Scheduled System Maintenance
On Tuesday, January 22, IEEE Xplore will undergo scheduled maintenance from 1:00-4:00 PM ET
During this time, there may be intermittent impact on performance. We apologize for any inconvenience.

2008 Second International Conference on Emerging Security Information, Systems and Technologies

25-31 Aug. 2008

Filter Results

Displaying Results 1 - 25 of 74
  • [Front cover]

    Publication Year: 2008, Page(s): C1
    Request permission for reuse | PDF file iconPDF (44 KB)
    Freely Available from IEEE
  • [Title page i]

    Publication Year: 2008, Page(s): i
    Request permission for reuse | PDF file iconPDF (10 KB)
    Freely Available from IEEE
  • [Title page iii]

    Publication Year: 2008, Page(s): iii
    Request permission for reuse | PDF file iconPDF (60 KB)
    Freely Available from IEEE
  • [Copyright notice]

    Publication Year: 2008, Page(s): iv
    Request permission for reuse | PDF file iconPDF (45 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2008, Page(s):v - x
    Request permission for reuse | PDF file iconPDF (118 KB)
    Freely Available from IEEE
  • Preface

    Publication Year: 2008, Page(s):xi - xii
    Request permission for reuse | PDF file iconPDF (80 KB) | HTML iconHTML
    Freely Available from IEEE
  • Committees

    Publication Year: 2008, Page(s):xiii - xvi
    Request permission for reuse | PDF file iconPDF (92 KB)
    Freely Available from IEEE
  • Enhancing Trusted Platform Modules with Hardware-Based Virtualization Techniques

    Publication Year: 2008, Page(s):1 - 9
    Cited by:  Papers (15)  |  Patents (7)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (350 KB) | HTML iconHTML

    We present the design of a trusted platform module (TPM) that supports hardware-based virtualization techniques. Our approach enables multiple virtual machines to use the complete power of a hardware TPM by providing for every virtual machine (VM) the illusion that it has its own hardware TPM. For this purpose, we introduce an additional privilege level that is only used by a virtual machine monit... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Secure Task Delegation Model for Workflows

    Publication Year: 2008, Page(s):10 - 15
    Cited by:  Papers (5)  |  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (693 KB) | HTML iconHTML

    Workflow management systems provide some of the required technical means to preserve integrity, confidentiality and availability at the control-, data- and task assignment layers of a workflow. We currently observe a move away from predefined strict workflow enforcement approaches towards supporting exceptions which are difficult to foresee when modelling a workflow. One specific approach for exce... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Formal Modeling of Authentication in SIP Registration

    Publication Year: 2008, Page(s):16 - 21
    Cited by:  Papers (3)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (283 KB) | HTML iconHTML

    The Session Initiation Protocol (SIP) is increasingly used as a signaling protocol for administrating Voice over IP (VoIP) phone calls. SIP can be configured in several ways so that different functional and security requirements are met. Careless configuration of the SIP protocol is known to lead to a large set of attacks. In this paper we show how different configurations of SIP can be specified ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Controlling Access to Location-Based Services in Vehicular Mobile Pervasive Environments

    Publication Year: 2008, Page(s):22 - 27
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (612 KB) | HTML iconHTML

    Management of access control to location-based services in vehicular mobile pervasive environments presents several new challenges such as invisibility, localized scalability and privacy. To our knowledge, merging location-based services in pervasive environments with vehicular mobile environments is still in its infancy. To this end, we present a descriptive architecture for controlling access to... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A New Approach for Secure and Portable OS

    Publication Year: 2008, Page(s):28 - 33
    Cited by:  Papers (2)  |  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (389 KB) | HTML iconHTML

    Data security has been an important concern from many years ago and has gained special importance in Information Technology. Since the present computer systems use layered and modular architectures and execute the instructions in a number of different phases, therefore it has become an imperative to establish a trusted chain between various layers. It usually is integrity checking by hashing of ex... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Distack -- A Framework for Anomaly-Based Large-Scale Attack Detection

    Publication Year: 2008, Page(s):34 - 40
    Cited by:  Papers (4)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (225 KB) | HTML iconHTML

    Distributed denial-of-service attacks pose unpredictable threats to the Internet infrastructure and Internet-based business. Thus, many attack detection systems and anomaly detection methods were developed in the past. A realistic evaluation of these mechanisms and comparable results, however, are impossible up to now. Furthermore, an adaptation to new situations or an extension of existing system... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Team­-Based MAC Policy over Security-­Enhanced Linux

    Publication Year: 2008, Page(s):41 - 46
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (331 KB) | HTML iconHTML

    This paper presents an implementation of team-based access control policy (TMAC) using SELinux as mandatory access control mechanism for Linux operating systems. After explaining the particularities of TMAC in an elaborate example, the paper presents the XML TMAC format developed and introduces a visualization tool that allows a user to explore the TMAC policy. Furthermore, we discuss how this pol... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Prototyping a New Identity Authentication Framework for IP Telephony

    Publication Year: 2008, Page(s):47 - 52
    Cited by:  Patents (4)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (344 KB) | HTML iconHTML

