By Topic

Dependable and Secure Computing, IEEE Transactions on

Issue 4 • Date July-Aug. 2012

Filter Results

Displaying Results 1 - 18 of 18
  • [Front cover]

    Publication Year: 2012 , Page(s): c1
    Request Permissions | PDF file iconPDF (102 KB)  
    Freely Available from IEEE
  • [Inside front cover]

    Publication Year: 2012 , Page(s): c2
    Request Permissions | PDF file iconPDF (122 KB)  
    Freely Available from IEEE
  • Guest Editors' Introduction: Special Section on Learning, Games, and Security

    Publication Year: 2012 , Page(s): 449 - 450
    Request Permissions | PDF file iconPDF (78 KB) |  | HTML iconHTML  
    Freely Available from IEEE
  • Incentive Compatible Privacy-Preserving Distributed Classification

    Publication Year: 2012 , Page(s): 451 - 462
    Cited by:  Papers (3)
    Request Permissions | Click to expandAbstract | PDF file iconPDF (522 KB) |  | HTML iconHTML  

    In this paper, we propose game-theoretic mechanisms to encourage truthful data sharing for distributed data mining. One proposed mechanism uses the classic Vickrey-Clarke-Groves (VCG) mechanism, and the other relies on the Shapley value. Neither relies on the ability to verify the data of the parties participating in the distributed data mining protocol. Instead, we incentivize truth telling based... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Large Margin Gaussian Mixture Models with Differential Privacy

    Publication Year: 2012 , Page(s): 463 - 469
    Request Permissions | Click to expandAbstract | PDF file iconPDF (194 KB) |  | HTML iconHTML  

    As increasing amounts of sensitive personal information is aggregated into data repositories, it has become important to develop mechanisms for processing the data without revealing information about individual data instances. The differential privacy model provides a framework for the development and theoretical analysis of such mechanisms. In this paper, we propose an algorithm for learning a di... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On Privacy of Encrypted Speech Communications

    Publication Year: 2012 , Page(s): 470 - 481
    Request Permissions | Click to expandAbstract | PDF file iconPDF (1279 KB) |  | HTML iconHTML  

    Silence suppression, an essential feature of speech communications over the Internet, saves bandwidth by disabling voice packet transmissions when silence is detected. However, silence suppression enables an adversary to recover talk patterns from packet timing. In this paper, we investigate privacy leakage through the silence suppression feature. More specifically, we propose a new class of traff... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Learning-Based Approach to Reactive Security

    Publication Year: 2012 , Page(s): 482 - 493
    Request Permissions | Click to expandAbstract | PDF file iconPDF (439 KB) |  | HTML iconHTML  

    Despite the conventional wisdom that proactive security is superior to reactive security, we show that reactive security can be competitive with proactive security as long as the reactive defender learns from past attacks instead of myopically overreacting to the last attack. Our game-theoretic model follows common practice in the security literature by making worst case assumptions about the atta... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • ZoneTrust: Fast Zone-Based Node Compromise Detection and Revocation in Wireless Sensor Networks Using Sequential Hypothesis Testing

    Publication Year: 2012 , Page(s): 494 - 511
    Cited by:  Papers (7)
    Request Permissions | Click to expandAbstract | PDF file iconPDF (1076 KB) |  | HTML iconHTML  

    Due to the unattended nature of wireless sensor networks, an adversary can physically capture and compromise sensor nodes and then mount a variety of attacks with the compromised nodes. To minimize the damage incurred by the compromised nodes, the system should detect and revoke them as soon as possible. To meet this need, researchers have recently proposed a variety of node compromise detection s... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • DoubleGuard: Detecting Intrusions in Multitier Web Applications

    Publication Year: 2012 , Page(s): 512 - 525
    Cited by:  Papers (3)
    Request Permissions | Click to expandAbstract | PDF file iconPDF (1409 KB) |  | HTML iconHTML  

    Internet services and applications have become an inextricable part of daily life, enabling communication and the management of personal information from anywhere. To accommodate this increase in application and data complexity, web services have moved to a multitiered design wherein the webserver runs the application front-end logic and data are outsourced to a database or file server. In this pa... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Automated Security Test Generation with Formal Threat Models

    Publication Year: 2012 , Page(s): 526 - 540
    Cited by:  Papers (4)
    Request Permissions | Click to expandAbstract | PDF file iconPDF (1026 KB) |  | HTML iconHTML  

