By Topic

Emerging Security Information, Systems and Technologies, 2009. SECURWARE '09. Third International Conference on

Date 18-23 June 2009

Filter Results

Displaying Results 1 - 25 of 60
  • [Front cover]

    Page(s): C1
    Save to Project icon | Request Permissions | PDF file iconPDF (331 KB)  
    Freely Available from IEEE
  • [Title page i]

    Page(s): i
    Save to Project icon | Request Permissions | PDF file iconPDF (11 KB)  
    Freely Available from IEEE
  • [Title page iii]

    Page(s): iii
    Save to Project icon | Request Permissions | PDF file iconPDF (54 KB)  
    Freely Available from IEEE
  • [Copyright notice]

    Page(s): iv
    Save to Project icon | Request Permissions | PDF file iconPDF (125 KB)  
    Freely Available from IEEE
  • Table of contents

    Page(s): v - ix
    Save to Project icon | Request Permissions | PDF file iconPDF (185 KB)  
    Freely Available from IEEE
  • Preface

    Page(s): x - xi
    Save to Project icon | Request Permissions | PDF file iconPDF (70 KB)  
    Freely Available from IEEE
  • Committee

    Page(s): xii - xiv
    Save to Project icon | Request Permissions | PDF file iconPDF (82 KB)  
    Freely Available from IEEE
  • list-reviewer

    Page(s): xv - xvi
    Save to Project icon | Request Permissions | PDF file iconPDF (80 KB)  
    Freely Available from IEEE
  • Integration of a Security Product in Service-Oriented Architecture

    Page(s): 1 - 7
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (274 KB) |  | HTML iconHTML  

    The future of enterprise software development lies in the use of a service-oriented architecture (SOA) to support business concerns. Business services are using security services offered by service-oriented security architectures for security support. The question remains how to implement the security services using traditional security products and how to map security policies defined at service level to product-specific policies. In this paper we present an approach for integrating existing security products into service-oriented security architectures. We show how traditional security products can be adapted to fit into the overall service-oriented paradigm. We present a case study that applies our approach. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Security Pattern for Untraceable Secret Handshakes

    Page(s): 8 - 14
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (219 KB) |  | HTML iconHTML  

    A security pattern describes a particular recurring security problem that arises in specific contexts and presents a well-proven generic solution for it. This paper describes an untraceable secret handshake, a protocol that allows two users to mutually verify another's properties without revealing their identity. The complex security solution is split into smaller parts which are described in an abstract way. The identified security problems and their solutions are captured as SERENITY security patterns. The structured description together with motivating scenarios makes the security solution better understandable for non-security experts and helps to disseminate the security knowledge to application developers. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Comparison of Static Code Analysis Tools

    Page(s): 15 - 22
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (198 KB) |  | HTML iconHTML  

    In this paper we compare three static code analysis tools. The tools represent three different approaches in the field of static analysis: fortify SCA is a non-annotation based heuristic analyzer, Splint represents an annotation based heuristic analyzer, and Frama-C an annotation based correct analyzer. The tools are compared by analysing their performance when checking a demonstration code with intentionally implemented errors. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using Object-Oriented Concepts to Develop a High-Level Information Privacy Risk Management Model

    Page(s): 23 - 30
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (199 KB) |  | HTML iconHTML  

    In this paper we present a conceptual model for the management of information privacy risk in large organisations. The model is based on the similarities between the concepts of departments in large organisations and the object-oriented computer paradigm. It is a high-level model that takes a holistic view of information privacy risk management, and, as such, identifies risk in both manual and automated processes during the acquisition, processing, storage and dissemination of information. While conceptual in nature, the model is well suited to practical implementation due to the structure it derives from the object-oriented paradigm. The practical application of the model is demonstrated by way of an example scenario. This paper contributes by addressing the absence in the literature of freely available models for the holistic management information privacy risk in large organisations. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • AFMAP: Anonymous Forward-Secure Mutual Authentication Protocols for RFID Systems

    Page(s): 31 - 36
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (255 KB) |  | HTML iconHTML  

    In this paper we propose two mutual authentication protocols for RFID systems. Generally, in RFID systems, a reader can authenticate tags in the real-time and batch modes. This paper proposes the first authentication protocol for the real-time mode. It also proposes an efficient robust mutual authentication protocol for the batch mode. Some significant characteristics of the protocols are forward security, tag anonymity, location privacy, low complexity on the back-end server, and scalability. To the best of our knowledge, our protocols offer the most enhanced security features in RFID mutual authentication protocols with respect to user privacy. In analyzing the protocols, we show how remarkable properties such as forward security and tag anonymity are guaranteed. It is also illustrated that our protocol is secure against several common attacks that RFID systems confront with. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Secrecy for Bounded Security Protocols without Freshness Check

