By Topic

Risk and Security of Internet and Systems (CRiSIS), 2012 7th International Conference on

Date 10-12 Oct. 2012

Filter Results

Displaying Results 1 - 25 of 26
  • [Front cover]

    Publication Year: 2012 , Page(s): c1
    Save to Project icon | Request Permissions | PDF file iconPDF (28 KB)  
    Freely Available from IEEE
  • [Copyright notice]

    Publication Year: 2012 , Page(s): 1
    Save to Project icon | Request Permissions | PDF file iconPDF (17 KB)  
    Freely Available from IEEE
  • Foreword

    Publication Year: 2012 , Page(s): 1
    Save to Project icon | Request Permissions | PDF file iconPDF (20 KB) |  | HTML iconHTML  
    Freely Available from IEEE
  • Conference organization

    Publication Year: 2012 , Page(s): 1 - 2
    Save to Project icon | Request Permissions | PDF file iconPDF (35 KB)  
    Freely Available from IEEE
  • Trust-based delegation for Ad Hoc QoS enhancing

    Publication Year: 2012 , Page(s): 1 - 7
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (870 KB) |  | HTML iconHTML  

    The importance of resources and services availability in Ad Hoc networks has already been proved several times in the past. It concerns, essentially, node availability as well as routing and forwarding actions accessibility. Unfortunately, nodes' lifetimes may be reduced or even depleted which leads to route failure, packets loss, QoS deterioration, etc. This is mainly due to a battery problem that can be caused by a legitimate consumption or by an attacker. To mitigate this problem and in order to allow nodes perpetuity and to face up any unavailability or flinching, a sharing of nodes' permissions can be used. Delegation is a common practice that is used to simplify and to manage this kind of sharing. Our proposition is then, to use a delegation process in order to enhance the QoS of Ad hoc networks by allowing the perpetuity of routes without stopping the packets transfer nor the re-calculation of a novel route. In view of the importance of the issue, we propose to base delegation on trust relations. Trust is a security concept generally used to provide collaborating network entities with a mean to counter their uncertainty. The main contribution in this paper is then, the proposition of a trust based delegation model for Ad Hoc networks in order to enhance QoS and specially routes availability. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A vector based model approach for defining trust in Multi-Organization Environments

    Publication Year: 2012 , Page(s): 1 - 8
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1500 KB) |  | HTML iconHTML  

    A Multi-Organization Environment is composed of several players that depend on each other for resources and services. In order to manage the security of the exchange process we introduce the concept of trust. We show how this aspect of the cooperative work allows us to increase some security aspects. In particular, we provide a framework where the concepts of trust requirement and trust evaluation play important roles for defining trust vectors. These vectors evaluate a set of requirements, under some conditions, and provide a degree of confidence. In our framework we consider two different types of vectors. On the one hand a vector that relates a user to an organization and on the other hand a vector that links two organizations. Finally we show how these vectors are evaluated and shared among the different organizations, and how we combine the provided trust information in order to enhance the security. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Towards efficient access control in a mobile agent based wireless sensor network

    Publication Year: 2012 , Page(s): 1 - 4
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (539 KB) |  | HTML iconHTML  

    Public key authorization credentials provide a flexible approach to implementing access control in open distributed systems. Wireless sensor networks, are examples of such systems; however, their low-power sensors have energy efficiency requirements that may mean it is not practical to carry out computationally intensive operations, such as public key operations. This paper describes a distributed access control system for a Wireless Sensor Network application that uses computationally efficient one-way hash-functions to implement authorization credentials. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Privacy-by-design based on quantitative threat modeling

    Publication Year: 2012 , Page(s): 1 - 8
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (445 KB) |  | HTML iconHTML  

