发布求助
文献互助 智能选刊 最新文献

The Second International Conference on Availability, Reliability and Security (ARES'07)最新文献

筛选
英文 中文
AsmLSec: An Extension of Abstract State Machine Language for Attack Scenario Specification 针对攻击场景规范的抽象状态机语言的扩展
The Second International Conference on Availability, Reliability and Security (ARES'07) Pub Date : 2007-04-10 DOI: 10.1109/ARES.2007.45
M. Raihan, Mohammad Zulkernine
{"title":"AsmLSec: An Extension of Abstract State Machine Language for Attack Scenario Specification","authors":"M. Raihan, Mohammad Zulkernine","doi":"10.1109/ARES.2007.45","DOIUrl":"https://doi.org/10.1109/ARES.2007.45","url":null,"abstract":"Security, one of the most important aspects of software, gets very little attention during the software development life cycle (SDLC). Therefore, the software remains vulnerable to attacks which are handled by issuing patches or service packs by the software vendors. To overcome this problem, researchers have proposed to take security into consideration right from the very beginning of the software development process. However, most specification languages were not designed with an intention for specifying security requirements, and therefore, they lack some features to serve this purpose. As a result, we need suitable specification languages that can be used both for functional specification and security specification. We propose a formal extension of a popular specification language called AsmL (Abstract State Machine Language) for attack descriptions with a view to building secure software. We name the extended language AsmLSec. We present the details of AsmLSec syntax and semantics, describe how to model attacks using its constructs, and present the design and implementation of a compiler that generates attack signatures from the AsmLSec attack specifications. To evaluate the expressive power of AsmLSec, we model attack scenarios based on the benchmark DARPA data sets","PeriodicalId":383015,"journal":{"name":"The Second International Conference on Availability, Reliability and Security (ARES'07)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114369486","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Compartmented Security for Browsers - Or How to Thwart a Phisher with Trusted Computing 浏览器的隔离安全——或者如何用可信计算阻止钓鱼者
The Second International Conference on Availability, Reliability and Security (ARES'07) Pub Date : 2007-04-10 DOI: 10.1109/ARES.2007.59
S. Gajek, A. Sadeghi, Christian Stüble, M. Winandy
{"title":"Compartmented Security for Browsers - Or How to Thwart a Phisher with Trusted Computing","authors":"S. Gajek, A. Sadeghi, Christian Stüble, M. Winandy","doi":"10.1109/ARES.2007.59","DOIUrl":"https://doi.org/10.1109/ARES.2007.59","url":null,"abstract":"Identity theft through phishing attacks has become a major concern for Internet users. Typically, phishing attacks aim at luring the user to a faked Web site to disclose personal information. Existing solutions proposed against this kind of attack can, however, hardly counter the new generation of sophisticated malware phishing attacks, e.g., pharming Trojans, designed to target certain services. This paper aims at making the first steps towards the design and implementation of a security architecture that prevents both classical and malware phishing attacks. Our approach is based on the ideas of compartmentalization for isolating applications of different trust level, and a trusted wallet for storing credentials and authenticating sensitive services. Once the wallet has been setup in an initial step, our solution requires no special care from users for identifying the right Web sites while the disclosure of credentials is strictly controlled. Moreover, a prototype of the basic platform exists and we briefly describe its implementation","PeriodicalId":383015,"journal":{"name":"The Second International Conference on Availability, Reliability and Security (ARES'07)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131270375","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 60
Secure Web Application Development and Global Regulation 安全Web应用程序开发和全球监管
The Second International Conference on Availability, Reliability and Security (ARES'07) Pub Date : 2007-04-10 DOI: 10.1109/ARES.2007.133
W. Glisson, L. M. Glisson, R. Welland
{"title":"Secure Web Application Development and Global Regulation","authors":"W. Glisson, L. M. Glisson, R. Welland","doi":"10.1109/ARES.2007.133","DOIUrl":"https://doi.org/10.1109/ARES.2007.133","url":null,"abstract":"The World Wide Web (WWW) has been predominantly responsible for instigating radical paradigm transformations in today's global information rich civilizations. Many societies have basic operational economical components that depend on Web enabled systems in order to support daily commercial activities. The acceptance of E-commerce as a valid channel for conducting business coupled with societal integration and dependence on Web enabled technology has instigated the development of local, national, and global efforts to regulate criminal activities