发布求助
文献互助 智能选刊 最新文献

The Second International Conference on Availability, Reliability and Security (ARES'07)最新文献

筛选
英文 中文
Evaluation Function for Synthesizing Security Protocols by means of Genetic Algorithms 基于遗传算法的安全协议综合评价函数
The Second International Conference on Availability, Reliability and Security (ARES'07) Pub Date : 2007-04-10 DOI: 10.1109/ARES.2007.83
Luis Zarza, J. Pegueroles, M. Soriano
{"title":"Evaluation Function for Synthesizing Security Protocols by means of Genetic Algorithms","authors":"Luis Zarza, J. Pegueroles, M. Soriano","doi":"10.1109/ARES.2007.83","DOIUrl":"https://doi.org/10.1109/ARES.2007.83","url":null,"abstract":"The design of cryptographic and security protocols for new scenarios and applications can be computationally expensive. Examples of these can be sensor or mobile ad-hoc networks and electronic voting or auctions applications. In such cases, the aid of an automated tool generating protocols for a predefined problem can be of great utility. This work uses the genetic algorithms (GA) techniques for the automatic design of security networked protocols. When using GA for optimizing protocols the evaluation function is critical. We discuss how can be defined several basic criteria for evaluating security protocols and present some examples for evaluation of different protocols","PeriodicalId":383015,"journal":{"name":"The Second International Conference on Availability, Reliability and Security (ARES'07)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128636681","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Broadcast Authentication Protocol with Time Synchronization and Quadratic Residues Chain 具有时间同步和二次残差链的广播认证协议
The Second International Conference on Availability, Reliability and Security (ARES'07) Pub Date : 2007-04-10 DOI: 10.1109/ARES.2007.52
B. Groza
{"title":"Broadcast Authentication Protocol with Time Synchronization and Quadratic Residues Chain","authors":"B. Groza","doi":"10.1109/ARES.2007.52","DOIUrl":"https://doi.org/10.1109/ARES.2007.52","url":null,"abstract":"Assuring information authenticity is an important issue in the field of information security. A new broadcast authentication protocol is proposed. The protocol is based on time synchronization and uses chains constructed with the squaring function. The proposed solution is efficient for transmissions over long periods of time since the chains have an unbounded length. The protocol assures information authenticity at the reduced cost of almost one modular multiplication for each broadcasted packet. Time synchronization issues are discussed and the security of the protocol is equivalent to factoring since the squaring function is used. A failure mode analysis of the protocol is done; this is also an aspect of novelty and applies to other protocols based on time synchronization as well","PeriodicalId":383015,"journal":{"name":"The Second International Conference on Availability, Reliability and Security (ARES'07)","volume":"65 3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128557395","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Protecting Online Transactions with Unique Embedded Key Generators 用独特的嵌入式密钥生成器保护在线交易
The Second International Conference on Availability, Reliability and Security (ARES'07) Pub Date : 2007-04-10 DOI: 10.1109/ARES.2007.117
M. Boesgaard, E. Zenner
{"title":"Protecting Online Transactions with Unique Embedded Key Generators","authors":"M. Boesgaard, E. Zenner","doi":"10.1109/ARES.2007.117","DOIUrl":"https://doi.org/10.1109/ARES.2007.117","url":null,"abstract":"We present a novel approach for protecting transactions over networks. While we use the example of a netbank application, the proposal is relevant for many security-critical transactions. The approach is based on two major changes compared to current solutions. The first one is the use of individualized key derivation functions, which ensure that given the same input, each copy of the application ends up with different keys. The second contribution is the individualizing of program copies by subtle code modification. This makes automated analysis and patching of a client-side application very difficult. In combination, these techniques allow to build a secure channel between the client program and the server, while current solutions only build such a channel between the client computer and the server","PeriodicalId":383015,"journal":{"name":"The Second International Conference on Availability, Reliability and Security (ARES'07)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117057000","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Pastures: Towards Usable Security Policy Engineering 牧场:迈向可用的安全策略工程
The Second International Conference on Availability, Reliability and Security (ARES'07) Pub Date : 2007-04-10 DOI: 10.1109/ARES.2007.114
S. Bratus, A. Ferguson, D. McIlroy, Sean W. Smith