    Security attacks typically result from unintended behaviors or invalid inputs. Security testing is labor intensive because a real-world program usually has too many invalid inputs. It is highly desirable to automate or partially automate security-testing process. This paper presents an approach to automated generation of security tests by using formal threat models represented as Predicate/Transit... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Enforcing Mandatory Access Control in Commodity OS to Disable Malware

    Publication Year: 2012 , Page(s): 541 - 555
    Multimedia
    Request Permissions | Click to expandAbstract | PDF file iconPDF (2942 KB)  

    Enforcing a practical Mandatory Access Control (MAC) in a commercial operating system to tackle malware problem is a grand challenge but also a promising approach. The firmest barriers to apply MAC to defeat malware programs are the incompatible and unusable problems in existing MAC systems. To address these issues, we manually analyze 2,600 malware samples one by one and two types of MAC enforced... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Ensuring Distributed Accountability for Data Sharing in the Cloud

    Publication Year: 2012 , Page(s): 556 - 568
    Cited by:  Papers (26)
    Request Permissions | Click to expandAbstract | PDF file iconPDF (807 KB) |  | HTML iconHTML  

    Cloud computing enables highly scalable services to be easily consumed over the Internet on an as-needed basis. A major feature of the cloud services is that users' data are usually processed remotely in unknown machines that users do not own or operate. While enjoying the convenience brought by this new emerging technology, users' fears of losing control of their own data (particularly, financial... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Give2Get: Forwarding in Social Mobile Wireless Networks of Selfish Individuals

    Publication Year: 2012 , Page(s): 569 - 582
    Cited by:  Papers (5)
    Request Permissions | Click to expandAbstract | PDF file iconPDF (1388 KB) |  | HTML iconHTML  

    In this paper, we present two forwarding protocols for mobile wireless networks of selfish individuals. We assume that all the nodes are selfish and show formally that both protocols are strategy proof, that is, no individual has an interest to deviate. Extensive simulations with real traces show that our protocols introduce an extremely small overhead in terms of delay, while the techniques we in... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Recommendation Models for Open Authorization

    Publication Year: 2012 , Page(s): 583 - 596
    Cited by:  Papers (1)
    Request Permissions | Click to expandAbstract | PDF file iconPDF (1637 KB) |  | HTML iconHTML  

    Major online platforms such as Facebook, Google, and Twitter allow third-party applications such as games, and productivity applications access to user online private data. Such accesses must be authorized by users at installation time. The Open Authorization protocol (OAuth) was introduced as a secure and efficient method for authorizing third-party applications without releasing a user's access ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Resilient Authenticated Execution of Critical Applications in Untrusted Environments

    Publication Year: 2012 , Page(s): 597 - 609
    Cited by:  Papers (3)
    Request Permissions | Click to expandAbstract | PDF file iconPDF (1357 KB) |  | HTML iconHTML  

    Modern computer systems are built on a foundation of software components from a variety of vendors. While critical applications may undergo extensive testing and evaluation procedures, the heterogeneity of software sources threatens the integrity of the execution environment for these trusted programs. For instance, if an attacker can combine an application exploit with a privilege escalation vuln... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Secure Failure Detection and Consensus in TrustedPals

    Publication Year: 2012 , Page(s): 610 - 625
    Cited by:  Papers (2)
    Request Permissions | Click to expandAbstract | PDF file iconPDF (1263 KB) |  | HTML iconHTML  

    We present a modular redesign of TrustedPals, a smart card-based security framework for solving Secure Multiparty Computation (SMC). Originally, TrustedPals assumed a synchronous network setting and allowed to reduce SMC to the problem of fault-tolerant consensus among smart cards. We explore how to make TrustedPals applicable in environments with less synchrony and show how it can be used to solv... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • [Inside back cover]

    Publication Year: 2012 , Page(s): c3
    Request Permissions | PDF file iconPDF (122 KB)  
    Freely Available from IEEE
  • [Back cover]

    Publication Year: 2012 , Page(s): c4
    Request Permissions | PDF file iconPDF (102 KB)  
    Freely Available from IEEE

Aims & Scope

The purpose of TDSC is to publish papers in dependability and security, including the joint consideration of these issues and their interplay with system performance.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Elisa Bertino
CS Department
Purdue University