发布求助
文献互助 智能选刊 最新文献

2008 Sixth Annual Conference on Privacy, Security and Trust最新文献

筛选
英文 中文
Towards Privacy Taxonomy-Based Attack Tree Analysis for the Protection of Consumer Information Privacy 基于隐私分类法的消费者信息隐私保护攻击树分析
2008 Sixth Annual Conference on Privacy, Security and Trust Pub Date : 2008-10-01 DOI: 10.1109/PST.2008.18
K. Reddy, H. Venter, M. Olivier, I. Currie
{"title":"Towards Privacy Taxonomy-Based Attack Tree Analysis for the Protection of Consumer Information Privacy","authors":"K. Reddy, H. Venter, M. Olivier, I. Currie","doi":"10.1109/PST.2008.18","DOIUrl":"https://doi.org/10.1109/PST.2008.18","url":null,"abstract":"There is a strong legal and ethical imperative for organisations to protect consumer information privacy. In this paper we present a method called privacy taxonomy-based attack tree analysis (PTATA). PTATA involves the combination of privacy violation taxonomies and attack trees. It assists organisations in protecting information privacy by providing a means to analyze weaknesses in their protective measures. We define privacy violation taxonomies, as well as review attack trees, and illustrate the practical implementation of PTATA through example scenarios. The advantages and drawbacks to our method are also discussed. The paper ends with future research which may build on this work.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117159738","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
The Effect of Behavior Change on Honesty Checking in Peer-to-Peer Systems 点对点系统中行为改变对诚信检查的影响
2008 Sixth Annual Conference on Privacy, Security and Trust Pub Date : 2008-10-01 DOI: 10.1109/PST.2008.34
Farag Azzedin, Ahmad Ridha
{"title":"The Effect of Behavior Change on Honesty Checking in Peer-to-Peer Systems","authors":"Farag Azzedin, Ahmad Ridha","doi":"10.1109/PST.2008.34","DOIUrl":"https://doi.org/10.1109/PST.2008.34","url":null,"abstract":"Reputation systems aim to reduce the risk of loss due to untrustworthy peers. This loss is aggravated by dishonest recommenders trying to pollute the recommendation network. The objective of an honesty checking mechanism is to detect dishonest recommenders. Existing honesty checking mechanisms assume that contradicting recommendations are due to the dishonesty of the recommenders. However, such difference may be also due to the behavior change of the target peer. This paper shows the effect of such behavior change on the performance of existing honesty checking mechanisms. To the best of our knowledge, this is the first attempt at linking the behavior change to honesty checking.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131719661","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Multiple-Control Fuzzy Vault 多控制模糊保险库
2008 Sixth Annual Conference on Privacy, Security and Trust Pub Date : 2008-10-01 DOI: 10.1109/PST.2008.23
Marianne Hirschbichler, C. Boyd, W. Boles
{"title":"A Multiple-Control Fuzzy Vault","authors":"Marianne Hirschbichler, C. Boyd, W. Boles","doi":"10.1109/PST.2008.23","DOIUrl":"https://doi.org/10.1109/PST.2008.23","url":null,"abstract":"We introduce multiple-control fuzzy vaults allowing generalized threshold, compartmented and multilevel access structure. The presented schemes enable many useful applications employing multiple users and/or multiple locking sets. Introducing the original single control fuzzy vault of Juels and Sudan we identify several similarities and differences between their vault and secret sharing schemes which influence how best to obtain working generalizations. We design multiple-control fuzzy vaults suggesting applications using biometric credentials as locking and unlocking values. Furthermore we assess the security of our obtained generalizations for insider/ outsider attacks and examine the access-complexity for legitimate vault owners.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"18 6","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131437536","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Mimicry Attacks Demystified: What Can Attackers Do to Evade Detection? 模拟攻击揭秘:攻击者可以做些什么来逃避检测?
