发布求助
文献互助 智能选刊 最新文献

2010 International Conference on Availability, Reliability and Security最新文献

筛选
英文 中文
Formalization of Viruses and Malware Through Process Algebras 通过过程代数形式化病毒和恶意软件
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.59
G. Jacob, E. Filiol, Hervé Debar
{"title":"Formalization of Viruses and Malware Through Process Algebras","authors":"G. Jacob, E. Filiol, Hervé Debar","doi":"10.1109/ARES.2010.59","DOIUrl":"https://doi.org/10.1109/ARES.2010.59","url":null,"abstract":"Abstract virology has seen the apparition of successive viral models, all based on Turing-equivalent formalisms. Considering recent malware, these are only partially covered because functional formalisms do not support interactive computations. This article provides a basis for a unified malware model, founded on the Join-Calculus. In terms of expressiveness, the process-based model supports the fundamental notion of self-replication but also interactions, concurrency and non-termination to cover evolved malware. In terms of protection, detection undecidability and prevention by isolation still hold. Additional results are established: calculus fragments where detection is decidable, definition of a non-infection property, potential solutions to restrict propagation.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"4 Suppl 1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124591086","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 22
A Formal Approach Towards Risk-Aware Service Level Analysis and Planning 面向风险意识服务水平分析和规划的正式方法
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.86
Stefan Jakoubi, S. Tjoa, S. Goluch, G. Kitzler
{"title":"A Formal Approach Towards Risk-Aware Service Level Analysis and Planning","authors":"Stefan Jakoubi, S. Tjoa, S. Goluch, G. Kitzler","doi":"10.1109/ARES.2010.86","DOIUrl":"https://doi.org/10.1109/ARES.2010.86","url":null,"abstract":"Effectively and efficiently performing business processes is a key success factor for achieving economic entrepreneurial goals. Amongst others, the argument of more stringent cost pressure lead companies to enforce outsourcing activities. Thus, the management of services - both, from the service requester and provider point of view - gained importance. However, considering only economic aspects is half the truth. One must not forget to simultaneously reflect risk aspects in an integrated way. Observing developments in the past years one can see that regulative bodies, the industry as well as the research community laid a special focus on the tighter integration of business process and risk management. In the course of this movement, we developed a conceptual method enabling risk-aware business process modeling and simulation. The major contribution of this paper is to introduce formal extensions of risk-aware business process management in order to support the related discipline of service management, especially risk-aware service analysis and planning.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123209005","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
LSM-Based Secure System Monitoring Using Kernel Protection Schemes 基于lsm的基于内核保护方案的安全系统监控
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.48
T. Isohara, K. Takemori, Yutaka Miyake, Ning Qu, A. Perrig
{"title":"LSM-Based Secure System Monitoring Using Kernel Protection Schemes","authors":"T. Isohara, K. Takemori, Yutaka Miyake, Ning Qu, A. Perrig","doi":"10.1109/ARES.2010.48","DOIUrl":"https://doi.org/10.1109/ARES.2010.48","url":null,"abstract":"Monitoring a process and its file I/O behaviors is important for security inspection for a data center server against intrusions, malware infection and information leakage. In the case of the Linux kernel 2.6, a set of hook functions called the Linux Security Module (LSM) has been implemented in order to monitor and control the system calls. By using the LSM we can inspect the activity of unknown malicious processes. However, a sophisticated attacker could breach the kernel configurations using the rootkits. Furthermore since the monitoring results of the malicious process activity are stored as a file on Hard Disk Drive (HDD), it will be easily manipulated by the attacker. In this paper, we propose a secure monitoring scheme that addresses the attacks against the monitoring module and its result for security inspection of the data center server. The monitoring module is implemented as a LSM-based function and protected by the kernel protection technique. The integrity of the monitoring result is guaranteed by using a Mandatory Access Control (MAC) of the Linux kernel and a mechanism of the trusted process invocation. This mechanism can serve as an infrastrucuture of secure inspection platform for data center server because the integrity of the monitoring module and its result is guaranteed.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"60 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123042615","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
One Size Fits None: The Importance of Detector Parameterization 一刀切:探测器参数化的重要性
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.41
Natasha Bodorik, A. Zincir-Heywood