{"title":"Pastures: Towards Usable Security Policy Engineering","authors":"S. Bratus, A. Ferguson, D. McIlroy, Sean W. Smith","doi":"10.1109/ARES.2007.114","DOIUrl":"https://doi.org/10.1109/ARES.2007.114","url":null,"abstract":"Whether a particular computing installation meets its security goals depends on whether the administrators can create a policy that expresses these goals - security in practice requires effective policy engineering. We have found that the reigning SELinux model fares poorly in this regard, partly because typical isolation goals are not directly stated but instead are properties derivable from the type definitions by complicated analysis tools. Instead, we are experimenting with a security-policy approach based on copy-on-write \"pastures\", in which the sharing of resources between pastures is the fundamental security policy primitive. We argue that it has a number of properties that are better from the usability point of view. We implemented this approach as a patch for the 2.6 Linux kernel","PeriodicalId":383015,"journal":{"name":"The Second International Conference on Availability, Reliability and Security (ARES'07)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117095948","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Empirical and statistical analysis of risk analysis-driven techniques for threat management 风险分析驱动的威胁管理技术的实证和统计分析
The Second International Conference on Availability, Reliability and Security (ARES'07) Pub Date : 2007-04-10 DOI: 10.1109/ARES.2007.78
Koen Buyens, Bart De Win, W. Joosen
{"title":"Empirical and statistical analysis of risk analysis-driven techniques for threat management","authors":"Koen Buyens, Bart De Win, W. Joosen","doi":"10.1109/ARES.2007.78","DOIUrl":"https://doi.org/10.1109/ARES.2007.78","url":null,"abstract":"One of the challenges of secure software construction (and maintenance) is to get control over the multitude of threats in order to focus mitigation efforts on the most relevant ones. Risk analysis is one class of techniques for achieving threat reduction, but few studies are available that evaluate the quality of these techniques. In this paper, a selected set of risk analysis techniques have been evaluated and compared based on a realistic case study. The foundations for this analysis were threefold: we defined a set of high-level criteria, we compared the results of the different methods and we used statistical analysis techniques for studying additional characteristics. This analysis was performed on an independently developed case study of a significant size. For this experiment, the benefits of applying of these methods were limited for the categorization and the reduction of threats. Therefore, we also suggest ways to improve or complement these methods","PeriodicalId":383015,"journal":{"name":"The Second International Conference on Availability, Reliability and Security (ARES'07)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115671995","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 28
On Coercion-Resistant Electronic Elections with Linear Work 线性工作下的抗强制电子选举
The Second International Conference on Availability, Reliability and Security (ARES'07) Pub Date : 2007-04-10 DOI: 10.1109/ARES.2007.108
Stefan G. Weber, Roberto Araújo, J. Buchmann
{"title":"On Coercion-Resistant Electronic Elections with Linear Work","authors":"Stefan G. Weber, Roberto Araújo, J. Buchmann","doi":"10.1109/ARES.2007.108","DOIUrl":"https://doi.org/10.1109/ARES.2007.108","url":null,"abstract":"Remote electronic voting over the Internet is a promising concept to afford convenience to voters and to increase election turnouts. However, before employing electronic voting systems in regular elections, problems such as coercion and vote selling have to be solved. Juels, Catalano and Jakobsson introduced a strong security requirement that deals with theses concerns. Coercion resistance improves on the former security notion of receipt freeness by taking additional real-life threats into account. In this paper, we present a coercion-resistant election scheme with a linear work factor. The scheme is based on the previous proposal of Juels et al., which exhibited a quadratic work factor, and employs Smith's idea to achieve a speedup to linear work. It, however, overcomes the drawbacks of these preceding solutions. We also present an evaluation of the scheme and identify the drawbacks and the real world aspects related to the scheme","PeriodicalId":383015,"journal":{"name":"The Second International Conference on Availability, Reliability and Security (ARES'07)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125329891","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 59
Access Control Model for Web Services with Attribute Disclosure Restriction 具有属性披露限制的Web服务访问控制模型
The Second International Conference on Availability, Reliability and Security (ARES'07) Pub Date : 2007-04-10 DOI: 10.1109/ARES.2007.31
Vipin Singh Mewar, Subhendu Aich, S. Sural
{"title":"Access Control Model for Web Services with Attribute Disclosure Restriction","authors":"Vipin Singh Mewar, Subhendu Aich, S. Sural","doi":"10.1109/ARES.2007.31","DOIUrl":"https://doi.org/10.1109/ARES.2007.31","url":null,"abstract":"Web service is a programmable interface accessible through a network. In this paper we focus on the scenario in which different organizations use Web services to collaborate, share knowledge, integrate services and for providing value added services to customers. As a test case, we consider health care application in which different hospitals can give various types of services to other hospitals. We find attribute based access control (ABAC) model to be quite suitable for access control in Web services. However, there is a need to enforce user's security policy to decide only which attributes should be disclosed so that users can reveal their attributes to service providers according to their need. We extend the ABAC model with user attribute disclosure restriction and propose a framework for defining and applying security policies","PeriodicalId":383015,"journal":{"name":"The Second International Conference on Availability, Reliability and Security (ARES'07)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128089989","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Bytecode Verification for Enhanced JVM Access Control 增强JVM访问控制的字节码验证
