发布求助
文献互助 智能选刊 最新文献

2009 Third International Conference on Emerging Security Information, Systems and Technologies最新文献

筛选
英文 中文
Simulating a Multi-domain RFID System for Replacement Part Tracking 一种多域RFID替换件跟踪系统仿真
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.37
R. Falk, A. Koepf, Hermann Seuschek, Ming-Yuh Huang, Mingyan Li
{"title":"Simulating a Multi-domain RFID System for Replacement Part Tracking","authors":"R. Falk, A. Koepf, Hermann Seuschek, Ming-Yuh Huang, Mingyan Li","doi":"10.1109/SECURWARE.2009.37","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.37","url":null,"abstract":"The efficient and reliable handling of replacement parts is of high importance for airlines. It can be supported by attaching an RFID tag to replacement parts that stores data identifying unambiguously the replacement part and further information about its installation and maintenance. Security is essential so that only authenticated and authorized entities can read and modify data according to the defined access permissions. Although the information is managed in a decentralized way, it has anyhow to be synchronized with the airline’s backend database finally.This paper describes data format, certificate management and access control when using these passive RFID tags in a multi-domain scenario for replacement part tracking within the avionics industry. The demonstrator architecture design is described for simulating replacement part tracking. It allows simulating use cases of the multi-domain RFID system for replacement part tracking. Both simulated and real RFID tags can be used in the simulation.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129757807","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
A Threat Analysis Methodology for Security Evaluation and Enhancement Planning 一种用于安全评估和增强规划的威胁分析方法
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.47
Antonietta Stango, N. Prasad, D. Kyriazanos
{"title":"A Threat Analysis Methodology for Security Evaluation and Enhancement Planning","authors":"Antonietta Stango, N. Prasad, D. Kyriazanos","doi":"10.1109/SECURWARE.2009.47","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.47","url":null,"abstract":"Threat analysis gives how potential adversaries exploit system weakness to achieve their goals. It identifies threats and defines a risk mitigation policy for a specific architecture, functionality and configuration. In a threat analysis security metrics are a challenging requirement in order to determine the status of network security performance and to further enhance it by minimizing exposure to considerable threats and vulnerabilities. In this paper the authors propose a generic methodology for threat analysis and security metrics in order to prioritize threats and vulnerabilities and proceed with security enhancement planning in Personal Networks (PNs).","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"147 Pt 10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126306852","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 46
AFMAP: Anonymous Forward-Secure Mutual Authentication Protocols for RFID Systems RFID系统的匿名前向安全互认证协议
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.12
Alireza Sadighian, R. Jalili
{"title":"AFMAP: Anonymous Forward-Secure Mutual Authentication Protocols for RFID Systems","authors":"Alireza Sadighian, R. Jalili","doi":"10.1109/SECURWARE.2009.12","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.12","url":null,"abstract":"In this paper we propose two mutual authentication protocols for RFID systems. Generally, in RFID systems, a reader can authenticate tags in the real-time and batch modes. This paper proposes the first authentication protocol for the real-time mode. It also proposes an efficient robust mutual authentication protocol for the batch mode. Some significant characteristics of the protocols are forward security, tag anonymity, location privacy, low complexity on the back-end server, and scalability. To the best of our knowledge, our protocols offer the most enhanced security features in RFID mutual authentication protocols with respect to user privacy. In analyzing the protocols, we show how remarkable properties such as forward security and tag anonymity are guaranteed. It is also illustrated that our protocol is secure against several common attacks that RFID systems confront with.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121235740","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 25
Fighting Insomnia: A Secure Wake-Up Scheme for Wireless Sensor Networks 对抗失眠:无线传感器网络的安全唤醒方案
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.36
R. Falk, H. Hof
{"title":"Fighting Insomnia: A Secure Wake-Up Scheme for Wireless Sensor Networks","authors":"R. Falk, H. Hof","doi":"10.1109/SECURWARE.2009.36","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.36","url":null,"abstract":"Sleep deprivation attacks are still an unsolved but critical problem in sensor networks. They aim on quickly exhausting energy reserves of battery-powered sensor nodes by continuously sending messages to the node, preventing the attacked node to switch to an energy-saving sleep state. Sleep deprivation attacks come also in the form of sending traffic that causes a sleeping node to wake-up. Sleep deprivation attacks have the potential to lessen the lifetime of typical sensor nodes from years to days or even hours. One important communication standard for sensor networks is IEEE 802.15.4 that defines cryptographic protection of frames. While many attacks like eavesdropping or modification of frames are covered by the available security mechanisms, these mechanisms do not address sleep deprivation attacks. This paper proposes a secure wake-up scheme that activates a sensor node by a secure wake-up radio from a sleep state only if messages from an authenticated and legitimate node are pending. A lightweight security verification scheme is used that can easily be performed without requiring the node to change to active state.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131552173","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 48
Phishing and Countermeasures in Spanish Online Banking 西班牙网上银行的网络钓鱼及对策
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.33
Ilkka Uusitalo, J. M. Catot, Ramon Loureiro
{"title":"Phishing and Countermeasures in Spanish Online Banking","authors":"Ilkka Uusitalo, J. M. Catot, Ramon Loureiro","doi":"10.1109/SECURWARE.2009.33","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.33","url":null,"abstract":"This paper surveys the current situation of phishing attacks in Spain and discuss some of the currently used countermeasures. Based on specialist interviews we estimate the costs of phishing to both individual clients and the banks. The focus of this paper is on authentication and transaction signing methods. We give examples of ”two-factor”and ”two-factor, two-channel” authentication and transaction signing methods that are more resistant to phishing than the currently used username/password + coordinates card method. We consider the costs usability and security of these more robust methods.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"79 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123704041","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Security Framework for DPWS Compliant Devices 兼容DPWS设备的安全框架
