By Topic

2009 Third International Conference on Emerging Security Information, Systems and Technologies

Date 18-23 June 2009

Filter Results

Displaying Results 1 - 25 of 60
  • [Front cover]

    Publication Year: 2009, Page(s): C1
    Request permission for commercial reuse | PDF file iconPDF (331 KB)
    Freely Available from IEEE
  • [Title page i]

    Publication Year: 2009, Page(s): i
    Request permission for commercial reuse | PDF file iconPDF (11 KB)
    Freely Available from IEEE
  • [Title page iii]

    Publication Year: 2009, Page(s): iii
    Request permission for commercial reuse | PDF file iconPDF (54 KB)
    Freely Available from IEEE
  • [Copyright notice]

    Publication Year: 2009, Page(s): iv
    Request permission for commercial reuse | PDF file iconPDF (125 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2009, Page(s):v - ix
    Request permission for commercial reuse | PDF file iconPDF (185 KB)
    Freely Available from IEEE
  • Preface

    Publication Year: 2009, Page(s):x - xi
    Request permission for commercial reuse | PDF file iconPDF (70 KB) | HTML iconHTML
    Freely Available from IEEE
  • Committee

    Publication Year: 2009, Page(s):xii - xiv
    Request permission for commercial reuse | PDF file iconPDF (82 KB)
    Freely Available from IEEE
  • list-reviewer

    Publication Year: 2009, Page(s):xv - xvi
    Request permission for commercial reuse | PDF file iconPDF (80 KB)
    Freely Available from IEEE
  • Integration of a Security Product in Service-Oriented Architecture

    Publication Year: 2009, Page(s):1 - 7
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (274 KB) | HTML iconHTML

    The future of enterprise software development lies in the use of a service-oriented architecture (SOA) to support business concerns. Business services are using security services offered by service-oriented security architectures for security support. The question remains how to implement the security services using traditional security products and how to map security policies defined at service ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Security Pattern for Untraceable Secret Handshakes

    Publication Year: 2009, Page(s):8 - 14
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (219 KB) | HTML iconHTML

    A security pattern describes a particular recurring security problem that arises in specific contexts and presents a well-proven generic solution for it. This paper describes an untraceable secret handshake, a protocol that allows two users to mutually verify another's properties without revealing their identity. The complex security solution is split into smaller parts which are described in an a... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Comparison of Static Code Analysis Tools

    Publication Year: 2009, Page(s):15 - 22
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (198 KB) | HTML iconHTML

    In this paper we compare three static code analysis tools. The tools represent three different approaches in the field of static analysis: fortify SCA is a non-annotation based heuristic analyzer, Splint represents an annotation based heuristic analyzer, and Frama-C an annotation based correct analyzer. The tools are compared by analysing their performance when checking a demonstration code with i... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using Object-Oriented Concepts to Develop a High-Level Information Privacy Risk Management Model

    Publication Year: 2009, Page(s):23 - 30
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (199 KB) | HTML iconHTML

    In this paper we present a conceptual model for the management of information privacy risk in large organisations. The model is based on the similarities between the concepts of departments in large organisations and the object-oriented computer paradigm. It is a high-level model that takes a holistic view of information privacy risk management, and, as such, identifies risk in both manual and aut... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • AFMAP: Anonymous Forward-Secure Mutual Authentication Protocols for RFID Systems

    Publication Year: 2009, Page(s):31 - 36
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (255 KB) | HTML iconHTML

    In this paper we propose two mutual authentication protocols for RFID systems. Generally, in RFID systems, a reader can authenticate tags in the real-time and batch modes. This paper proposes the first authentication protocol for the real-time mode. It also proposes an efficient robust mutual authentication protocol for the batch mode. Some significant characteristics of the protocols are forward ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Secrecy for Bounded Security Protocols without Freshness Check

    Publication Year: 2009, Page(s):37 - 41
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (193 KB) | HTML iconHTML

    The secrecy problem for security protocols is the problem to decide whether or not a given security protocol has leaky runs. The complexity of the secrecy problem for bounded security protocols without freshness check remained open. In this paper, we prove DEXPTIME-completeness of the secrecy problem for bounded security protocols without freshness check, solving the problem left open. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Distributed Intrusion Detection: Simulation and Evaluation of Two Methodologies

    Publication Year: 2009, Page(s):42 - 48
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (286 KB) | HTML iconHTML

    The proliferation of wideband connections while opening the market to a wealth of Web based applications has also provided a pervasive set of injection point for malicious network traffic. This fact has generated a new storm of network attacks that every day generates a non negligible amount of network traffic. Intrusion Detection Systems (IDS) aim at preventing the delivery of malicious traffic t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Formal IT-Security Model for a Weak Fair-Exchange Cooperation with Non-repudiation Proofs