on the World Wide Web. This paper makes two contributions. The first contribution is the high-level review of the United States and United Kingdom legislation that has developed from the escalation and integration of the World Wide Web into society. The second contribution is the support for the idea that legislative compatibility, in concert with an organization' s policy compatibility, needs to be acknowledged in secure Web application development methodologies","PeriodicalId":383015,"journal":{"name":"The Second International Conference on Availability, Reliability and Security (ARES'07)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128242373","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Collection of Quantitative Data on Security Incidents 收集有关保安事件的定量数据
The Second International Conference on Availability, Reliability and Security (ARES'07) Pub Date : 2007-04-10 DOI: 10.1109/ARES.2007.57
Thomas Nowey, H. Federrath
{"title":"Collection of Quantitative Data on Security Incidents","authors":"Thomas Nowey, H. Federrath","doi":"10.1109/ARES.2007.57","DOIUrl":"https://doi.org/10.1109/ARES.2007.57","url":null,"abstract":"Quantitative data about security threats is a precondition for a precise assessment of security risks and consequently for an efficient management of information security. Currently such data is hardly available, especially for small and medium-sized organizations. In this paper we discuss different ways of gathering quantitative data and present a new approach for the collection of historical data on security incidents. We propose a platform that collects, aggregates and evaluates data on security incidents from multiple organizations. We identify basic requirements for such a platform and show approaches for satisfying them. We especially emphasize the aspects of security and fairness. Finally we introduce a prototype that shows how an implementation could look like","PeriodicalId":383015,"journal":{"name":"The Second International Conference on Availability, Reliability and Security (ARES'07)","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123104973","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Extended RBAC - Based Design and Implementation for a Secure Data Warehouse 基于扩展RBAC的安全数据仓库设计与实现
The Second International Conference on Availability, Reliability and Security (ARES'07) Pub Date : 2007-04-10 DOI: 10.1504/IJBIDM.2007.016379
B. Thuraisingham, S. Iyer
{"title":"Extended RBAC - Based Design and Implementation for a Secure Data Warehouse","authors":"B. Thuraisingham, S. Iyer","doi":"10.1504/IJBIDM.2007.016379","DOIUrl":"https://doi.org/10.1504/IJBIDM.2007.016379","url":null,"abstract":"This paper first discusses security issues for data warehousing. In particular, issues on building a secure data warehouse, secure data warehousing technologies as well as design issues are discussed. Our design of a secure data warehouse that enforces an extended RBAC policy is described next. Finally directions for secure data warehouses are discussed","PeriodicalId":383015,"journal":{"name":"The Second International Conference on Availability, Reliability and Security (ARES'07)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125593006","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 29
An Application of Learning Problem in Anomaly-based Intrusion Detection Systems 学习问题在异常入侵检测系统中的应用
The Second International Conference on Availability, Reliability and Security (ARES'07) Pub Date : 2007-04-10 DOI: 10.1109/ARES.2007.35
Veselina G. Jecheva, E. Nikolova
{"title":"An Application of Learning Problem in Anomaly-based Intrusion Detection Systems","authors":"Veselina G. Jecheva, E. Nikolova","doi":"10.1109/ARES.2007.35","DOIUrl":"https://doi.org/10.1109/ARES.2007.35","url":null,"abstract":"The present paper introduces an approach to anomaly-based intrusion detection using the hidden Markov models (HMM) and the BCJR decoding algorithm. The main idea is to distinguish the normal traces of user activity from abnormal ones using the BCJR decoding algorithm applied in conjunction with HMM parameters adjustment using the gradient based method. Some results from the conducted simulation experiments are introduced as well","PeriodicalId":383015,"journal":{"name":"The Second International Conference on Availability, Reliability and Security (ARES'07)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130427068","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Revisiting Hot Passive Replication 重访热备复制
The Second International Conference on Availability, Reliability and Security (ARES'07) Pub Date : 2007-04-10 DOI: 10.1109/ARES.2007.126
R. D. Juan-Marín, H. Decker, F. D. Muñoz-Escoí
