发布求助
文献互助 智能选刊 最新文献

2009 Third International Conference on Emerging Security Information, Systems and Technologies最新文献

筛选
英文 中文
A PIN Entry Scheme Resistant to Recording-Based Shoulder-Surfing 一种抗记录肩部冲浪的PIN输入方案
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.43
P. Shi, Bo Zhu, A. Youssef
{"title":"A PIN Entry Scheme Resistant to Recording-Based Shoulder-Surfing","authors":"P. Shi, Bo Zhu, A. Youssef","doi":"10.1109/SECURWARE.2009.43","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.43","url":null,"abstract":"Two-factor authentication techniques using combination of magnetic cards and personal identification numbers (PINs) are widely used in many applications including automatic teller machines and point of sales. Similar to other valuable personal possessions, cards can be easily stolen by pickpockets. Furthermore, recent security reports show that magnetic cards can be easily duplicated using fake card readers and PINs can be obtained by shoulder surfing legitimate users' PIN entry processes. With this combination, criminals can easily break into users' accounts which represents a great threat. In this paper, we propose a new PIN entry scheme which is resistant against shoulder-surfing attacks conducted by shoulder-surfers with normal cognitive capabilities. Additionally, this scheme offers a relatively good level of security when the shoulder-surfer can record the entire login procedure for one or two times with a video device. Mathematical analysis of the proposed scheme is also presented.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"154 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132482679","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 32
Distributed Intrusion Detection: Simulation and Evaluation of Two Methodologies 分布式入侵检测:两种方法的仿真与评价
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.14
M. Migliardi, Valentina Resaz
{"title":"Distributed Intrusion Detection: Simulation and Evaluation of Two Methodologies","authors":"M. Migliardi, Valentina Resaz","doi":"10.1109/SECURWARE.2009.14","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.14","url":null,"abstract":"ABSTRACT - The proliferation of wideband connections while opening the market to a wealth of new web based applications has also provided a pervasive set of injection point for malicious network traffic. This fact has generated a new storm of network attacks that every day generates a non negligible amount of network traffic. Intrusion Detection Systems (IDS) aim at preventing the delivery of malicious traffic to targeted systems thus preventing damage at the end point of the attack, however they are positioned either on a single host or on very peripheral routers, thus they do not provide any help in reducing the amount of malicious traffic roaming the network. The sheer amount of traffic to be analyzed prevents any attempt to move intrusion detection to core routers, however Distributed Intrusion Detection Systems (DIDS) may provide a solution. In past works DIDS have been envisioned as cooperative clusters of traditional IDS, in this paper we present two novel methodologies that could allow distributing the computational load of intrusion detection on several nodes and a simulation tool that allows us to evaluate the impact of these methodologies on the nodes involved.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"105 2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132780545","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Incorporating Software Security into an Undergraduate Software Engineering Course 将软件安全纳入本科软件工程课程
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.32
Cynthia Y. Lester, F. Jamerson
{"title":"Incorporating Software Security into an Undergraduate Software Engineering Course","authors":"Cynthia Y. Lester, F. Jamerson","doi":"10.1109/SECURWARE.2009.32","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.32","url":null,"abstract":"Secure software development has become a topic of increasing importance, as a general fear rises due to security holes, vulnerabilities, and attacks. To ensure the security of information in a society of file sharing, on-line business transactions, and e-communication, undergraduate students will soon be required to implement software security concepts into their software development processes as soon as they complete their degrees. Consequently, it is imperative for graduates of computer science departments to be trained in the fundamentals of information security and to gain hands-on experience with secure software development. To address this issue computer science educators at the undergraduate level are turning their attentions to incorporating security issues within traditional computer science courses. The paper describes an existing undergraduate software engineering course that has been modified to include software security concepts. Challenges and future work are also presented.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128979773","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Fingerprint Texture Feature for Discrimination and Personal Verification 用于识别和个人验证的指纹纹理特征
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.42
Z. A. Jhat, A. H. Mir, S. Rubab
{"title":"Fingerprint Texture Feature for Discrimination and Personal Verification","authors":"Z. A. Jhat, A. H. Mir, S. Rubab","doi":"10.1109/SECURWARE.2009.42","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.42","url":null,"abstract":"Fingerprint is a reliable biometric which is used for personal verification. Current fingerprint verification techniques can be broadly classified as Minutiae-based, ridge feature-based and correlation-based each having its own merits and demerits. In this paper, we propose use of the statistical texture analysis of a fingerprint using spatial grey level dependence method (SGLDM) for discrimination and personal verification. This method extracts texture features by an algorithm based on the spatial grey level dependence method.The fingerprint images were randomly chosen from the fingerprint databases of FVC 2000 and FVC2002. Results show that fingerprint texture feature can be reasonably used for discrimination and for personal verification.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"55 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130549621","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Social Networks Security 社交网络安全
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.56
J. Nagy, Peter Pecho
{"title":"Social Networks Security","authors":"J. Nagy, Peter Pecho","doi":"10.1109/SECURWARE.2009.56","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.56","url":null,"abstract":"Our study analyses possibilities of misusing social network sites due to irresponsible behaviour of users. Recent surveys show that problems of social network are more often to occur, due to openness as one of the key features of these sites. Social engineering can be misused by attackers concerning on social network with the purpose of gaining sensitive information. There is a conflict between users' security awareness and their actual behaviour, so called privacy paradox. We were interested in amount of information people are willing to reveal in their profiles. We have found out users' behaviour which leads to insufficient protection of published information. These sensitive information are suitable for all kinds of phishing and other similar attacks. In our study we compared two groups of fictive profiles (personal profiles of users having no friends and profiles of users with fictive friends) and studied their success in creating new links in social network. We also considered tools for protecting sensitive information in social networks.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133858965","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 45