2008 Sixth Annual Conference on Privacy, Security and Trust Pub Date : 2008-10-01 DOI: 10.1109/PST.2008.25
H. G. Kayacik, A. N. Zincir-Heywood
{"title":"Mimicry Attacks Demystified: What Can Attackers Do to Evade Detection?","authors":"H. G. Kayacik, A. N. Zincir-Heywood","doi":"10.1109/PST.2008.25","DOIUrl":"https://doi.org/10.1109/PST.2008.25","url":null,"abstract":"Mimicry attacks have been the focus of detector research where the objective of the attacker is to generate an attack that evades detection while achieving the attackerpsilas goals. If such an attack can be found, it implies that the target detector is vulnerable against mimicry attacks. In this work, we emphasize that there are two components of a buffer overflow attack: the preamble and the exploit. Although the attacker can modify the exploit component easily, the attacker may not be able to prevent preamble from generating anomalous behavior since during preamble stage, the attacker does not have full control. Previous work on mimicry attacks considered an attack to completely evade detection, if the exploit raises no alarms. On the other hand, in this work, we investigate the source of anomalies in both the preamble and the exploit components against two anomaly detectors that monitor four vulnerable UNIX applications. Our experiment results show that preamble can be a source of anomalies, particularly if it is lengthy and anomalous.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133537948","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 30
Cross-Language Weaving Approach Targeting Software Security Hardening 面向软件安全加固的跨语言编织方法
2008 Sixth Annual Conference on Privacy, Security and Trust Pub Date : 2008-10-01 DOI: 10.1109/PST.2008.22
A. Mourad, D. Alhadidi, M. Debbabi
{"title":"Cross-Language Weaving Approach Targeting Software Security Hardening","authors":"A. Mourad, D. Alhadidi, M. Debbabi","doi":"10.1109/PST.2008.22","DOIUrl":"https://doi.org/10.1109/PST.2008.22","url":null,"abstract":"In this paper, we propose an approach for systematic security hardening of software based on aspect-oriented programming and Gimple language. We also present the first steps towards a formal specification for Gimple weaving together with the implementation methodology of the proposed weaving semantics. The primary contribution of this approach is providing the software architects with the capabilities to perform systematic security hardening by applying well-defined solutions and without the need to have expertise in the security solution domain. We explore the viability of our propositions by realizing the weaving semantics for Gimple by implementing it into the GCC compiler and applying our methodologies for systematic security hardening to develop a case study for securing the connections of client applications together with experimental results.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"292 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117337428","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
CCTB: Context Correlation for Trust Bootstrapping in Pervasive Environment CCTB:普适环境下信任引导的上下文相关性
2008 Sixth Annual Conference on Privacy, Security and Trust Pub Date : 2008-10-01 DOI: 10.1109/PST.2008.19
Sheikh Iqbal Ahamed, Mehrab Monjur, M. S. Islam
{"title":"CCTB: Context Correlation for Trust Bootstrapping in Pervasive Environment","authors":"Sheikh Iqbal Ahamed, Mehrab Monjur, M. S. Islam","doi":"10.1109/PST.2008.19","DOIUrl":"https://doi.org/10.1109/PST.2008.19","url":null,"abstract":"Handheld devices in a pervasive computing environment are prone to security as well as privacy violations, while discovering, sharing and accessing services and contents. Trust models are devised to fight against such violations and breaches. Although initial trust assignment is an important issue in evolving overall trust, a little amount of work has been done in this field so far. In pervasive smart space, similar type of contexts exhibits significant correlations to each other. However, this fact is not taken into consideration while computing the initial trust values. In this paper, we describe a new mechanism to assign initial trust: CCTB (Context Correlation for Trust Bootstrapping), which takes advantage of the presence of correlations among different contexts in a context-ontology. We evaluate the effectiveness of CCTB by simulating in two different scenarios. We show that CCTB offers better initial trust values than the other models considered here. We also implement a prototype for performance measurement using .NET Compact Framework.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"601 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132755862","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Unlinkable Communication 不可链接通信
2008 Sixth Annual Conference on Privacy, Security and Trust Pub Date : 2008-10-01 DOI: 10.1109/PST.2008.8
Volker Fusenig, Eugen Staab, U. Sorger, T. Engel
{"title":"Unlinkable Communication","authors":"Volker Fusenig, Eugen Staab, U. Sorger, T. Engel","doi":"10.1109/PST.2008.8","DOIUrl":"https://doi.org/10.1109/PST.2008.8","url":null,"abstract":"In this paper we present a protocol for unlinkable communication, i.e. where an attacker cannot map the sender and receiver node of a communication. Existing anonymity protocols either do not guarantee unlinkability (e.g. Tor and Mix networks), or produce huge overhead -- the dining cryptographers network causes quadratic number of messages. Our protocol needs only a linear number of messages while it still guarantees unlinkability. We introduce a measure of unlinkability and show that our protocol offers the highest possible degree of unlinkability. We show how to use the protocol in practice by adapting it to Internet and ad hoc communication.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"123 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115613082","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
IT Security and Privacy Issues in Global Financial Services Institutions: Do Socio-Economic and Cultural Factors Matter? 全球金融服务机构的信息技术安全和隐私问题:社会经济和文化因素重要吗?