    Publication Year: 2009, Page(s):49 - 56
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (294 KB) | HTML iconHTML

    This article presents a formal IT-security model for the step-by-step exchange of digital items. Following the taxonomy of Asokan the model presented here addresses the security requirements for a so-called ldquoweakrdquo fair exchange. ldquoWeakrdquo refers to the fact, that third parties are used to dissolve disputes. In this model, non-repudiation proofs are used in an external dispute to estab... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Quantification of the Effect of Security on Performance in Wireless LANs

    Publication Year: 2009, Page(s):57 - 62
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (301 KB) | HTML iconHTML

    This paper investigates and quantifies the effect of different security protocols on the performance of a wireless LAN. Experiments were performed on a wireless test-bed and the data obtained was analyzed for throughput, delay and packet loss under different security scenarios. Both TCP and UDP traffic streams were analyzed at three different data rates. The effect of congestion is also quantified... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • True Positive Cost Curve: A Cost-Based Evaluation Method for High-Interaction Client Honeypots

    Publication Year: 2009, Page(s):63 - 69
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (269 KB) | HTML iconHTML

    Client honeypots are security devices designed to find servers that attack clients. High-interaction client honeypots (HICHPs) classify potentially malicious Web pages by driving a dedicated vulnerable Web browser to retrieve and classify these pages. Considering the size of the Internet, the ability to identify many malicious Web pages is a crucial task. HICHPs, however, present challenges: They ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security Management with Virtual Gateway Platforms

    Publication Year: 2009, Page(s):70 - 75
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (532 KB) | HTML iconHTML

    In residential environments, a home gateway platform can offer services that are configurable by a user depending on current needs or preferences. Gateway devices are very often managed by a service provider or an access provider to enhance performance or guarantee QoS. Assuming a multi-provider and/or multi-user scenario, a secure framework has to maintain security and privacy between different g... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • List of Criteria for a Secure Computer Architecture

    Publication Year: 2009, Page(s):76 - 80
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (171 KB) | HTML iconHTML

    The security of a digital system depends directly on the security of the hardware platform the system is based on. The analysis of currently available computer architectures has shown that such systems offer a lot of security gaps. This is due to the fact that in the past hardware has only been optimized for speed - never for security. In this paper we propose a set of hardware features to support... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Detecting Man-in-the-Middle Attacks by Precise Timing

    Publication Year: 2009, Page(s):81 - 86
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (281 KB) | HTML iconHTML

    Man-in-the-middle attacks are one of the most popular and fundamental attacks on distributed systems that have evolved with advances in distributed computing technologies and have assumed several shapes ranging from simple IP spoofing to complicated attacks on wireless communications, which have safety-critical applications such as remote wireless passport verification. This paper proposes a stati... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security Framework for DPWS Compliant Devices

    Publication Year: 2009, Page(s):87 - 92
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (686 KB) | HTML iconHTML

    The DPWS (Devices Profile for Web Services) specification enables devices, including small-scale ones, to be integrated seamlessly in service oriented architecture (SOA). Complex enterprise applications are able to access devices functionalities in a Web Service fashion. In some cases, specific applications might require secure transactions that even devices with resources constraints must meet. D... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Multi-level Authentication Scheme Utilizing Smart Cards and Biometrics

    Publication Year: 2009, Page(s):93 - 98
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (320 KB) | HTML iconHTML

    Authentication is an important part of security area. Smart Cards and Biometrics are widely used in authentication schemes. In this work, we propose a novel architecture and scheme for remote authentication. In this architecture, authentication level is decided by a policy server. The scheme provides an ability to use three authentication factors within different levels. Additional credentials are... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Towards Proactive Policies Supporting Event-Based Task Delegation

    Publication Year: 2009, Page(s):99 - 104
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (498 KB) | HTML iconHTML

    Delegation mechanisms are receiving increasing interest from the research community. Task delegation is a mechanism that supports organisational flexibility in the human-centric workflow systems, and ensures delegation of authority in access control systems. In this paper, we consider task delegation as an advanced security mechanism supporting policy decision. We define an approach to support dyn... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Process of Engineering of Security of Information Systems (ESIS): The Formalism of Business Processes

    Publication Year: 2009, Page(s):105 - 113
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (907 KB) | HTML iconHTML

    Companies and organizations are faced with quite a tough competition and increasing regulatory and legal constraints. Therefore, the use of security risk management is evolving and becoming more and more important in companies and organizations. We define engineering of security of information systems as a process whose aim is to guarantee the global security of information systems, in their eco-s... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.