIUrl":"https://doi.org/10.1109/ARES.2010.111","url":null,"abstract":"It is possible to reasonably measure the security quality of individual security patterns. However, more interesting is to ask: Can we show that a system built using security patterns is secure in some sense? We discuss here some issues about evaluating the security of a system built using security patterns. We consider the use of threats and misuse patterns to perform this evaluation.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"189 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129646400","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 20
Visualizing Past Personal Data Disclosures 可视化过去的个人数据披露
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.51
Jan Kolter, M. Netter, G. Pernul
{"title":"Visualizing Past Personal Data Disclosures","authors":"Jan Kolter, M. Netter, G. Pernul","doi":"10.1109/ARES.2010.51","DOIUrl":"https://doi.org/10.1109/ARES.2010.51","url":null,"abstract":"Today's rich service offer in the World Wide Web increasingly requires the disclosure of personal user data. Service providers' appetite for personal user data, however, is accompanied by growing privacy implications for Internet users. Addressing this rising threat, privacy-enhancing technologies aim at aiding users in protecting their personal data. Even though effective privacy laws facilitate users to edit and revoke already disclosed personal data, few PET solutions support users in exercising this right. Available tools lack intuitive interfaces and are built on powerful infrastructures on the provider side. In this paper we introduce the Data Disclosure Log component within a user-centric privacy architecture. Built on a browser-based logging extension, we present a visualization tool that displays past personal data disclosures from different perspectives. A graph-based view allows for the dynamic presentation of relations between selected entity types. Such an overview enables users to know the conditions of past personal data transactions at any time. This knowledge represents a prerequisite for an ex post revision or revocation of personal data. Usability and user acceptance of the developed prototype is evaluated in a conducted user test.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129777474","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 33
Owner-Based Role-Based Access Control OB-RBAC 基于所有者的基于角色的访问控制OB-RBAC
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.94
M. Saffarian, B. S. Firozabadi
{"title":"Owner-Based Role-Based Access Control OB-RBAC","authors":"M. Saffarian, B. S. Firozabadi","doi":"10.1109/ARES.2010.94","DOIUrl":"https://doi.org/10.1109/ARES.2010.94","url":null,"abstract":"Administration of an access control model deals with the question of who is authorized to update policies defined on the basis of that model. One of the models whose administration has absorbed relatively large research is the Role-Based Access Control (RBAC) model. All the existing role-based administrative models fall into the category of administrator based decentralized approach. In such an approach, a group of administrators are given firstly, the authority of updating authorizations for operative roles and secondly, the authority of delegating the previous right to other lower-level administrators. However, in organizations with informal and flexible structure, like academic and research-oriented organizations such a sharp distinction between administrative roles and operative roles might not exist. Here, each role may take part in both operative and administrative decisions such that more mission-oriented decisions are made by senior roles and more specialized-level decisions are made by junior roles. In this paper, we study a new class of access control model called Owner-Based Role-Based Access Control (OB-RBAC) which is suitable for such environments. The OB-RBAC model utilizes the advantages of both Discretionary Access Control (DAC)and RBAC. In particular, the OB-RBAC model builds a policy model which not only fulfills the organizational restrictions but enjoys the flexible administration of the DAC model.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"53 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130626355","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Optimising IDS Sensor Placement IDS传感器放置优化
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.92
Hao Chen, J. A. Clark, S. Shaikh, Howard Chivers, P. Nobles
{"title":"Optimising IDS Sensor Placement","authors":"Hao Chen, J. A. Clark, S. Shaikh, Howard Chivers, P. Nobles","doi":"10.1109/ARES.2010.92","DOIUrl":"https://doi.org/10.1109/ARES.2010.92","url":null,"abstract":"In large network environments multiple intrusion detection sensors are needed to adequately monitor network traffic. However, deploying and managing additional sensors on a large network can be a demanding task, and organizations have to balance their desire for detecting intrusions throughout their network with financial and staffing limitations. This paper investigates how intrusion detection system (IDS) sensors should best be placed on a network when there are several competing evaluation criteria. This is a computationally difficult problem and we show how Multi-Objective Genetic Algorithms provide an excellent means of searching for optimal placements.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"120 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116372025","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 20
Information Flow in Disaster Management Systems 灾害管理系统中的信息流
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.107
Achim D. Brucker, D. Hutter
{"title":"Information Flow in Disaster Management Systems","authors":"Achim D. Brucker, D. Hutter","doi":"10.1109/ARES.2010.107","DOIUrl":"https://doi.org/10.1109/ARES.2010.107","url":null,"abstract":"Collaborations between organizations in the public sector, e. g., fire brigades, polices, military units, is often done via liaison officers. A liaison officer liaises between two organizations by providing a single point of contact and ensuring the efficient communication and coordination of their activities. Usually an organization embeds a liaison officer in another organization to provide face-to-face coordination. Liaison officers demand special requirements to the security mechanism of the IT infrastructure of the organization that act as host for a liaison officer. This holds, in particular, for Disaster Management Information Systems (DMIS). Such systems need, on the one hand, to support various ways of communication in a flexible and ad hoc manner. On the other hand, these systems need to protect, by law, the leakage of sensitive data. In this paper, we present a novel mechanism, based on role-based access control (RBAC), for supporting the flexible and secure information exchange between organizations using liaison officers. Our mechanism enables liaison officers to decide on their own authority which information they wants share with their home organizations while allowing the host organization to limit the access of liaisons officers to their system in a fine-grained manner.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114567389","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