Forward Secure ID-Based Group Key Agreement Protocol with Anonymity 前向安全匿名基于id的组密钥协商协议
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.49
Hyewon Park, Z. Kim, Kwangjo Kim
{"title":"Forward Secure ID-Based Group Key Agreement Protocol with Anonymity","authors":"Hyewon Park, Z. Kim, Kwangjo Kim","doi":"10.1109/SECURWARE.2009.49","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.49","url":null,"abstract":"ID-based group key agreement (GKA) has been increasingly researched with the advantage of simple public key management. However, identities of group members can be exposed in the ID-based GKA protocol, so eavesdroppers can easily learn who belongs to the specific group. Recently, Wan et al. proposed a solution for this problem, an anonymous ID-based GKA protocol, which can keep group members’ anonymity to outside eavesdroppers; nevertheless, the protocol has some security flaws. This paper shows that Wan et al.’s GKA is insecure against colluding attack and their joining/leaving protocols do not guarantee forward and backward secrecy. We also propose a new forward secure ID-based GKA with anonymity from enhancing Wan et al.’s joining/leaving protocols. Our scheme provides forward and backward secrecy and is essentially just efficient as Wan et al.’s scheme.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"105 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115693984","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
A Survey of Botnet and Botnet Detection 僵尸网络与僵尸网络检测综述
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.48
M. Feily, A. Shahrestani, S. Ramadass
{"title":"A Survey of Botnet and Botnet Detection","authors":"M. Feily, A. Shahrestani, S. Ramadass","doi":"10.1109/SECURWARE.2009.48","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.48","url":null,"abstract":"Among the various forms of malware, botnets are emerging as the most serious threat against cyber-security as they provide a distributed platform for several illegal activities such as launching distributed denial of service attacks against critical targets, malware dissemination, phishing, and click fraud. The defining characteristic of botnets is the use of command and control channels through which they can be updated and directed. Recently, botnet detection has been an interesting research topic related to cyber-threat and cyber-crime prevention. This paper is a survey of botnet and botnet detection. The survey clarifies botnet phenomenon and discusses botnet detection techniques. This survey classifies botnet detection techniques into four classes: signature-based, anomaly-based, DNS-based, and mining-base. It summarizes botnet detection techniques in each class and provides a brief comparison of botnet detection techniques.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122503856","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 410
Security in Ad Hoc Networks: From Vulnerability to Risk Management 自组织网络中的安全:从漏洞到风险管理
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.38
Marianne A. Azer, S. El-Kassas, M. El-Soudani
{"title":"Security in Ad Hoc Networks: From Vulnerability to Risk Management","authors":"Marianne A. Azer, S. El-Kassas, M. El-Soudani","doi":"10.1109/SECURWARE.2009.38","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.38","url":null,"abstract":"Mobile Ad hoc Networks (MANETs) have lots of applications. Due to the features of open medium, absence of infrastructure, dynamic changing network topology, cooperative algorithms, lack of centralized monitoring and management point, resource constraints and lack of a clear line of defense, these networks are vulnerable to attacks. A vital problem that must be solved in order to realize these applications is that concerning the security aspects of such networks. Solving these problems combined with the widespread availability of devices such as PDAs, laptops, small fixtures on buildings and cellular phones will ensure that ad hoc networks will become an indispensable part of our life. In this paper, we discuss the reasons of vulnerability as well as active and passive attacks on such networks. We present the security measures used to secure ad hoc networks such as authentication, threshold cryptography, trust and reputation, and present a risk management scheme. Concluding remarks are presented at the end of this paper, while mentioning the different open research areas and challenges in the discussed security measures.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"84 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124966640","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Integration of a Security Product in Service-Oriented Architecture 在面向服务的体系结构中集成安全产品
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.8
Aleksander Dikanski, Christian Emig, S. Abeck
{"title":"Integration of a Security Product in Service-Oriented Architecture","authors":"Aleksander Dikanski, Christian Emig, S. Abeck","doi":"10.1109/SECURWARE.2009.8","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.8","url":null,"abstract":"The future of enterprise software development lies in the use of a service-oriented architecture (SOA) to support business concerns. Business services are using security services offered by service-oriented security architectures for security support. The question re¬mains how to implement the security services using traditional security products and how to map security policies defined at service level to product-specific po¬licies. In this paper we present an approach for inte¬grating existing security products into service-oriented security architectures. We show how traditional se¬curity products can be adapted to fit into the overall service-oriented paradigm. We present a case study that applies our approach.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"50 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121765133","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Suspicion-Driven Formal Analysis of Security Requirements 怀疑驱动的安全需求形式化分析
2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI: 10.1109/SECURWARE.2009.40
N. Amálio
{"title":"Suspicion-Driven Formal Analysis of Security Requirements","authors":"N. Amálio","doi":"10.1109/SECURWARE.2009.40","DOIUrl":"https://doi.org/10.1109/SECURWARE.2009.40","url":null,"abstract":"Increasingly, engineers need to approach security and software engineering in a unified way. This paper presents an approach to the formal analysis of security requirements that is based on planning and uses the concept of suspicion to guide the search for threats and security vulnerabilities in requirements. The approach is tested and illustrated by conducting two experiments: one focussing on a system with a confidentiality security property, and another with an integrity security property enforced through the separation of duty principle. The paper shows that suspicion plays an important rôle in finding vulnerabilities and security threats in requirements.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121730659","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信