发布求助
文献互助 智能选刊 最新文献

2013 9th International Conference on Information Assurance and Security (IAS)最新文献

筛选
英文 中文
Quantitative penetration testing with item response theory 基于项目反应理论的定量渗透测试
2013 9th International Conference on Information Assurance and Security (IAS) Pub Date : 2013-12-06 DOI: 10.1109/ISIAS.2013.6947732
F. Arnold, W. Pieters, M. Stoelinga
{"title":"Quantitative penetration testing with item response theory","authors":"F. Arnold, W. Pieters, M. Stoelinga","doi":"10.1109/ISIAS.2013.6947732","DOIUrl":"https://doi.org/10.1109/ISIAS.2013.6947732","url":null,"abstract":"Existing penetration testing approaches assess the vulnerability of a system by determining whether certain attack paths are possible in practice. Thus, penetration testing has so far been used as a qualitative research method. To enable quantitative approaches to security risk management, including decision support based on the cost-effectiveness of countermeasures, one needs quantitative measures of the feasibility of an attack. Also, when physical or social attack steps are involved, the binary view on whether a vulnerability is present or not is insufficient, and one needs some viability metric. When penetration tests are performed anyway, it is very easy for the testers to keep track of, for example, the time they spend on each attack step. Therefore, this paper proposes the concept of quantitative penetration testing to determine the difficulty rather than the possibility of attacks based on such measurements. We do this by step-wise updates of expected time and probability of success for all steps in an attack scenario. In addition, we show how the skill of the testers can be included to improve the accuracy of the metrics, based on the framework of item response theory (Elo ratings). We prove the feasibility of the approach by means of simulations, and discuss application possibilities.","PeriodicalId":370107,"journal":{"name":"2013 9th International Conference on Information Assurance and Security (IAS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130637920","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Hierarchical object log format for normalisation of security events 用于安全事件规范化的分层对象日志格式
2013 9th International Conference on Information Assurance and Security (IAS) Pub Date : 2013-12-01 DOI: 10.1109/ISIAS.2013.6947748
Andrey Sapegin, David Jaeger, Amir Azodi, Marian Gawron, Feng Cheng, C. Meinel
{"title":"Hierarchical object log format for normalisation of security events","authors":"Andrey Sapegin, David Jaeger, Amir Azodi, Marian Gawron, Feng Cheng, C. Meinel","doi":"10.1109/ISIAS.2013.6947748","DOIUrl":"https://doi.org/10.1109/ISIAS.2013.6947748","url":null,"abstract":"The differences in log file formats employed in a variety of services and applications remain to be a problem for security analysts and developers of intrusion detection systems. The proposed solution, i.e. the usage of common log formats, has a limited utilization within existing solutions for security management. In our paper, we reveal the reasons for this limitation. We show disadvantages of existing common log formats for normalisation of security events. To deal with it we have created a new log format that fits for intrusion detection purposes and can be extended easily. Taking previous work into account, we would like to propose a new format as an extension to existing common log formats, rather than a standalone specification.","PeriodicalId":370107,"journal":{"name":"2013 9th International Conference on Information Assurance and Security (IAS)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125074223","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 30
A wavelet network speech recognition system to control an augmented reality object 一种控制增强现实对象的小波网络语音识别系统
2013 9th International Conference on Information Assurance and Security (IAS) Pub Date : 2013-12-01 DOI: 10.1109/ISIAS.2013.6947744
Dhekra Bousnina, R. Ejbali, M. Zaied, C. Amar
{"title":"A wavelet network speech recognition system to control an augmented reality object","authors":"Dhekra Bousnina, R. Ejbali, M. Zaied, C. Amar","doi":"10.1109/ISIAS.2013.6947744","DOIUrl":"https://doi.org/10.1109/ISIAS.2013.6947744","url":null,"abstract":"This paper presents a virtual object control method of augmented reality scene. We have based on control approach on speech recognition. The idea came from human-machine interaction. The speech recognition system is based on wavelet network. In this paper, we have briefly described the used toolkit to do with the augmented reality. Then, we present the speech recognition approach the training and recognition approach. Finally, we present the results.","PeriodicalId":370107,"journal":{"name":"2013 9th International Conference on Information Assurance and Security (IAS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124929223","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Flexibility vs. security in linked enterprise data access control graphs 链接企业数据访问控制图中的灵活性与安全性
2013 9th International Conference on Information Assurance and Security (IAS) Pub Date : 2013-12-01 DOI: 10.1109/ISIAS.2013.6947746
Markus Graube, P. Órtiz, M. Carnerero, Ó. Lázaro, Mikel Uriarte, L. Urbas
