By Topic

2009 Annual Computer Security Applications Conference

7-11 Dec. 2009

Filter Results

Displaying Results 1 - 25 of 62
  • [Front cover]

    Publication Year: 2009
    Request permission for commercial reuse | PDF file iconPDF (133 KB)
    Freely Available from IEEE
  • [Title page i]

    Publication Year: 2009, Page(s): i
    Request permission for commercial reuse | PDF file iconPDF (65 KB)
    Freely Available from IEEE
  • [Title page iii]

    Publication Year: 2009, Page(s): iii
    Request permission for commercial reuse | PDF file iconPDF (87 KB)
    Freely Available from IEEE
  • [Copyright notice]

    Publication Year: 2009, Page(s): iv
    Request permission for commercial reuse | PDF file iconPDF (112 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2009, Page(s):v - viii
    Request permission for commercial reuse | PDF file iconPDF (136 KB)
    Freely Available from IEEE
  • Message from General Chair

    Publication Year: 2009, Page(s):ix - x
    Request permission for commercial reuse | PDF file iconPDF (79 KB) | HTML iconHTML
    Freely Available from IEEE
  • Conference Committee

    Publication Year: 2009, Page(s): xi
    Request permission for commercial reuse | PDF file iconPDF (68 KB)
    Freely Available from IEEE
  • Program Committee

    Publication Year: 2009, Page(s): xii
    Request permission for commercial reuse | PDF file iconPDF (70 KB)
    Freely Available from IEEE
  • Additional reviewers

    Publication Year: 2009, Page(s): xiii
    Request permission for commercial reuse | PDF file iconPDF (69 KB)
    Freely Available from IEEE
  • Tutorial Reviewers/ACSAC Committee

    Publication Year: 2009, Page(s): xiv
    Request permission for commercial reuse | PDF file iconPDF (64 KB)
    Freely Available from IEEE
  • Sponsor: Applied Computer Security Associates

    Publication Year: 2009, Page(s): xv
    Request permission for commercial reuse | PDF file iconPDF (60 KB) | HTML iconHTML
    Freely Available from IEEE
  • ACSA Committee

    Publication Year: 2009, Page(s): xvi
    Request permission for commercial reuse | PDF file iconPDF (59 KB)
    Freely Available from IEEE
  • A Network Access Control Mechanism Based on Behavior Profiles

    Publication Year: 2009, Page(s):3 - 12
    Cited by:  Papers (7)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (283 KB) | HTML iconHTML

    Current network access control (NAC) technologies manage the access of new devices into a network to prevent rogue devices from attacking network hosts or services. Typically, new devices are checked against a set of manually defined policies (rules) before being granted access by the NAC enforcer. The main difficulty with this approach lies in the generation and update of new policies manually as... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • RoleVAT: Visual Assessment of Practical Need for Role Based Access Control

    Publication Year: 2009, Page(s):13 - 22
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (489 KB) | HTML iconHTML

    Role based access control (RBAC) is a powerful security administration concept that can simplify permission assignment management. Migration to and maintenance of RBAC requires role engineering, the identification of a set of roles that offer administrative benefit. However, establishing that RBAC is desirable in a given enterprise is lacking in current role engineering processes. To help identify... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • How to Securely Break into RBAC: The BTG-RBAC Model

    Publication Year: 2009, Page(s):23 - 31
    Cited by:  Papers (24)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (661 KB) | HTML iconHTML

    Access control models describe frameworks that dictate how subjects (e.g. users) access resources. In the role-based access control (RBAC) model access to resources is based on the role the user holds within the organization. RBAC is a rigid model where access control decisions have only two output options: grant or deny. break the glass (BTG) policies on the other hand are flexible and allow user... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Computer-Related Risk Futures

    Publication Year: 2009, Page(s):35 - 40
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (174 KB) | HTML iconHTML

    This paper reflects on many risks in the development and use of computer-related systems. It considers past and future alternatives, suggests some remedial approaches, and offers a few broad conclusions. Various long-touted common-sense approaches that are holistic and proactive are more urgently needed now than ever before. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Evaluation of a DPA-Resistant Prototype Chip