    This paper describes a prototype of a new authentication paradigm using X.509 certificates but with a new trust model. This paradigm provides a scalable anti-phishing solution to identity management helping legal entities such as government or businesses. This paradigm explicitly gives up the goal of "global trust" - trust is always 'local". In everyday life, a user cares only about specific commu... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Polynomial Heuristic Algorithms for Inconsistency Characterization in Firewall Rule Sets

    Publication Year: 2008, Page(s):53 - 61
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (353 KB) | HTML iconHTML

    Firewalls provide the first line of defence of nearly all networked institutions today. However, Firewall ACLs could have inconsistencies, allowing traffic that should be denied or vice versa. In this paper, we analyze the inconsistency characterization problem as a separate problem of the diagnosis one, and propose formal definitions in order to characterize one-to- many inconsistencies. We ident... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security Patterns for Capturing Encryption-Based Access Control to Sensor Data

    Publication Year: 2008, Page(s):62 - 67
    Cited by:  Papers (6)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (269 KB) | HTML iconHTML

    A security pattern describes a particular recurring security problem that arises in specific contexts, and presents a well-proven generic solution for it [1]. This paper describes a generic solution that ensures end-to-end access control for data generated by wireless sensors and consumed by business applications, based on a new approach for encryption-based access control. The existing security m... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security Policy Management for Peer Group Meetings

    Publication Year: 2008, Page(s):68 - 73
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (413 KB) | HTML iconHTML

    Peer-to-peer (P2P) video conference systems receive more attention recently due to their distinct advantages over traditional server-based systems. Security is of primary concern for these systems when running over the public network. To secure the privacy of meetings an appropriate security architecture is required. The security policy management is one of the central components in such architect... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • FEEPVR: First End-to-End Protocol to Secure Ad Hoc Networks with Variable Ranges against Wormhole Attacks

    Publication Year: 2008, Page(s):74 - 79
    Cited by:  Papers (4)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (227 KB) | HTML iconHTML

    In this paper, we present a very simple and efficient end-to-end algorithm to handle wormhole attacks on ad hoc networks with variable ranges of communication. Most of the existing approaches focus on the prevention of wormholes between neighbors that trust each other. The known end-to-end mechanisms assume that all the nodes of the network have same communication range. To the best of our knowled... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Proving Trust Locally

    Publication Year: 2008, Page(s):80 - 87
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (308 KB) | HTML iconHTML

    Simulators and analyzers for protocols do not distinguish between the local 'subjective' view of the agents and the global 'objective' view of the analysis perspective. In practice this means that security analysis in general and protocol analysis in particular do neither model the agents local beliefs nor their local deduction power in a satisfactory way. This paper suggests a solution to the pro... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Security Framework for Input Validation

    Publication Year: 2008, Page(s):88 - 92
    Cited by:  Papers (2)  |  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (301 KB) | HTML iconHTML

    Input manipulation attacks are becoming one of the most common attacks against Web applications and Web services security. As the use of firewalls and other security mechanisms are not effective against application-level attacks, new means of defense are needed. This paper presents a framework proposal to solve this problem, securing applications against input manipulation attacks. The proposed me... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Defending E-Banking Services: Antiphishing Approach

    Publication Year: 2008, Page(s):93 - 98
    Cited by:  Papers (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (498 KB) | HTML iconHTML

    This paper presents the authentication environment defined for securing E-Banking applications. The proposed method is part of a Phd Doctoral thesis aimed at defining a model for secure operation of an Internet Banking environment, even in the presence of malware on the client side. The authentication model has been designed to be easily applicable with minimum impact to the current Internet banki... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Preventing Insider Information Leakage for Enterprises

    Publication Year: 2008, Page(s):99 - 106
    Cited by:  Papers (9)  |  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (235 KB) | HTML iconHTML

    This paper proposes a novel mechanism for protecting sensitive information inside big organisations against unauthorised disclosure by insider or outsider adversaries. Protecting sensitive content from being disclosed to unauthorised parties is a major concern for big enterprises, such as government agencies, banks, clinics and corporations. This paper mainly focuses on preventing insider informat... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Analysis of the Impact of Intensive Attacks on the Self-Similarity Degree of the Network Traffic

    Publication Year: 2008, Page(s):107 - 113
    Cited by:  Papers (3)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (674 KB) | HTML iconHTML

    The research on how to use self-similarity for intrusion detection is not unfounded, as the scaling properties seem to partially define the very nature of aggregated traffic, and may become a potential differentiating factor in the presence of an anomaly. This paper explains how network intensive attacks can be injected into simulated traces of traffic, to then evolve to their analysis using a fas... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Scalable Detection of SIP Fuzzing Attacks

    Publication Year: 2008, Page(s):114 - 119
    Cited by:  Papers (3)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (389 KB) | HTML iconHTML

    The VoIP technology has been increasingly popular and the number of its users has surged in the past years, because of its economical advantage over the traditional PSTN services. As a side effect, various VoIP servers and clients are becoming attractive targets of malicious attacks. This paper outlines the detection rules we have formulated to detect fuzzing attacks, which attempt to crash a VoIP... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.