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.21
Vicente Hernández, Lourdes López-Santidrián, Oscar Prieto, José-Fernán Martínez, A. García, Antônio da Silva
{"title":"Security Framework for DPWS Compliant Devices","authors":"Vicente Hernández, Lourdes López-Santidrián, Oscar Prieto, José-Fernán Martínez, A. García, Antônio da Silva","doi":"10.1109/SECURWARE.2009.21","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.21","url":null,"abstract":"The DPWS (Devices Profile for Web Services) specification enables devices, including small-scale ones, to be integrated seamlessly in a service oriented architecture (SOA). Complex enterprise applications are able to access devices functionalities in a Web Service fashion. In some cases, specific applications might require secure transactions that even devices with resources constraints must meet. Devices with hardly 10KB of run time memory and low speed processors might slow down or run out of memory when ciphering or signing large secure messages. This paper proposes a security model that complies with existing security specifications for Web Services and optimizes resources consumptions in such devices.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115234172","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Modeling Role-Based Privacy in Social Networking Services 社交网络服务中基于角色的隐私建模
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.34
G. Gulyás, Róbert Schulcz, S. Imre
{"title":"Modeling Role-Based Privacy in Social Networking Services","authors":"G. Gulyás, Róbert Schulcz, S. Imre","doi":"10.1109/SECURWARE.2009.34","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.34","url":null,"abstract":"As social networking services are getting more and more common, the need for privacy enhancing options, sophisticated identity management and anonymity emerges. In this paper the authors propose using Role-Based Privacy as a response for these needs and introduce a novel model called Nexus-Identity Network that is capable of describing services extended with such functionality. The concerned principles of Role-Based Privacy are conferred in the paper and criteria are presented for anonymity. Conforming to the criteria the authors suggest storing the profiles of different identities in a tree hierarchy in a user-friendly manner. The analysis of anonymity shows that the network has a structure that can be easily interpreted similarly to graphs representing connections in regular social networks. The ease of profile management and network visualization are advantages of the Nexus-Identity Model which can make a social networking service privacy- and user-friendly as well.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129644058","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Security Management with Virtual Gateway Platforms 虚拟网关平台的安全管理
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.18
Mario Ibáñez, N. M. Madrid, R. Seepold
{"title":"Security Management with Virtual Gateway Platforms","authors":"Mario Ibáñez, N. M. Madrid, R. Seepold","doi":"10.1109/SECURWARE.2009.18","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.18","url":null,"abstract":"In residential environments, a home gateway platform can offer services that are configurable by a user depending on current needs or preferences. Gateway devices are very often managed by a service provider or an access provider to enhance performance or guarantee QoS. Assuming a multi-provider and/or multi-user scenario, a secure framework has to maintain security and privacy between different gateway users. Virtualization of gateway platforms can provide security and it can maintain privacy since it isolates different instances by virtual machines working on the same real machine only restricted by the potential of the underlying hardware. The presented approach does not impose any restriction on the number of providers overcoming side-effects occurring during reconfiguration of the gateway. The model has been evaluated in a multi-provider case study with focus on multimedia data management incorporating several different devices and hardware platforms.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131246199","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Generation of Role Based Access Control Security Policies for Java Collaborative Applications 基于角色的Java协作应用访问控制安全策略的生成
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.41
Jérémy Briffaut, Xavier Kauffmann-Tourkestansky, Jean-François Lalande, W. Smari
{"title":"Generation of Role Based Access Control Security Policies for Java Collaborative Applications","authors":"Jérémy Briffaut, Xavier Kauffmann-Tourkestansky, Jean-François Lalande, W. Smari","doi":"10.1109/SECURWARE.2009.41","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.41","url":null,"abstract":"Java collaborative applications are increasingly and widely used in the form of applets or servlets, as a way to easily download and execute small programs on one's computer. However, security associated with these downloaded applications, even if it exists, is not easily manageable. Most of the time, it relies on the user's ability to define a security policy for his virtual machine, which is undesirable. This paper proposes to integrate an RBAC mechanism for any Java application. It introduces a simple tag process that allows the developer to incorporate the appropriate policy in the source code of his application. The user is endowed with the ability to choose a role that corresponds to the required level of trust required in order for him to embed the policy in the executed code. A case study of a collaborative application shows how works the proposed API for managing roles, generating policies and logging in. At the end, a discussion about the dynamic enforcement of the generated policies is presented.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122340610","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Extending Role-Based Access Control for Business Usage 为业务用途扩展基于角色的访问控制
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.28
Heiko Klarl, Korbinian Molitorisz, Christian Emig, K. Klinger, S. Abeck
{"title":"Extending Role-Based Access Control for Business Usage","authors":"Heiko Klarl, Korbinian Molitorisz, Christian Emig, K. Klinger, S. Abeck","doi":"10.1109/SECURWARE.2009.28","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.28","url":null,"abstract":"Role-based access control (RBAC) is used for managing authorisation in IT systems, by utilising the concept of roles. Existing approaches do not clearly define the term \"role\" in its different contexts as well as not considering the relation between roles and business process modelling. Therefore this work introduces business and system role-based access control (B&S-RBAC). Established role-based access control models are extended with a business perspective and the term role is defined from a business and from an IT perspective, resulting in business and system roles. The relation between them is shown in a meta-model and the usage of business roles for secure business process modelling is explained.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115026759","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信