An Improvement of Robustness Against Physical Attacks and Equipment Independence in Information Hiding Based on the Artificial Fiber Pattern 基于人工纤维模式的信息隐藏抗物理攻击鲁棒性和设备独立性改进
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.43
Kitahiro Kaneda, Yuki Fujii, Keiichi Iwamura, S. Hangai
{"title":"An Improvement of Robustness Against Physical Attacks and Equipment Independence in Information Hiding Based on the Artificial Fiber Pattern","authors":"Kitahiro Kaneda, Yuki Fujii, Keiichi Iwamura, S. Hangai","doi":"10.1109/ARES.2010.43","DOIUrl":"https://doi.org/10.1109/ARES.2010.43","url":null,"abstract":"Digital watermarks provide the capability to insert additional information onto various media, such as still images, movies and audio, by utilizing features of the content. Several methods for printed documents have already been proposed using features of the text or images. In order to overcome the disadvantages of existing methods, we have proposed a new information hiding scheme for printed documents; namely, the artificial fiber pattern by using the features of the paper instead of those of the contents. The method has features of rotational invariance and low visibility. In this paper, we improve the algorithm aimed at equipment independence and the robustness against physical attacks.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"160 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133597091","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Analysis of Transient Faults on a MIPS-Based Dual-Core Processor 基于mips的双核处理器瞬态故障分析
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.30
Iman Faraji, Moslem Didehban, H. Zarandi
{"title":"Analysis of Transient Faults on a MIPS-Based Dual-Core Processor","authors":"Iman Faraji, Moslem Didehban, H. Zarandi","doi":"10.1109/ARES.2010.30","DOIUrl":"https://doi.org/10.1109/ARES.2010.30","url":null,"abstract":"This paper presents a simulation-based fault injection analysis of a MIPS-based dual-core processor. In order to fulfill the requirement of this analysis, 114 different fault targets are used in various points of main components which are described in VHDL language; each experiment was repeated 50 times, resulting in 5700 transient faults in this simulation model. The experimental results demonstrate that, depending on the fault injection targets and the benchmark characteristics, fault effects vary significantly. On average, up to 35.2% of injected faults are recovered in simulation time, while 52.6% of faults lead to system failure, and the remaining 12.2%, treat as latent errors. Different benchmarks show different vulnerability for various components; but on average, Arbiter and Message passing interface are the most vulnerable components outside the tiles, while PC and Bus Handler have highest failure rate among in-tile components. Fault injection on each region has noticeable impact on the result of the other core. In general, fault injection in Shared regions has highest contribution in system failure.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"81 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133642299","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
Blind Steganalysis: A Countermeasure for Binary Image Steganography 盲隐写分析:二值图像隐写的一种对策
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.66
Chiew Kang Leng, J. Pieprzyk
{"title":"Blind Steganalysis: A Countermeasure for Binary Image Steganography","authors":"Chiew Kang Leng, J. Pieprzyk","doi":"10.1109/ARES.2010.66","DOIUrl":"https://doi.org/10.1109/ARES.2010.66","url":null,"abstract":"In this paper, we propose a new blind steganalytic method to detect the presence of secret messages embedded in black and white images using the steganographic techniques. We start by extracting several sets of matrix, such as run length matrix, gap length matrix and pixel difference. We also apply characteristic function on these matrices to enhance their discriminative capabilities. Then we calculate the statistics which include mean, variance, kurtosis and skewness to form our feature sets. The presented empirical works demonstrate our proposed method can effectively detect three different types of steganography. This proves the universality of our proposed method as a blind steganalysis. In addition, the experimental results show our proposed method is capable of detecting small amount of the embedded message.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"453 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125787805","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 23
Managing the Asset Risk of SMEs 中小企业资产风险管理
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.52
L. E. Sánchez, Carlos Ruiz, E. Fernández-Medina, M. Piattini
{"title":"Managing the Asset Risk of SMEs","authors":"L. E. Sánchez, Carlos Ruiz, E. Fernández-Medina, M. Piattini","doi":"10.1109/ARES.2010.52","DOIUrl":"https://doi.org/10.1109/ARES.2010.52","url":null,"abstract":"The information society is becoming increasingly dependent on systems for managing and analyzing the risk to which its main information assets are exposed and having access to these systems has become vital for the evolution of SMEs. However, this type of company requires the systems to be adapted to their special characteristics and to be optimized from the point of view of resources required to set them up and maintain them. This article presents a proposed method for carrying out risk analysis adaptation, which is suitable for SMEs, set within the framework of the methodology for security management in small and medium-sized enterprises (MSM2-SME). This model is being applied directly to real cases, and therefore its application is constantly being improved.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"95 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127141555","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信