2008 Third International Conference on Availability, Reliability and Security

4-7 March 2008

Filter Results

Displaying Results 1 - 25 of 214
  • [Front cover]

    Publication Year: 2008, Page(s): C1
    Request permission for commercial reuse | PDF file iconPDF (507 KB)
    Freely Available from IEEE
  • [Title page i]

    Publication Year: 2008, Page(s): i
    Request permission for commercial reuse | PDF file iconPDF (43 KB)
    Freely Available from IEEE
  • [Title page iii]

    Publication Year: 2008, Page(s): iii
    Request permission for commercial reuse | PDF file iconPDF (84 KB)
    Freely Available from IEEE
  • [Copyright notice]

    Publication Year: 2008, Page(s): iv
    Request permission for commercial reuse | PDF file iconPDF (61 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2008, Page(s):v - xx
    Request permission for commercial reuse | PDF file iconPDF (164 KB)
    Freely Available from IEEE
  • Chair Message

    Publication Year: 2008, Page(s): xxi
    Request permission for commercial reuse | PDF file iconPDF (188 KB) | HTML iconHTML
    Freely Available from IEEE
  • Conference Officers

    Publication Year: 2008, Page(s): xxii
    Request permission for commercial reuse | PDF file iconPDF (120 KB)
    Freely Available from IEEE
  • Keynote Atluri

    Publication Year: 2008, Page(s):xxiii - xxv
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (131 KB) | HTML iconHTML

    Provides an abstract for each of the keynote presentations and a brief professional biography of each presenter. The complete presentations were not made available for publication as part of the conference proceedings. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Keynote Pernul

    Publication Year: 2008, Page(s): xxvi
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (146 KB)

    Provides an abstract for each of the keynote presentations and a brief professional biography of each presenter. The complete presentations were not made available for publication as part of the conference proceedings. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Keynote Sandhu

    Publication Year: 2008, Page(s):xxvii - xxxii
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (87 KB) | HTML iconHTML

    Provides an abstract of the keynote presentation and a brief professional biography of the presenter. The complete presentation was not made available for publication as part of the conference proceedings. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Securing Telehealth Applications in a Web-Based e-Health Portal

    Publication Year: 2008, Page(s):3 - 9
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (583 KB) | HTML iconHTML

    Telehealth applications can deliver medical services to patients at remote locations using telecommunications technologies, such as the Internet. At the same time, such applications also pose unique security challenges. First, the trust issue becomes more severe due to the lack of visual proofs in telehealth applications. The public key infrastructure (PKI) is insufficient for providing the same k... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Multi-Level Reputation-Based Greylisting

    Publication Year: 2008, Page(s):10 - 17
    Cited by:  Papers (12)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (768 KB) | HTML iconHTML

    We present the idea and implementation details of a highly effective and reliable e-mail filtering technique. At the core of the component-based architecture is a novel combination of an enhanced self-learning variant of greylisting with a reputation-based trust mechanism. These strategies provide separate feature extraction and classification components with the opportunity of utilizing the time ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Hardening XDS-Based Architectures

    Publication Year: 2008, Page(s):18 - 25
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (588 KB) | HTML iconHTML

    Healthcare is an information-intensive domain and therefore information technologies are playing an ever-growing role in this sector. They are expected to increase the efficiency of the delivery of healthcare services in order to both improve the quality and reduce the costs. In this context, security has been identified as a priority although several gaps still exist. This paper reports on the re... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Finding Evidence of Antedating in Digital Investigations

    Publication Year: 2008, Page(s):26 - 32
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (270 KB) | HTML iconHTML

    Finding evidence of antedating is an important goal in many digital investigations. This paper explores how causality can expose antedating by investigating storage systems for causality and correlate causality with stored timestamps. Causality is determined in two different system types; storage systems using sequence numbers and storage systems using the first-fit allocation strategy. Causality ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • FEDC: Control Flow Error Detection and Correction for Embedded Systems without Program Interruption

    Publication Year: 2008, Page(s):33 - 38
    Cited by:  Papers (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (394 KB) | HTML iconHTML

    This paper proposes a new technique called CFEDC to detect and correct control flow errors (CFEs) without program interruption. The proposed technique is based on the modification of application software and minor changes in the underlying hardware. To demonstrate the effectiveness of CFEDC, it has been implemented on an OpenRISC 1200 as a case study. Analytical results for three workload programs... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Economic and Security Aspects of Applying a Threshold Scheme in e-Health

    Publication Year: 2008, Page(s):39 - 46
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (780 KB) | HTML iconHTML