    While the general concept of “Privacy-by-Design (PbD)” is increasingly a popular one, there is considerable paucity of either rigorous or quantitative underpinnings supporting PbD. Drawing upon privacy-aware modeling techniques, this paper proposes a quantitative threat modeling methodology (QTMM) that can be used to draw objective conclusions about different privacy-related attacks that might compromise a service. The proposed QTMM has been empirically validated in the context of the EU project ABC4Trust, where the end-users actually elicited security and privacy requirements of the so-called privacy-Attribute Based Credentials (privacy-ABCs) in a real-world scenario. Our overall objective, is to provide architects of privacy-respecting systems with a set of quantitative and automated tools to help decide across functional system requirements and the corresponding trade-offs (security, privacy and economic), that should be taken into account before the actual deployment of their services. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Modeling the Stuxnet attack with BDMP: Towards more formal risk assessments

    Publication Year: 2012 , Page(s): 1 - 8
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (694 KB) |  | HTML iconHTML  

    Attack modeling has recently been adopted by security analysts as a useful tool in risk assessment of cyber-physical systems. We propose in this paper to model the Stuxnet attack with BDMP (Boolean logic Driven Markov Processes) formalism and to show the advantages of such modeling. After a description of the architecture targeted by Stuxnet, we explain the steps of the attack and model them formally with a BDMP. Based on estimated values of the success probabilities and rates of the elementary attack steps, we give a quantification of the main possible sequences leading to the physical destruction of the targeted industrial facility. This example completes a series of papers on BDMP applied to security by modeling a real case study. It highlights the advantages of BDMP compared to attack trees often used in security assessment. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Detecting attacks against data in web applications

    Publication Year: 2012 , Page(s): 1 - 8
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (775 KB) |  | HTML iconHTML  

    RRABIDS (Ruby on Rails Anomaly Based Intrusion Detection System) is an application level intrusion detection system for applications implemented with the Ruby on Rails framework. It is aimed at detecting attacks against data in the context of web applications. This anomaly based IDS focuses on the modeling of the application profile in the absence of attacks (called normal profile) using invariants. These invariants are discovered during a learning phase. Then, they are used to instrument the web application at source code level, so that a deviation from the normal profile can be detected at run-time. This paper illustrates on simple examples how the approach detects well known categories of web attacks that involve a state violation of the application, such as SQL injections. Finally, an assessment phase is performed to evaluate the accuracy of the detection provided by the proposed approach. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Partitioning the Internet

    Publication Year: 2012 , Page(s): 1 - 8
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (317 KB) |  | HTML iconHTML  

    This paper presents experimental results for calculating both node- and edge separators on Autonomous System graphs generated from BGP routing information. The separator of a network graph describes a range of interesting properties as it captures components that are critical to overall connectivity. These components play special roles in terms of routing and deserve special attention from those in-charge of network security and resilience. We present empirical evidence showing that the Autonomous System Graph (AS Graph) is hard to separate and large portions always remain connected even in the case of a significant number of concurrent Byzantine failures of Autonomous Systems or connections between Autonomous Systems. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Improving the detection of on-line vertical port scan in IP traffic

    Publication Year: 2012 , Page(s): 1 - 6
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (769 KB) |  | HTML iconHTML  

    We propose in this paper an on-line algorithm based on Bloom filters to detect port scan attacks in IP traffic. Only relevant information about destination IP addresses and destination ports are stored in two steps in a two-dimensional Bloom filter. This algorithm can be indefinitely performed on a real traffic stream thanks to a new adaptive refreshing scheme that closely follows traffic variations. It is a scalable algorithm able to deal with IP traffic at a very high bit rate thanks to the use of hashing functions over a sliding window. Moreover it does not need any a priori knowledge about traffic characteristics. When tested against real IP traffic, the proposed on-line algorithm performs well in the sense that it detects all the port scan attacks within a very short response time of only 10 seconds without any false positive. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Hash pile ups: Using collisions to identify unknown hash functions

    Publication Year: 2012 , Page(s): 1 - 6
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (422 KB) |  | HTML iconHTML  