{"title":"One Size Fits None: The Importance of Detector Parameterization","authors":"Natasha Bodorik, A. Zincir-Heywood","doi":"10.1109/ARES.2010.41","DOIUrl":"https://doi.org/10.1109/ARES.2010.41","url":null,"abstract":"The parameterization of an administrator's intrusion detection system (IDS) is as crucial as the IDS itself. The difference between sufficient and insufficient parameterization can be the difference between a detected and undetected attack. This work focuses on identifying a methodical process for IDS parameterization. Such a process provides administrators of intrusion detection systems with the knowhow of selecting suitable parameters for the effective operation of their detector. The process stresses the importance of altering parameters for individual applications. Parameterization experiments are employed on two different open source IDSs, namely Stide and pH, and tested against three real world vulnerabilities. The results show the interesting trends that are observed during the experiments.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123099771","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Extending the Gordon and Loeb Model for Information Security Investment Gordon和Loeb模型在信息安全投资中的扩展
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.37
J. Willemson
{"title":"Extending the Gordon and Loeb Model for Information Security Investment","authors":"J. Willemson","doi":"10.1109/ARES.2010.37","DOIUrl":"https://doi.org/10.1109/ARES.2010.37","url":null,"abstract":"In this paper we study the information security investment model proposed by Gordon and Loeb. We argue that the original model is missing at least one important restriction concerning monotonicity of the remaining vulnerability viewed as a function of original vulnerability level, and propose adding the respective condition. We present a new family of remaining vulnerability functions satisfying all the conditions and generalizing all the currently known example function families.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124880358","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
Security Modeling and Tool Support Advantages 安全建模和工具支持优势
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.11
Egil Trygve Baadshaug, Gencer Erdogan, P. H. Meland
{"title":"Security Modeling and Tool Support Advantages","authors":"Egil Trygve Baadshaug, Gencer Erdogan, P. H. Meland","doi":"10.1109/ARES.2010.11","DOIUrl":"https://doi.org/10.1109/ARES.2010.11","url":null,"abstract":"Security modeling is an important part of software security, especially when it comes to making security knowledge more easily accessible. The purpose of this paper is to give an overview of some of the current approaches to graphical security modeling and present an initial study related to benefits of tool support.Our working hypothesis is that specialized security modeling tools will substantially outperform more general, prevailing tools, and we have sought indications of evidence for this claim. The study consisted of the following steps; (1) Investigate state-of-the-art security modeling formalisms and tools, (2) Select a security modeling formalism for further analysis and implement dedicated tool support for it, (3) Perform testing related to usability and performance aspects, comparing the tool to a general purpose drawing/modeling tool, and (4) Compare and analyze the results. The study included ten test subjects with a similar background and education, and we got clear indications that our hypothesis is valid.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129970698","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
FedWare: Middleware Services to Cope with Information Consistency in Federated Identity Management 在联邦身份管理中处理信息一致性的中间件服务
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.81
Thorsten Höllrigl, J. Dinger, H. Hartenstein
{"title":"FedWare: Middleware Services to Cope with Information Consistency in Federated Identity Management","authors":"Thorsten Höllrigl, J. Dinger, H. Hartenstein","doi":"10.1109/ARES.2010.81","DOIUrl":"https://doi.org/10.1109/ARES.2010.81","url":null,"abstract":"Collaborations by the use of inter-organizational business processes can help companies to achieve a competitive edge over competing businesses. Typically, these collaborations require an efficient identity management (IdM) that ensures the authorized access to services in different security domains. The successful implementation of an IdM in distributed systems requires to cope with a diversity of systems and to manage the challenges of integration. While integration should not introduce an unnecessary degree of dependence and complexity, various IdM goals should be achieved by integration: in particular, collaboration-wide consistency of identity information. Due to its decentralized and modular design, a federated identity management (FIM) approach is a promising strategy in distributed systems. Our thesis is that the distributed character and heterogeneity of involved systems requires appropriate information-consistency mechanisms that go beyond what is offered by current FIM protocols and software in order to avoid inconsistencies in identity information. In this paper we identify causes leading to inconsistencies in FIM. We present requirements necessary to cope with the consistency issue and analyze research, FIM standards and protocols w.r.t. the stated requirements. An analysis showed that FIM does not consider the consistency issuesufficiently. However, we point out which parts can be used as building blocks to achieve information consistency. Therefore, we design a system – called FedWare – that combines identity-related middleware services with existing FIM technologies. To provide an efficient integration of systems, we reduce development effort by providing reusable services. By decoupling systems, e.g., via a publish/subscribe mechanism, we reduce operation effort.