2008 Sixth Annual Conference on Privacy, Security and Trust Pub Date : 2008-10-01 DOI: 10.1109/PST.2008.24
P. Ifinedo
{"title":"IT Security and Privacy Issues in Global Financial Services Institutions: Do Socio-Economic and Cultural Factors Matter?","authors":"P. Ifinedo","doi":"10.1109/PST.2008.24","DOIUrl":"https://doi.org/10.1109/PST.2008.24","url":null,"abstract":"Financial services institutions (FSIs) around the globe know they must proactively work toward protecting customer data and thwarting emerging security threats. Deloitte Touche Tohmatsu (DTT), an international firm that provides audit, consulting, and financial advisory services has used its networks and reach to investigate security and privacy issues in FSIs around the world. DTTpsilas first survey appeared in 2003 and four others have followed since then. This present article draws from last survey. Given that the literature has shown that socio-economic and cultural factors are important considerations for organizations when accepting innovations and new practices. This study was designed to provide a layer of understanding not seen in the DTTpsilas study by examining whether socio-economic and cultural indicators matter in how IT security and privacy issues are being perceived in global FSIs. Two relevant hypotheses were developed to test our assertions. The main finding of the study was that such contextual factors may not be sufficient in differentiating how global FISs view or respond to key IT security and privacy issues. However, our study found one item related to security awareness training for FISspsila employees to vary significantly across the surveyed regions when the gross domestic product (GDP per capita) variable was used in the analysis. It is hoped that our studypsilas findings and conclusion will be beneficial to practitioners and researchers.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"93 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122559838","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Model-Checking for Software Vulnerabilities Detection with Multi-Language Support 多语言支持下软件漏洞检测的模型检验
2008 Sixth Annual Conference on Privacy, Security and Trust Pub Date : 2008-10-01 DOI: 10.1109/PST.2008.21
Rachid Hadjidj, Xiaochun Yang, Syrine Tlili, M. Debbabi
{"title":"Model-Checking for Software Vulnerabilities Detection with Multi-Language Support","authors":"Rachid Hadjidj, Xiaochun Yang, Syrine Tlili, M. Debbabi","doi":"10.1109/PST.2008.21","DOIUrl":"https://doi.org/10.1109/PST.2008.21","url":null,"abstract":"In this paper we develop a security verification framework for open source software with a multi-language support. We base our approach on the GCC compiler which is considered as the defacto open source compiler for several languages including C, C++, JAVA, ADA, FORTRAN,etc. To achieve our goal we use a conventional push down system model-checker for reachability properties, and turn it into a fully-fledged verification tool for both low and high level software security properties. We also allow programmers to define a wide range of temporal security properties using an automata-based specification approach. As a result, our approach can model-check large scale software against system-specific security properties.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116449154","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
A Detailed Comparison of Probabilistic Approaches for Coping with Unfair Ratings in Trust and Reputation Systems 在信任和声誉系统中处理不公平评级的概率方法的详细比较
2008 Sixth Annual Conference on Privacy, Security and Trust Pub Date : 2008-10-01 DOI: 10.1109/PST.2008.16
Jie Zhang, M. Sensoy, R. Cohen
{"title":"A Detailed Comparison of Probabilistic Approaches for Coping with Unfair Ratings in Trust and Reputation Systems","authors":"Jie Zhang, M. Sensoy, R. Cohen","doi":"10.1109/PST.2008.16","DOIUrl":"https://doi.org/10.1109/PST.2008.16","url":null,"abstract":"The unfair rating problem exists when a buying agent models the trustworthiness of selling agents by also relying on ratings of the sellers from other buyers. Different probabilistic approaches have been proposed to cope with this issue. In this paper, we first summarize these approaches and provide a detailed categorization of them. This includes our own \"personalized\" approach for addressing this problem. Based on the implication of such analysis, we then focus on experimental comparison of our approach with two key models in a framework that simulates a dynamic electronic marketplace environment. We specifically examine different scenarios, including ones where the majority of buyers are dishonest, buyers lack personal experience with sellers, sellers may vary their behavior, and buyers may provide a large number of ratings. Our study provides the basis for deciding which approach is most appropriate to employ, in which scenario.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130933520","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信