    Hash functions are often used to consistently assign objects to particular resources, for example to load balancing in networks. These functions can be randomly selected from a family, to prevent attackers generating many colliding objects, which usually results in poor performance. We describe a number of attacks allowing us to identify which hash function from a family is being used by observing a relatively small number of collisions. This knowledge can then be used to generate a large number of colliding inputs. In particular we detail attacks against small families of hashes, Pearson-like hash functions and linear hashes, such as the Toeplitz hash used in Microsoft's Receive Side Scaling. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Investigating the dark cyberspace: Profiling, threat-based analysis and correlation

    Publication Year: 2012 , Page(s): 1 - 8
    Cited by:  Papers (4)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (858 KB) |  | HTML iconHTML  

    An effective approach to gather cyber threat intelligence is to collect and analyze traffic destined to unused Internet addresses known as darknets. In this paper, we elaborate on such capability by profiling darknet data. Such information could generate indicators of cyber threat activity as well as providing in-depth understanding of the nature of its traffic. Particularly, we analyze darknet packets distribution, its used transport, network and application layer protocols and pinpoint its resolved domain names. Furthermore, we identify its IP classes and destination ports as well as geo-locate its source countries. We further investigate darknet-triggered threats. The aim is to explore darknet embedded threats and categorize their severities. Finally, we contribute by exploring the inter-correlation of such threats, by applying association rule mining techniques, to build threat association rules. Specifically, we generate clusters of threats that co-occur targeting a specific victim. Such work proves that specific darknet threats are correlated. Moreover, it provides insights about threat patterns and allows the interpretation of threat scenarios. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A honeypot for arbitrary malware on USB storage devices

    Publication Year: 2012 , Page(s): 1 - 8
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (620 KB) |  | HTML iconHTML  

    Malware is a serious threat for modern information technology. It is therefore vital to be able to detect and analyze such malicious software in order to develop contermeasures. Honeypots are a tool supporting that task - they collect malware samples for analysis. Unfortunately, existing honeypots concentrate on malware that spreads over networks, thus missing any malware that does not use a network for propagation. A popular network-independent technique for malware to spread is copying itself to USB flash drives. In this article we present Ghost, a new kind of honeypot for such USB malware. It detects malware by simulating a removable device in software, thereby tricking malware into copying itself to the virtual device. We explain the concept in detail and evaluate it using samples of wide-spread malware. We conclude that this new approach works reliably even for sophisticated malware, thus rendering the concept a promising new idea. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Evasion-resistant malware signature based on profiling kernel data structure objects

    Publication Year: 2012 , Page(s): 1 - 8
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (915 KB) |  | HTML iconHTML  

    Malware authors attempt in an endless effort to find new methods to evade the malware detection engines. A popular method is the use of obfuscation technologies that change the syntax of malicious code while preserving the execution semantics. This leads to the evasion of signatures that are built based on the code syntax. In this paper, we propose a novel approach to develop an evasion-resistant malware signature. This signature is based on the malware's execution profiles extracted from kernel data structure objects and neither uses malicious code syntax specific information code execution flow information. Thus, proposed signature is more resistant to obfuscation methods and resilient in detecting malicious code variants. To evaluate the effectiveness of the proposed approach, a prototype signature generation tool called SigGENE is developed. The effectiveness of signatures generated by SigGENE evaluated using an experimental root kit-simulation tool that employs techniques commonly found in rootkits. This simulationtool is obfuscated using several different methods. In further experiments, real-world malware samples that have different variants with the same behavior used to verify the real-world applicability of the approach. The experiments show that the proposed approach is effective, not only in generating a signature that detects the malware and its variants and defeats different obfuscation methods, but also, in producing an execution profiles that can be used to characterize different malicious attacks. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Browser function calls modeling for banking malware detection

    Publication Year: 2012 , Page(s): 1 - 7
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (338 KB) |  | HTML iconHTML  