    Page(s): 37 - 41
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (193 KB) |  | HTML iconHTML  

    The secrecy problem for security protocols is the problem to decide whether or not a given security protocol has leaky runs. The complexity of the secrecy problem for bounded security protocols without freshness check remained open. In this paper, we prove DEXPTIME-completeness of the secrecy problem for bounded security protocols without freshness check, solving the problem left open. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Distributed Intrusion Detection: Simulation and Evaluation of Two Methodologies

    Page(s): 42 - 48
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (286 KB) |  | HTML iconHTML  

    The proliferation of wideband connections while opening the market to a wealth of Web based applications has also provided a pervasive set of injection point for malicious network traffic. This fact has generated a new storm of network attacks that every day generates a non negligible amount of network traffic. Intrusion Detection Systems (IDS) aim at preventing the delivery of malicious traffic to targeted systems thus preventing damage at the end point of the attack, however they are positioned either on a single host or on very peripheral routers, thus they do not provide any help in reducing the amount of malicious traffic roaming the network. The sheer amount of traffic to be analyzed prevents any attempt to move intrusion detection to core routers, however Distributed Intrusion Detection Systems (DIDS) may provide a solution. In past works DIDS have been envisioned as cooperative clusters of traditional IDS, in this paper we present two novel methodologies that could allow distributing the computational load of intrusion detection on several nodes and a simulation tool that allows us to evaluate the impact of these methodologies on the nodes involved. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Formal IT-Security Model for a Weak Fair-Exchange Cooperation with Non-repudiation Proofs

    Page(s): 49 - 56
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (294 KB) |  | HTML iconHTML  

    This article presents a formal IT-security model for the step-by-step exchange of digital items. Following the taxonomy of Asokan the model presented here addresses the security requirements for a so-called ldquoweakrdquo fair exchange. ldquoWeakrdquo refers to the fact, that third parties are used to dissolve disputes. In this model, non-repudiation proofs are used in an external dispute to establish weak fairness. It shows how many unproved steps can be tolerated by one party without loss of fairness. The model is based on the idea of a ldquocontinuous balance of obligations and their proofsrdquo. This idea was proposed 1993 by Grimm, but never since formalized properly. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Quantification of the Effect of Security on Performance in Wireless LANs

    Page(s): 57 - 62
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (301 KB) |  | HTML iconHTML  

    This paper investigates and quantifies the effect of different security protocols on the performance of a wireless LAN. Experiments were performed on a wireless test-bed and the data obtained was analyzed for throughput, delay and packet loss under different security scenarios. Both TCP and UDP traffic streams were analyzed at three different data rates. The effect of congestion is also quantified. The results reveal that no significant degradation in performance occurs by enabling security protocols in a wireless LAN. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • True Positive Cost Curve: A Cost-Based Evaluation Method for High-Interaction Client Honeypots

    Page(s): 63 - 69
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (269 KB) |  | HTML iconHTML  

    Client honeypots are security devices designed to find servers that attack clients. High-interaction client honeypots (HICHPs) classify potentially malicious Web pages by driving a dedicated vulnerable Web browser to retrieve and classify these pages. Considering the size of the Internet, the ability to identify many malicious Web pages is a crucial task. HICHPs, however, present challenges: They are slow and tend to miss attacks. For researchers to address these shortcomings, they need methods for evaluating HICHPs. This paper (1) presents an evaluation method called the true positive cost curve (TPCC), which makes it possible to evaluate and compare HICHPs in an operating environment, but also allows an operator to tune HICHPs within a specific operating environment; (2) presents improvements on the way HICHPs visit Web pages and evaluates them with the TPCC method; and (3) discusses the impact of time bombs on the performance of HICHPs in an operating environment and the ability to tune an HICHP for optimal performance with the help of the TPCC. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security Management with Virtual Gateway Platforms

    Page(s): 70 - 75
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (532 KB) |  | HTML iconHTML  