The Second International Conference on Availability, Reliability and Security (ARES'07) Pub Date : 2007-04-10 DOI: 10.1109/ARES.2007.55
Dongxi Liu
{"title":"Bytecode Verification for Enhanced JVM Access Control","authors":"Dongxi Liu","doi":"10.1109/ARES.2007.55","DOIUrl":"https://doi.org/10.1109/ARES.2007.55","url":null,"abstract":"This paper presents an approach to addressing the known weaknesses and security issues of JVM stack inspection in a unified framework. We first propose an enhanced JVM access control mechanism. In this mechanism, values are also associated with security levels. When enforcing access control, this mechanism checks not only the permissions of code on stack as the usual stack inspection, but also the security levels of values to make sure they are used legally. We then present a static type system to verify whether a bytecode program satisfies the security property achieved by this enhanced mechanism. This type system performs modular and context-sensitive analysis at the method level by generating and solving constraints, and path-sensitive analysis at the code block level by using a trace-based approach. In addition, this type system does not need any user annotation for verification","PeriodicalId":383015,"journal":{"name":"The Second International Conference on Availability, Reliability and Security (ARES'07)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126692004","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Applications for Provably Secure Intent Protection with Bounded Input-Size Programs 有界输入大小程序可证明安全意图保护的应用
The Second International Conference on Availability, Reliability and Security (ARES'07) Pub Date : 2007-04-10 DOI: 10.1109/ARES.2007.40
J. McDonald, Alec Yasinsac
{"title":"Applications for Provably Secure Intent Protection with Bounded Input-Size Programs","authors":"J. McDonald, Alec Yasinsac","doi":"10.1109/ARES.2007.40","DOIUrl":"https://doi.org/10.1109/ARES.2007.40","url":null,"abstract":"The de facto standard program obfuscation security model, termed the virtual black box (VBB), declares a program to be securely obfuscated if and only if an adversary can prove no more when given the obfuscated code than it can when only given oracle access to the original program. In this paper, we define and give methodology for a perfectly secure program intent obfuscation that is general and practical for bounded input-size programs, including those with input/output relationships that are easily learned. We also lay foundations for how to embed a key securely in a private-key encryption setting using such constructions","PeriodicalId":383015,"journal":{"name":"The Second International Conference on Availability, Reliability and Security (ARES'07)","volume":"136 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121748949","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
A Framework for the Development of Secure Data Warehouses based on MDA and QVT 基于MDA和QVT的安全数据仓库开发框架
The Second International Conference on Availability, Reliability and Security (ARES'07) Pub Date : 2007-04-10 DOI: 10.1109/ARES.2007.4
E. Soler, J. Trujillo, E. Fernández-Medina, M. Piattini
{"title":"A Framework for the Development of Secure Data Warehouses based on MDA and QVT","authors":"E. Soler, J. Trujillo, E. Fernández-Medina, M. Piattini","doi":"10.1109/ARES.2007.4","DOIUrl":"https://doi.org/10.1109/ARES.2007.4","url":null,"abstract":"Data warehouses (DWs) store historical and aggregated information, extracted from multiple heterogeneous, autonomous and distributed sources of information, therefore it is essential to specify security measures from early stages of DW design and to enforce them. Several proposals on DW development have arisen in the last couple of years. However, few approaches represent security measures in the DW conceptual model starting from early stages of development of a DW project. In addition, these security measures cannot be automatically represented at logical level, so heuristic design guides for such transformations have appeared. This paper presents a framework based on model driven architecture (MDA) for the development of secure data warehouses that covers all the phases of design (conceptual, logical and physical) and embeds security measures in all of them. Moreover, transformations between models are clearly and formally established by using query/view/transformation (QVT), to obtain consequently a traceability of the security rules from the early stages of development to the final implementation","PeriodicalId":383015,"journal":{"name":"The Second International Conference on Availability, Reliability and Security (ARES'07)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131306105","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信