{"title":"Flexibility vs. security in linked enterprise data access control graphs","authors":"Markus Graube, P. Órtiz, M. Carnerero, Ó. Lázaro, Mikel Uriarte, L. Urbas","doi":"10.1109/ISIAS.2013.6947746","DOIUrl":"https://doi.org/10.1109/ISIAS.2013.6947746","url":null,"abstract":"Linked Data offers easy extensibility and interoperability of information spaces. This provides a great potential for industrial companies allowing to share information with partners in a virtual enterprise. Hence, together they can become faster and more flexible which results in an advantage in the market. However, there is still the barrier to protect own information with a fine grain. Access control graphs are an approach for this issue. Information is put into different views by executing infer mechanisms on role-based policy rules. Afterwards queries are automatically rewritten at runtime in order to match the generated views and provide only data from views that should be accessible by the authenticated role. This paper demonstrates the balance between flexibility and security using this approach. The amount and complexity of the policy rules are highly dependent on the information model used. However, a moderate restriction of the huge flexibility in the information modelling allows for few rules but those are powerful ones. Additionally, the approach allows can also be leveraged for consistency checking of Linked Data data structures. Thus, clients can rely on these information invariants and the information provider can rely on the fact that fine grained access is granted.","PeriodicalId":370107,"journal":{"name":"2013 9th International Conference on Information Assurance and Security (IAS)","volume":"64 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129827607","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
How to grant less permissions to facebook applications 如何向facebook应用程序授予更少的权限
2013 9th International Conference on Information Assurance and Security (IAS) Pub Date : 2013-12-01 DOI: 10.1109/ISIAS.2013.6947733
Gianpiero Costantino, F. Martinelli, D. Sgandurra
{"title":"How to grant less permissions to facebook applications","authors":"Gianpiero Costantino, F. Martinelli, D. Sgandurra","doi":"10.1109/ISIAS.2013.6947733","DOIUrl":"https://doi.org/10.1109/ISIAS.2013.6947733","url":null,"abstract":"Single Sign-On (SSO) is an authentication procedure that allows users to adopt the same credentials to access multiple services. On the other hand, OAuth 2.0 is a protocol that enables authorized applications to access data that are stored in a resource server. A practical example of the adoption of SSO with OAuth 2.0 is given by all the websites or applications that use the “Log in with Facebook” procedure to authenticate users already registered with Facebook. In this paper, we propose a mechanism that exploits a weakness of OAuth 2.0 and a missing control of the website to show how it is possible to register a user by reducing the number of scopes that the website requires with the “Log in with Facebook” procedure. Finally, we illustrate two examples that exploit the proposed mechanism and provide a solution to address the problem.","PeriodicalId":370107,"journal":{"name":"2013 9th International Conference on Information Assurance and Security (IAS)","volume":"75 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125233004","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Finger verification Using SVD features 使用SVD特征的手指验证
2013 9th International Conference on Information Assurance and Security (IAS) Pub Date : 2013-12-01 DOI: 10.1109/ISIAS.2013.6947728
A. Balti, M. Sayadi, F. Fnaiech
{"title":"Finger verification Using SVD features","authors":"A. Balti, M. Sayadi, F. Fnaiech","doi":"10.1109/ISIAS.2013.6947728","DOIUrl":"https://doi.org/10.1109/ISIAS.2013.6947728","url":null,"abstract":"Our objective of this project is to apply the theory of linear algebra called “singular value decomposition (SVD)” to digital image processing, specifically for fingerprint images verification. For optimal recognition, we proceed in two steps. In the first step, we begin by identifying the fingerprint features with SVD approach. In the second step, the classification accuracy of the proposed approach is evaluated with Back Propagation Neural Network (BPNN) classifier. I have implemented many extensive experiments, they prove that the fingerprint classification based on a novel SVD features and the BPNN give better results in fingerprint verification than several other features and methods.","PeriodicalId":370107,"journal":{"name":"2013 9th International Conference on Information Assurance and Security (IAS)","volume":"240 ","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120866175","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Developing ECC applications in Java Card 在Java Card中开发ECC应用程序
2013 9th International Conference on Information Assurance and Security (IAS) Pub Date : 2013-12-01 DOI: 10.1109/ISIAS.2013.6947743
V. G. Martínez, L. H. Encinas
{"title":"Developing ECC applications in Java Card","authors":"V. G. Martínez, L. H. Encinas","doi":"10.1109/ISIAS.2013.6947743","DOIUrl":"https://doi.org/10.1109/ISIAS.2013.6947743","url":null,"abstract":"Elliptic Curve Cryptography (ECC) is a branch of public-key cryptography based on the arithmetic of elliptic curves. Given its mathematical characteristics, ECC is currently one of the best options for protecting sensitive information. The lastest version of the Java Card platform includes several classes related to elliptic curves. However, potential developers are discouraged by the peculiarities of its programming model and the scarce information available. In this work, we present an up to date and extensive review of the ECC support in Java Card. In addition to that, we offer to the reader the complete code of an application that will allow programmers to understand and test the entire application development process in Java Card.","PeriodicalId":370107,"journal":{"name":"2013 9th International Conference on Information Assurance and Security (IAS)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133571395","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Enhanced P2P botnets detection framework architecture with hybrid analyzer: Host-based and network-based 基于混合分析器的增强P2P僵尸网络检测框架架构:基于主机和基于网络