{"title":"Revisiting Hot Passive Replication","authors":"R. D. Juan-Marín, H. Decker, F. D. Muñoz-Escoí","doi":"10.1109/ARES.2007.126","DOIUrl":"https://doi.org/10.1109/ARES.2007.126","url":null,"abstract":"Passive replication has been extensively studied in the literature. However, there is no comprehensive study yet with regard to its degree of communication synchrony. Therefore, we propose a new, detailed classification of hot passive replication protocols, including a survey of the fault tolerance and performance of each class","PeriodicalId":383015,"journal":{"name":"The Second International Conference on Availability, Reliability and Security (ARES'07)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131924757","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
A Human-Verifiable Authentication Protocol Using Visible Laser Light 一种基于可见激光的人类可验证认证协议
The Second International Conference on Availability, Reliability and Security (ARES'07) Pub Date : 2007-04-10 DOI: 10.1109/ARES.2007.5
R. Mayrhofer, Martyn Welch
{"title":"A Human-Verifiable Authentication Protocol Using Visible Laser Light","authors":"R. Mayrhofer, Martyn Welch","doi":"10.1109/ARES.2007.5","DOIUrl":"https://doi.org/10.1109/ARES.2007.5","url":null,"abstract":"Securing wireless channels necessitates authenticating communication partners. For spontaneous interaction, authentication must be efficient and intuitive. One approach to create interaction and authentication methods that scale to using hundreds of services throughout the day is to rely on personal, trusted, mobile devices to interact with the environment. Authenticating the resulting device-to-device interactions requires an out-of-band channel that is verifiable by the user. We present a protocol for creating such an out-of-band channel with visible laser light that is secure against man-in-the-middle attacks even when the laser transmission is not confidential. A prototype implementation shows that an appropriate laser channel can be constructed with simple off-the-shelf components","PeriodicalId":383015,"journal":{"name":"The Second International Conference on Availability, Reliability and Security (ARES'07)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134025544","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 70
Insider-secure Hybrid Signcryption SchemeWithout Random Oracles 没有随机密码的内部安全混合签名加密方案
The Second International Conference on Availability, Reliability and Security (ARES'07) Pub Date : 2007-04-10 DOI: 10.1109/ARES.2007.101
C. H. Tan
{"title":"Insider-secure Hybrid Signcryption SchemeWithout Random Oracles","authors":"C. H. Tan","doi":"10.1109/ARES.2007.101","DOIUrl":"https://doi.org/10.1109/ARES.2007.101","url":null,"abstract":"Confidentiality and authenticity are two important security requirements in most secure systems. To efficiently provide data privacy (confidentiality) and (data/user) authenticity simultaneously, the notion of signcryption scheme was first introduced by Zheng in 1997. The security model for signcryption scheme was proposed by Baek et al. and An et al. in 2002 independently. Since then, many signcryption schemes were proposed; they are either a public-key signcryption or a hybrid signcryption. But, only few proposed signcryption schemes were supposed to be in the insider security, for example, Libert-Quisquater's signcryption schemes at PKC'2004 and SCN'2004 respectively and Yang-Wong-Deng's signcryption scheme at ISC'2005. Although all the above mentioned signcryption schemes were proved insider-secure against adaptive chosen ciphertext attack in the random oracle models, Tan showed that all the above mentioned signcryption schemes were not insider-secure against adaptive chosen ciphertext attack in 2005 and 2006 respectively. Up to our knowledge, it seems that none of insider-secure hybrid signcryption scheme is constructed without random oracles. In this paper, we proposed a hybrid signcryption scheme and showed that the proposed scheme is insider-secure without random oracles","PeriodicalId":383015,"journal":{"name":"The Second International Conference on Availability, Reliability and Security (ARES'07)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129869447","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Secure Distributed Dossier Management in the Legal Domain 法律领域的安全分布式档案管理
The Second International Conference on Availability, Reliability and Security (ARES'07) Pub Date : 2007-04-10 DOI: 10.1109/ARES.2007.130
M. Warnier, F. Brazier, M. Apistola, A. Oskamp
{"title":"Secure Distributed Dossier Management in the Legal Domain","authors":"M. Warnier, F. Brazier, M. Apistola, A. Oskamp","doi":"10.1109/ARES.2007.130","DOIUrl":"https://doi.org/10.1109/ARES.2007.130","url":null,"abstract":"The use of digital dossiers in Courts of Law, although currently in the phase of study, will be common practice in the future. This paper introduces the notion of distributed digital dossiers supported by a multi-agent system architecture, developed in interaction with the Courts of Amsterdam and Rotterdam. Management of such dossiers is core to the approach: consistency, completeness, integrity and security key concepts","PeriodicalId":383015,"journal":{"name":"The Second International Conference on Availability, Reliability and Security (ARES'07)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133142403","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信