    Publication Year: 2009, Page(s):43 - 50
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (657 KB) | HTML iconHTML

    The recently proposed masked logic style iMDPL seems to eradicate many of the latest points of criticism against masked logic styles in general. By means of a prototype chip containing different implementations we analyze the DPA resistance of iMDPL. Furthermore we compare the results with the logic styles' predecessor MDPL, which verifiably suffers from an effect called early propagation. We also... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • FPValidator: Validating Type Equivalence of Function Pointers on the Fly

    Publication Year: 2009, Page(s):51 - 59
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (306 KB) | HTML iconHTML

    Validating function pointers dynamically is very useful for intrusion detection since many runtime attacks exploit function pointer vulnerabilities. Most current solutions tackle this problem through checking whether function pointers target the addresses within the code segment or, more strictly, valid function entries. However, they cannot detect function entry attacks that manipulate function p... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Surgically Returning to Randomized lib(c)

    Publication Year: 2009, Page(s):60 - 69
    Cited by:  Papers (20)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (267 KB) | HTML iconHTML

    To strengthen systems against code injection attacks, the write or execute only policy (W¿X) and address space layout randomization (ASLR) are typically used in combination. The former separates data and code, while the latter randomizes the layout of a process. In this paper we present a new attack to bypass W¿X and ASLR. The state-of-the-art attack against this combination of protections is ba... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • SecureMR: A Service Integrity Assurance Framework for MapReduce

    Publication Year: 2009, Page(s):73 - 82
    Cited by:  Papers (40)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (739 KB) | HTML iconHTML

    MapReduce has become increasingly popular as a powerful parallel data processing model. To deploy MapReduce as a data processing service over open systems such as service oriented architecture, cloud computing, and volunteer computing, we must provide necessary security mechanisms to protect the integrity of MapReduce data processing services. In this paper, we present SecureMR, a practical servic... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Justifying Integrity Using a Virtual Machine Verifier

    Publication Year: 2009, Page(s):83 - 92
    Cited by:  Papers (3)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (330 KB) | HTML iconHTML

    Emerging distributed computing architectures, such as grid and cloud computing, depend on the high integrity execution of each system in the computation. While integrity measurement enables systems to generate proofs of their integrity to remote parties, we find that current integrity measurement approaches are insufficient to prove runtime integrity for systems in these architectures. Integrity m... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Scalable Web Content Attestation

    Publication Year: 2009, Page(s):95 - 104
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (449 KB) | HTML iconHTML

    The Web is a primary means of information sharing for most organizations and people. Currently, a recipient of Web content knows nothing about the environment in which that information was generated other than the specific server from whence it came (and even that information can be unreliable). In this paper, we develop and evaluate the Spork system that uses the trusted platform module (TPM) to ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Study of User-Friendly Hash Comparison Schemes

    Publication Year: 2009, Page(s):105 - 114
    Cited by:  Papers (3)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1047 KB) | HTML iconHTML

    Several security protocols require a human to compare two hash values to ensure successful completion. When the hash values are represented as long sequences of numbers, humans may make a mistake or require significant time and patience to accurately compare the hash values. To improve usability during comparison, a number of researchers have proposed various hash representations that use words, s... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Modeling Modern Network Attacks and Countermeasures Using Attack Graphs

    Publication Year: 2009, Page(s):117 - 126
    Cited by:  Papers (23)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (625 KB) | HTML iconHTML

    By accurately measuring risk for enterprise networks, attack graphs allow network defenders to understand the most critical threats and select the most effective countermeasures. This paper describes substantial enhancements to the NetSPA attack graph system required to model additional present-day threats (zero-day exploits and client-side attacks) and countermeasures (intrusion prevention system... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Evaluating Network Security With Two-Layer Attack Graphs

    Publication Year: 2009, Page(s):127 - 136
    Cited by:  Papers (9)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1013 KB) | HTML iconHTML

    Attack graphs play important roles in analyzing network security vulnerabilities, and previous works have provided meaningful conclusions on the generation and security measurement of attack graphs. However, it is still hard for us to understand attack graphs in a large network, and few suggestions have been proposed to prevent inside malicious attackers from attacking networks. To address these p... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.