    Financial service providers are moving many services on-line to reduce their costs and facilitate customers' interaction. Criminals have quickly found several ways to exploit multiple vulnerabilities to perpetrate attacks. Traditional signature based detection methods are nowadays easily circumvented due to the amount of new malware samples and the use of sophisticated evasion techniques. The contribution of this paper is twofold. First, we developed a new detection system based in the modeling of the browser execution behavior within an isolated environment. Second, we analyse the results of our system over a set of malware samples. Financial institutions are now playing an important role against malware that specifically affect their customers by deploying their own detection tools. However, most approaches tend to rely on the malware sample itself in order to deploy useless signatures or perform time consuming reverse engineering methods to understand malware actions, so our work aims to help them to be more proactive, implementing tools to protect themselves from new threats. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Don't work. Can't work? Why it's time to rethink security warnings

    Publication Year: 2012 , Page(s): 1 - 8
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (653 KB) |  | HTML iconHTML  

    As the number of Internet users has grown, so have the security threats that they face online. Security warnings are one key strategy for trying to warn users about those threats; but recently, it has been questioned whether they are effective. We conducted a study in which 120 participants brought their own laptops to a usability test of a new academic article summary tool. They encountered a PDF download warning for one of the papers. All participants noticed the warning, but 98 (81.7%) downloaded the PDF file that triggered it. There was no significant difference between responses to a brief generic warning, and a longer specific one. The participants who heeded the warning were overwhelmingly female, and either had previous experience with viruses or lower levels of computing skills. Our analysis of the reasons for ignoring warnings shows that participants have become desensitised by frequent exposure and false alarms, and think they can recognise security risks. At the same time, their answers revealed some misunderstandings about security threats: for instance, they rely on anti-virus software to protect them from a wide range of threats, and do not believe that PDF files can infect their machine with viruses. We conclude that security warnings in their current forms are largely ineffective, and will remain so, unless the number of false positives can be reduced. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Distributed e-voting using the Smart Card Web Server

    Publication Year: 2012 , Page(s): 1 - 8
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (675 KB) |  | HTML iconHTML  

    Voting in elections is the basis of democracy, but citizens may not be able or willing to go to polling stations to vote on election days. Remote e-voting via the Internet provides the convenience of voting on the voter's own computer or mobile device, but Internet voting systems are vulnerable to many common attacks, affecting the integrity of an election. Distributing the processing of votes over many web servers installed in tamper-resistant, secure environments can improve security: this is possible by using the Smart Card Web Server (SCWS) on a mobile phone Subscriber Identity Module (SIM). This paper proposes a generic model for a voting application installed in the SIM/SCWS, which uses standardised Mobile Network Operator (MNO) management procedures to communicate (via HTTPs) with a voting authority to vote. The generic SCWS voting model is then used with the e-voting system Prêt à Voter. A preliminary security analysis of the proposal is carried out, and further research areas are identified. As the SCWS voting application is used in a distributed processing architecture, e-voting security is enhanced because to compromise an election, an attacker must target many individual mobile devices rather than a centralised web server. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Anomaly analysis for Physical Access Control security configuration

    Publication Year: 2012 , Page(s): 1 - 8
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (479 KB) |  | HTML iconHTML  

    Physical Access Controls, such as supervised doors, surveillance cameras and alarms, act as important points of demarcation between physical zones (areas/rooms) of different levels of trust. They do so by controlling personnel flow to and from areas in accordance with the enterprise security policy. A significant challenge in providing physical access control for (restricted) areas is attaining a degree of confidence that a Physical Access Control security configuration adequately addresses the threats. A misconfiguration may result in a threat of unapproved personnel access or the denial of approved personnel access to a restricted zone. In practice, Physical Access Control security configurations typically span multiple zones, involve many users and run to many thousands of access-control rules, and such complexity may increase the likelihood of misconfiguration. In this paper, a formal model for Physical Access Control security configurations is presented. This model, implemented in SAT, captures a number of unique anomalies specific to Physical Access Control domain. A preliminary set of experiments that evaluate our approach is presented. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security-related vulnerability life cycle analysis

