By Topic

2009 Fourth International Conference on Risks and Security of Internet and Systems (CRiSIS 2009)

19-22 Oct. 2009

Filter Results

Displaying Results 1 - 25 of 27
  • [Title page]

    Publication Year: 2009, Page(s): 1
    Request permission for commercial reuse | PDF file iconPDF (126 KB)
    Freely Available from IEEE
  • [Copyright notice]

    Publication Year: 2009, Page(s): 1
    Request permission for commercial reuse | PDF file iconPDF (53 KB)
    Freely Available from IEEE
  • Foreword

    Publication Year: 2009, Page(s): 1
    Request permission for commercial reuse | PDF file iconPDF (398 KB) | HTML iconHTML
    Freely Available from IEEE
  • [Blank page]

    Publication Year: 2009, Page(s): 1
    Request permission for commercial reuse | PDF file iconPDF (2 KB)
    Freely Available from IEEE
  • Conference committees

    Publication Year: 2009, Page(s): 1
    Request permission for commercial reuse | PDF file iconPDF (402 KB)
    Freely Available from IEEE
  • [Blank page]

    Publication Year: 2009, Page(s): 1
    Request permission for commercial reuse | PDF file iconPDF (9 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2009, Page(s):1 - 2
    Request permission for commercial reuse | PDF file iconPDF (74 KB)
    Freely Available from IEEE
  • A logical framework for reasoning about policies with trust negotiations and workflows in a distributed environment

    Publication Year: 2009, Page(s):3 - 11
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (232 KB) | HTML iconHTML

    We propose in this paper a framework in which the security policies of services in a distributed environment can be expressed. Services interact by exchanging credentials. Each service is made up of an access control policy protecting the access to the service, and of a trust negotiation policy controlling the accessibility of the credentials for other services. We add a workflow layer for each se... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A secured delegation of remote services on IPv6 home networks

    Publication Year: 2009, Page(s):12 - 18
    Cited by:  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (181 KB) | HTML iconHTML

    IPv6 is an attractive technology for innovative services such as health care monitoring, alarm systems, peer to peer applications, virtual machine systems and so on. The generalization of end to end paradigm, possible due to the length of IPv6 addresses, eases the deployment of such services. Nevertheless end to end connection can be a threat since application can be easily accessible from outside... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • CryptoNET: Secure federation protocol and authorization policies for SMI

    Publication Year: 2009, Page(s):19 - 25
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (320 KB) | HTML iconHTML

    The paper describes a protocol for Secure E-Mail Infrastructure for establishing trust between different domains in order to protect mail servers from spam messages. The protocol uses messages for trusted interactions between intra and inter E-mail domain components, Secure E-mail (SEM) servers and Secure Mail Infrastructure (SMI) servers. In addition, the protocol validates E-mail addresses thus ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Formal analysis of attacks for e-voting system

    Publication Year: 2009, Page(s):26 - 34
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (168 KB) | HTML iconHTML

    Recently, the use of formal methods to specify and verify properties of electronic voting (e-voting) systems, with particular interest in security, verifiability, and anonymity, is getting much attention. Formal specification and verification of such systems can greatly help to better understand the system requirements by thoroughly specifying and analyzing the underlying assumptions and security ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Data disclosure risk evaluation

    Publication Year: 2009, Page(s):35 - 72
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (443 KB) | HTML iconHTML

    Many companies have to share various types of information containing private data without being aware about the threats related to such non-controlled disclosure. Therefore we propose a solution to support these companies to evaluate the disclosure risk for all their types of data; by recommending the safest configurations using a smart bootstrapping system. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Runtime verification of declassification for imperative programs: Formal foundations

    Publication Year: 2009, Page(s):43 - 50
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (380 KB) | HTML iconHTML

    Declassification is required for most programs which manipulate protected data to process their results. In highly-secure programs, the declassification decision must be taken explicitly, which means that data or operations which are being declassified are known. This decision is critical and must be supported by automated verifications, which determine the risk of information leakage related to a... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • SIDAN: A tool dedicated to software instrumentation for detecting attacks on non-control-data

    Publication Year: 2009, Page(s):51 - 58
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (144 KB) | HTML iconHTML

    Anomaly based intrusion detection systems rely on the build of a normal behavior model. When a deviation from this normal behavior is detected, an alert is raised. This anomaly approach, unlike the misuse approach, is able to detect unknown attacks. A basic technique to build such a model for a program is to use the system call sequences of the process. To improve the accuracy and completeness of ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Re-inforced stealth breakpoints

    Publication Year: 2009, Page(s):59 - 66
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (241 KB) | HTML iconHTML