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"75 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134084134","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Security and Performance Aspects of an Agent-Based Link-Layer Vulnerability Discovery Mechanism 基于代理的链路层漏洞发现机制的安全性和性能研究
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.24
Ziyad S. Al-Salloum, S. Wolthusen
{"title":"Security and Performance Aspects of an Agent-Based Link-Layer Vulnerability Discovery Mechanism","authors":"Ziyad S. Al-Salloum, S. Wolthusen","doi":"10.1109/ARES.2010.24","DOIUrl":"https://doi.org/10.1109/ARES.2010.24","url":null,"abstract":"The identification of vulnerable hosts and subsequent deployment of mitigation mechanisms such as service disabling or installation of patches is both time-critical and error-prone. This is in part owing to the fact that malicious worms can rapidly scan networks for vulnerable hosts, but is further exacerbated by the fact that network topologies are becoming more fluid and vulnerable hosts may only be visible intermittently for environments such as virtual machines or wireless edge networks. In this paper we therefore describe and evaluate an agent-based mechanism which uses the spanning tree protocol (STP) to gain knowledge of the underlying network topology to allow both rapid and resource-efficient traversal of the network by agents as well as residual scanning and mitigation techniques on edge nodes. We report performance results, comparing the mechanism against a random scanning worm and demonstrating that network immunity can be largely achieved despite a very limited warning interval. We also discuss mechanisms to protect the agent mechanism against subversion, noting that similar approaches are also increasingly deployed in case of malicious code.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"134 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133212597","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Using Normalized Compression Distance for Classifying File Fragments 基于归一化压缩距离的文件分片分类
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.100
Stefan Axelsson
{"title":"Using Normalized Compression Distance for Classifying File Fragments","authors":"Stefan Axelsson","doi":"10.1109/ARES.2010.100","DOIUrl":"https://doi.org/10.1109/ARES.2010.100","url":null,"abstract":"We have applied the generalized and universal distance measure NCD--Normalized Compression Distance--to the problem of determining the types of file fragments via example. A corpus of files that can be redistributed to other researchers in the field was developed and the NCD algorithm using k-nearest-neighbor as a classification algorithm was applied to a random selection of file fragments. The experiment covered circa 2000 fragments from 17 different file types. While the overall accuracy of the n-valued classification only improved the prior probability of the class from approximately 6% to circa 50% overall, the classifier reached accuracies of 85%--100% for the most successful file types.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133160833","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 31
Program Obfuscation by Strong Cryptography 强密码学的程序混淆
2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI: 10.1109/ARES.2010.47
Zeljko Vrba, P. Halvorsen, C. Griwodz
{"title":"Program Obfuscation by Strong Cryptography","authors":"Zeljko Vrba, P. Halvorsen, C. Griwodz","doi":"10.1109/ARES.2010.47","DOIUrl":"https://doi.org/10.1109/ARES.2010.47","url":null,"abstract":"Program obfuscation is often employed by malware in order to avoid detection by anti-virus software, but it has many other legitimate uses, such as copy protection, software licensing or private computing in the cloud. In this paper, we present a program obfuscation method that is based on the combination of strong encryption of code and data and a CPU simulator(CSPIM) that implements the MIPS I instruction set. Our method is different from existing methods in that only a single word (32-bits) of the protected code or data is present as plain-text in main memory. Furthermore, our method allows the possibility of externally supplying the decryption key to the simulator. We have extensively tested the simulator, and it is able to successfully execute C programs compiled by the gcc cross-compiler. Even though purely software-based method cannot provide perfect protection, we argue that this approach significantly raises the bar for reverse-engineers, especially when combined with existing program obfucation techniques.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"132 16","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"113969911","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信