2013 9th International Conference on Information Assurance and Security (IAS) Pub Date : 2013-12-01 DOI: 10.1109/ISIAS.2013.6947736
R. Abdullah, M. Faizal, Z. Noh, S. R. Selamat, M. Z. Mas'ud, S. Shahrin
{"title":"Enhanced P2P botnets detection framework architecture with hybrid analyzer: Host-based and network-based","authors":"R. Abdullah, M. Faizal, Z. Noh, S. R. Selamat, M. Z. Mas'ud, S. Shahrin","doi":"10.1109/ISIAS.2013.6947736","DOIUrl":"https://doi.org/10.1109/ISIAS.2013.6947736","url":null,"abstract":"Nowadays, botnets are the most advanced cybercrime as being powerful threaten to the internet infrastructure by risking the Internet stability and security. Millions of computers have been hijacking and infecting by botnets especially during peak activity. The P2P botnets exploit users and dominating the P2P technology which make botnets are harder to detect and terminated. As P2P botnets issues been highlighted as it's dramatically evolvement, this paper addresses on current problems relate to P2P botnets faced by users and recommending the improvement. Also, this paper concentrated on proposing P2P botnets detection framework. Also, an in-depth analysis of P2P botnets has been conducted to understand and cope with their behaviors and characteristics. The new improvement has been introduced at the propose botnets framework architecture to improve the effectiveness of P2P detection analysis. The framework architecture has been structuralized with hybrid analyzer through the marriage of host-based and network based. Prior to this matter, this research has proposed a new enhancement on framework architecture that has been reinforced by hybrid detection technique to improve the effectiveness and efficiency of P2P botnets detection.","PeriodicalId":370107,"journal":{"name":"2013 9th International Conference on Information Assurance and Security (IAS)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125146567","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Trusted integration of cloud-based NFC transaction players 基于云的NFC交易播放器的可信集成
2013 9th International Conference on Information Assurance and Security (IAS) Pub Date : 2013-12-01 DOI: 10.1109/ISIAS.2013.6947745
Pardis Pourghomi, M. Saeed, G. Ghinea
{"title":"Trusted integration of cloud-based NFC transaction players","authors":"Pardis Pourghomi, M. Saeed, G. Ghinea","doi":"10.1109/ISIAS.2013.6947745","DOIUrl":"https://doi.org/10.1109/ISIAS.2013.6947745","url":null,"abstract":"Near Field Communication (NFC) is a short range wireless technology that provides contactless transmission of data between devices. With an NFC enabled device, users can exchange information from one device to another, make payments and use their NFC enabled device as their identity. As the main payment ecosystem players such as service providers and secure element issuers have crucial roles in a multi-application mobile environment similar to NFC, managing such an environment has become very challenging. One of the technologies that can be used to ensure secure NFC transaction is cloud computing which offers wide range of advantages compare to the use of a Secure Element (SE) as a single entity in an NFC enabled phone. This approach provides a comprehensive leadership of the cloud provider towards managing and controlling customer's information where it allows the SE which is stored within an NFC phone to deal with authentication mechanisms rather than storing and managing sensitive transaction information. This paper discusses the NFC cloud Wallet model which has been proposed by us previously [1] and introduces a different insight that defines a new integrated framework based on a trusted relationship between the vendor and the Mobile Network Operator (MNO). We then carry out an analysis of such a relationship to investigate different possibilities that arise from this approach.","PeriodicalId":370107,"journal":{"name":"2013 9th International Conference on Information Assurance and Security (IAS)","volume":"55 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128376920","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
The state of the art of risk assessment and management for information systems 信息系统风险评估和管理的现状
2013 9th International Conference on Information Assurance and Security (IAS) Pub Date : 2013-12-01 DOI: 10.1109/ISIAS.2013.6947735
Lulu Liang, Wang Ren, Jing Song, Huaming Hu, Qiang He, Shuo Fang
{"title":"The state of the art of risk assessment and management for information systems","authors":"Lulu Liang, Wang Ren, Jing Song, Huaming Hu, Qiang He, Shuo Fang","doi":"10.1109/ISIAS.2013.6947735","DOIUrl":"https://doi.org/10.1109/ISIAS.2013.6947735","url":null,"abstract":"Risk assessment and management for information system are very important for assuring the system security. It requires not only careful but also systematic analysis of threat and vulnerability information. Depending on the analysis result, we could determine the extent to which events could adversely impact the organization and the likelihood that such events will occur. Under FISMA(Federal Information Security Management Act) of 2002, the Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) develops a series of publications to protect the information system. In this paper, we give the outline of the state of the art of the risk assessment and management in the ITL at NIST. Some fundamental concepts and model are introduced to interpret the process of risk assessment. Besides, the relationship among the security related publications corresponding with the risk management is analyzed and concluded.","PeriodicalId":370107,"journal":{"name":"2013 9th International Conference on Information Assurance and Security (IAS)","volume":"128 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116521954","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信