    Today, the healthcare sector is driven by the need to reduce costs while simultaneously increasing the service quality for patients. This goal can be reached by the implementation of electronic health records. Although several architectures have been proposed, these approaches lack appropriate security mechanisms to protect the patients' privacy. This paper outlines our approach called PIPE, which... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Evaluation of Anomaly Based Character Distribution Models in the Detection of SQL Injection Attacks

    Publication Year: 2008, Page(s):47 - 55
    Cited by:  Papers (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (419 KB) | HTML iconHTML

    The ubiquity of Web applications has led to an increased focus on the development of attacks targeting these applications. One particular type of attack that has recently become prominent is the SQL injection attack. SQL injection attacks can potentially result in unauthorized access to confidential information stored in a backend database. In this paper we describe an anomaly based approach which... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On the Possibility of Small, Service-Free Disk Based Storage Systems

    Publication Year: 2008, Page(s):56 - 63
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (451 KB) | HTML iconHTML

    For many storage providers, the cost of providing service calls exceeds the costs of the hardware being serviced. In this paper, we show that zero- maintenance, small disk arrays are too expensive, but that low-maintenance arrays are feasible and describe a possible implementation. Our evaluation technique replaces Mean Time to Data Loss with the lifespan. Our results also show the impact of the a... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Efficient High Availability Commit Processing

    Publication Year: 2008, Page(s):64 - 71
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (411 KB) | HTML iconHTML

    Distributed transaction systems require an atomic commitment protocol to preserve ACID properties. A commit protocol should add as little overhead as possible to avoid hampering performance. In this paper, dynamic coordinators are introduced. In main memory primary-backup systems, the approach significantly reduces the time spent during commit processing. The performance of such protocols must be ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Soundness Conditions for Message Encoding Abstractions in Formal Security Protocol Models

    Publication Year: 2008, Page(s):72 - 79
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (414 KB) | HTML iconHTML

    In formal methods, security protocols are usually modeled with a high level of abstraction. In particular, marshalling/unmarshalling operations on transmitted messages are generally abstracted away. However, in real applications, errors in this protocol component could be exploited to break protocol security. In order to solve this issue, this paper formally shows that, under some constraints chec... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Towards Formal Specification of Abstract Security Properties

    Publication Year: 2008, Page(s):80 - 87
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (380 KB) | HTML iconHTML

    Formal methods, especially in the field of model checking, have been used traditionally to analyse security solutions in order to determine whether they fulfil certain properties. Practical results have proven the suitability and advantages of the use of formal approaches for this purpose. However, in these works the definition of the different security properties shows two main problems: (i) prop... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Behavioral Model of Ideologically-motivated “Snowball” Attacks

    Publication Year: 2008, Page(s):88 - 95
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (308 KB) | HTML iconHTML

    As our daily life depends more and more on Internet technology, it also becomes increasingly susceptible to new types of cyber threats. These threats often take a form of innovative malicious behavior and commonly emerge in a pace that exceeds the capability of security experts to develop timely solutions to counter such threats. In this context it becomes particularly important to develop a good ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Property Specification and Static Verification of UML Models

    Publication Year: 2008, Page(s):96 - 103
    Cited by:  Papers (9)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (371 KB) | HTML iconHTML

    We present a static verification tool (SVT), a system that performs static verification on UML models composed of UML class and state machine diagrams. Additionally, the SVT allows the user to add extra behavior specification in the form of guards and effects by defining a small action language. UML models are checked against properties written in a special-purpose property language that allows th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Towards Comprehensive Requirement Analysis for Data Warehouses: Considering Security Requirements

    Publication Year: 2008, Page(s):104 - 111
    Cited by:  Papers (11)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (403 KB) | HTML iconHTML

    Data warehouse (DW) systems integrate data from heterogeneous sources and are used by decision makers to analyze the status and the development of an organization. Traditionally, requirement analysis approaches for DWs have focused purely on information needs of decision makers, without considering other kinds of requirements such as security or performance. But modeling these issues in the early ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A New Scheme for Distributed Density Estimation based Privacy-Preserving Clustering

    Publication Year: 2008, Page(s):112 - 119
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (451 KB) | HTML iconHTML

    The sensitive information leakage and security risk is a problem from which both individual and enterprise suffer in massive data collection and the information retrieval by the distrusted parties. In this paper, we focus on the privacy issue of data clustering and point out some security risks in the existing data mining algorithms. Associated with cryptographic techniques, we initiate an applica... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.