    This paper extends VAMPiRE, a stealth breakpoint framework specifically tailored for microscopic malware analysis. Stealth breakpoints are designed to provide unlimited number of code, data and I/O breakpoints that cannot be detected or countered. However, in this paper we present several attacks that can be used to detect and counter VAMPiRE. We then present a solution towards preventing such att... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Permutation-based steganographic channels

    Publication Year: 2009, Page(s):67 - 73
    Cited by:  Papers (25)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (356 KB) | HTML iconHTML

    Covert channels are a mechanism that allows an attacker to parasitically place messages within a legitimate channel. Detection of these covert channels can have consequences for an attacker. Not only is the ability to communicate lost or compromised, but analysis of the channel can lead to the identity of the attacker themselves. If the attacker is a wanted criminal or foreign intelligence service... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A formal methodology for detection of vulnerabilities in an enterprise information system

    Publication Year: 2009, Page(s):74 - 81
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (301 KB) | HTML iconHTML

    From information security point of view, an enterprise is considered as a collection of assets and their interrelations. These interrelations may be built into the enterprise information infrastructure, as in the case of connection of hardware elements in network architecture, or installation of software or information assets in hardware. As a result, access to one element may enable access to ano... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A reference model for risk-aware business process management

    Publication Year: 2009, Page(s):82 - 89
    Cited by:  Papers (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (234 KB) | HTML iconHTML

    The major contribution of this paper is the introduction of a reference model which is capable to consider information acquired within the business process management and risk management domain. The central objective of the reference model is to enable the modeling of risk aspects in such a way that it provides the foundation for risk-aware business process simulations. Within this paper, we first... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Risk analysis via heterogeneous models of SCADA interconnecting Power Grids and Telco networks

    Publication Year: 2009, Page(s):90 - 97
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (580 KB) | HTML iconHTML

    The automation of power grids by means of supervisory control and data acquisition (SCADA) systems has led to an improvement of power grid operations and functionalities but also to pervasive cyber interdependencies between power grids and telecommunication networks. Many power grid services are increasingly depending upon the adequate functionality of SCADA system which in turn strictly depends o... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Greylisting — long term analysis of anti-SPAM effect

    Publication Year: 2009, Page(s):98 - 104
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (275 KB) | HTML iconHTML

    Greylisting is a popular method for protection against SPAM messages since 2003. It often complements other methods (usually search-based ones). This article describes results of the analysis of the efficiency of greylisting performed by Postgrey throughout long period (over 2 years). Also other aspects of greylisting like the real delay in greylisted message delivery are analyzed and results are ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Experiments and data analysis of electronic voting system

    Publication Year: 2009, Page(s):105 - 112
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (257 KB) | HTML iconHTML

    Experimental data sets related to e-voting systems are very demanding in order to improve currently deployed e-voting machines. Unfortunately, the studies of such data about the machines' security, performance and their evolution with respect to the social and technical aspects are still unsatisfactory. During the last four years we have been involved in the development, experimentation, and evalu... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Modeling dependencies in security risk management

    Publication Year: 2009, Page(s):113 - 116
    Cited by:  Papers (11)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (133 KB) | HTML iconHTML

    This paper develops a framework for analyzing security risk dependencies in organizations and ranking the risks. The framework captures how risk `diffuses' via complex interactions and reaches an equilibrium by introducing a risk-rank algorithm. A conceptual structure of an organization-comprised of business units, security threats/vulnerabilities, and people-is leveraged for modeling risk depende... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A quantitative approach to assess information security related risks

    Publication Year: 2009, Page(s):117 - 122
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (225 KB) | HTML iconHTML

    Nowadays providing information security (IS) assurance becomes one of key aspects for many organizations worldwide. This is caused not only by desire of management to protect sensitive information fed by growing hackers ' activity but also by recent enforcement of legal requirements and industry regulations. One of the required procedures to manage information security is regular performing of IS ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Untrustworthiness: A trust-based security metric

    Publication Year: 2009, Page(s):123 - 126
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (184 KB) | HTML iconHTML

    Quantifying security is very hard and, although there are many proposals of security metrics in the literature, no consensual quantitative security metric has been proposed so far. A key difficulty is that security is, usually, more influenced by what is unknown about a system than by what is known about it. In this paper we present the idea of trust-based metrics, which are based on the idea of q... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Honeypot router for routing protocols protection

    Publication Year: 2009, Page(s):127 - 130
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (335 KB) | HTML iconHTML

    Routing protocols are essential for interconnecting networks; however they may enclose several vulnerabilities that can be exploited by malicious attackers. For example, an attacker may send forged packets to a router with the intention of changing or corrupting the routing table, which in turn can reduce the network connectivity and degrade the router functionalities. To prevent and detect such a... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.