    Publication Year: 2012 , Page(s): 1 - 8
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (2017 KB) |  | HTML iconHTML  

    This paper deals with the characterization of security-related vulnerabilities based on public data reported in the Open Source Vulnerability Database. We focus on the analysis of vulnerability life cycle events corresponding to the vulnerability discovery, the vulnerability disclosure, the patch release, and the exploit availability. We study the distribution of the time between these events considering different operating systems (Windows, Unix, Mobile OS), and different attributes such as the vulnerability impact on confidentiality, integrity or availability, the access vector reflecting how the vulnerability is exploited, and the complexity of the exploit. The results obtained highlight some interesting trends and behaviours, concerning, e.g. the time between the disclosure of a vulnerability and the availability of a patch or of the exploit, that are sometimes specific to the considered operating system or the vulnerability attributes. The results are also aimed at providing useful inputs to security risk assessment and modelling studies. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Semantic matching of web services security policies

    Publication Year: 2012 , Page(s): 1 - 8
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (889 KB) |  | HTML iconHTML  

    The lack of semantics in WS-SecurityPolicy (WS-SP) hampers the effectiveness of matching security policies. To resolve this problem, we present a semantic approach for specifying and matching web service security policies. The approach consists in the transformation of WS-SP into an OWL-DL ontology and the definition of a set of rules which automatically generate semantic relations that can exist between the provider and requestor security requirements. We show how these relations lead to more correct and accurate matching of security policies. At the end of this paper, we present the implementation of our approach and its validation through a real-world use case. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Managing and accessing data in the cloud: Privacy risks and approaches

    Publication Year: 2012 , Page(s): 1 - 9
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (816 KB) |  | HTML iconHTML  

    Ensuring proper privacy and protection of the information stored, communicated, processed, and disseminated in the cloud as well as of the users accessing such an information is one of the grand challenges of our modern society. As a matter of fact, the advancements in the Information Technology and the diffusion of novel paradigms such as data outsourcing and cloud computing, while allowing users and companies to easily access high quality applications and services, introduce novel privacy risks of improper information disclosure and dissemination. In this paper, we will characterize different aspects of the privacy problem in emerging scenarios. We will illustrate risks, solutions, and open problems related to ensuring privacy of users accessing services or resources in the cloud, sensitive information stored at external parties, and accesses to such an information. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • CRiSIS 2012 security standards tutorial

    Publication Year: 2012 , Page(s): 1 - 4
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (179 KB) |  | HTML iconHTML  

    This tutorial will introduce researchers to security related activities within some Internet standards development organisations (SDOs), mainly the Internet Engineering Task Force and the World Wide Web Consortium. Having reviewed basic structure and process issues, we will consider how both security researchers and the SDOs can benefit from improved interactions, and how researchers can best approach these SDOs with results. We will then consider a number of technical areas where additional security research or research outputs within the next 2-3 years would be of use to these SDOs. A number (perhaps 3) of these areas will be selected by the tutorial participants for detailed discussion on potentially relevant research. The topics range from the “political” layer (e.g. privacy, censor-reistant protocols), down to protocol-specific areas where highly focused research is needed (e.g. DHCP security, traffic analysis). The goal is to give participants an understanding of the needs and processes of these SDOs, so that researchers with relevant results can feed those into the Internet standards process, benefiting the work of those SDOs and possibly achieving greater real-world impact for the research. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Semiring-based constraint models and frameworks for security-related scenarios

    Publication Year: 2012 , Page(s): 1 - 4
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (453 KB) |  | HTML iconHTML  

    Semiring-based constraint models and frameworks have been extensively used in literature to optimize different security-related metrics, in order to represent trust scores, levels of security and, in general, quantitative information on shared resources to be securely managed. In this tutorial, we summarize four approaches that show an application of these formal models to different security-related problems, as Access Control List-like rights, policy-based access with weighted credentials, propagation of trust on trust-networks, and the cascade vulnerability problem. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.