    In residential environments, a home gateway platform can offer services that are configurable by a user depending on current needs or preferences. Gateway devices are very often managed by a service provider or an access provider to enhance performance or guarantee QoS. Assuming a multi-provider and/or multi-user scenario, a secure framework has to maintain security and privacy between different gateway users. Virtualization of gateway platforms can provide security and it can maintain privacy since it isolates different instances by virtual machines working on the same real machine only restricted by the potential of the underlying hardware. The presented approach does not impose any restriction on the number of providers overcoming side-effects occurring during reconfiguration of the gateway. The model has been evaluated in a multi-provider case study with focus on multimedia data management incorporating several different devices and hardware platforms. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • List of Criteria for a Secure Computer Architecture

    Page(s): 76 - 80
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (171 KB) |  | HTML iconHTML  

    The security of a digital system depends directly on the security of the hardware platform the system is based on. The analysis of currently available computer architectures has shown that such systems offer a lot of security gaps. This is due to the fact that in the past hardware has only been optimized for speed - never for security. In this paper we propose a set of hardware features to support system security. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Detecting Man-in-the-Middle Attacks by Precise Timing

    Page(s): 81 - 86
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (281 KB) |  | HTML iconHTML  

    Man-in-the-middle attacks are one of the most popular and fundamental attacks on distributed systems that have evolved with advances in distributed computing technologies and have assumed several shapes ranging from simple IP spoofing to complicated attacks on wireless communications, which have safety-critical applications such as remote wireless passport verification. This paper proposes a static analysis algorithm for the detection of man-in-the-middle attacks in mobile processes using a solution based on precise timing. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security Framework for DPWS Compliant Devices

    Page(s): 87 - 92
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (686 KB) |  | HTML iconHTML  

    The DPWS (Devices Profile for Web Services) specification enables devices, including small-scale ones, to be integrated seamlessly in service oriented architecture (SOA). Complex enterprise applications are able to access devices functionalities in a Web Service fashion. In some cases, specific applications might require secure transactions that even devices with resources constraints must meet. Devices with hardly 10 KB of run time memory and low speed processors might slow down or run out of memory when ciphering or signing large secure messages. This paper proposes a security model that complies with existing security specifications for Web services and optimizes resources consumptions in such devices. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Multi-level Authentication Scheme Utilizing Smart Cards and Biometrics

    Page(s): 93 - 98
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (320 KB) |  | HTML iconHTML  

    Authentication is an important part of security area. Smart Cards and Biometrics are widely used in authentication schemes. In this work, we propose a novel architecture and scheme for remote authentication. In this architecture, authentication level is decided by a policy server. The scheme provides an ability to use three authentication factors within different levels. Additional credentials are requested from user upon the authentication level determined by the policy server. The proposed scheme is designed to resist well-known attacks like replay and forgery attacks. At the same time, it fulfills many requirements expected from authentication schemes like mutual authentication and not to keep verification table. We also compared our scheme with well known schemes in the literature. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Towards Proactive Policies Supporting Event-Based Task Delegation

    Page(s): 99 - 104
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (498 KB) |  | HTML iconHTML  

    Delegation mechanisms are receiving increasing interest from the research community. Task delegation is a mechanism that supports organisational flexibility in the human-centric workflow systems, and ensures delegation of authority in access control systems. In this paper, we consider task delegation as an advanced security mechanism supporting policy decision. We define an approach to support dynamic delegation of authority within an access control framework. The novelty consists of reasoning on authorisation dependently on task delegation events, and specifies them in terms of delegation policies. When one of these events changes, our access policy decision may change proactively implying dynamic delegation of authority. Existing work on access control systems remain stateless and do not consider this perspective. We highlight such limitations, and propose a task delegation framework to support proactive enforcement of delegation policies. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Process of Engineering of Security of Information Systems (ESIS): The Formalism of Business Processes

    Page(s): 105 - 113
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (907 KB) |  | HTML iconHTML  

    Companies and organizations are faced with quite a tough competition and increasing regulatory and legal constraints. Therefore, the use of security risk management is evolving and becoming more and more important in companies and organizations. We define engineering of security of information systems as a process whose aim is to guarantee the global security of information systems, in their eco-system in order to meet the stakes of companies. After our article focused on the encapsulation of security know-how into UML profiles, we focus this work on the presentation of the process of engineering of security into the formalism of business processes. The main idea is to succeed the adherence, of all stakeholders of the enterprise, into the security problem. To meet these pragmatic and actual needs of companies and organizations, we would suggest an approach to engineering of security, firstly, based on the standards and good practices of security and, secondly, inspired from the best practices and feedback of advances in the engineering of information systems. This paper shows the feasibility of mapping the process of engineering of security of information systems into the formalism of business process, and presents the concepts of engineering of security of information systems using the foundations and models of information systems engineering. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.