Different norms demand the measurment of IT-security. But how the measurement should be carried out, is not part of the norms. To compare the results of the different methods and tools with each other, it is necessary to validate the measuring tools. The scientific validation of measuring tools in the area of IT-security raises many questions that have not been discussed not to mention answered.
{"title":"Validation of IT-security measurement tools","authors":"Ruedi Baer, Martin Dietrich","doi":"10.1109/ARES.2006.142","DOIUrl":"https://doi.org/10.1109/ARES.2006.142","url":null,"abstract":"Different norms demand the measurment of IT-security. But how the measurement should be carried out, is not part of the norms. To compare the results of the different methods and tools with each other, it is necessary to validate the measuring tools. The scientific validation of measuring tools in the area of IT-security raises many questions that have not been discussed not to mention answered.","PeriodicalId":106780,"journal":{"name":"First International Conference on Availability, Reliability and Security (ARES'06)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133020321","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Domain name systems (DNS) provide the mapping between easily-remembered host names and their IP addresses. Popular DNS implementations however contain vulnerabilities that are exploited by frequent, targeted attacks. The software vulnerabilities of DNS together with the constant innovation and morphing of cyber attack techniques necessitate the consideration of the worst case scenarios: there will be successful but undetected attacks against DNS servers. In this work, we develop a secure DNS architecture that contains the damage of successful, undetected attacks. This formidable end is achieved by constantly cleansing the servers and rotating the role of individual servers. Moreover, the server rotation process itself is protected against corruption by hardware. We will show the advantages of our design in the following areas: (1) protection of the DNS master file and cryptographic keys, (2) incorruptible intrusion tolerance, (3) high availability, and (4) scalability, the support of using of high degrees of hardware/server redundancy to improve both system security and service dependability. Due to the critical importance of DNS, such a dependable and intrusion-resilient design contributes significantly to the overall security of the Internet.
{"title":"Securing DNS services through system self cleansing and hardware enhancements","authors":"Y. Huang, David Arsenault, A. Sood","doi":"10.1109/ARES.2006.123","DOIUrl":"https://doi.org/10.1109/ARES.2006.123","url":null,"abstract":"Domain name systems (DNS) provide the mapping between easily-remembered host names and their IP addresses. Popular DNS implementations however contain vulnerabilities that are exploited by frequent, targeted attacks. The software vulnerabilities of DNS together with the constant innovation and morphing of cyber attack techniques necessitate the consideration of the worst case scenarios: there will be successful but undetected attacks against DNS servers. In this work, we develop a secure DNS architecture that contains the damage of successful, undetected attacks. This formidable end is achieved by constantly cleansing the servers and rotating the role of individual servers. Moreover, the server rotation process itself is protected against corruption by hardware. We will show the advantages of our design in the following areas: (1) protection of the DNS master file and cryptographic keys, (2) incorruptible intrusion tolerance, (3) high availability, and (4) scalability, the support of using of high degrees of hardware/server redundancy to improve both system security and service dependability. Due to the critical importance of DNS, such a dependable and intrusion-resilient design contributes significantly to the overall security of the Internet.","PeriodicalId":106780,"journal":{"name":"First International Conference on Availability, Reliability and Security (ARES'06)","volume":"71 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114495628","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
When the Web services are used, there is a case that they need not identify who is the user if the user is the regular user. In this paper, we propose the method that the service based on authority can be used by public-key certificate and attribute certificate without identifying. As a result, the user can take the services though the user with a regular authority is not identified by the service server. Moreover, the service server confirms user is a regular user, and can provide the services without identifying the user. Our method makes it possible to protect the user's usage information.
{"title":"A proposal of an anonymous authentication method for flat-rate service","authors":"Yoshio Kakizaki, Hiroshi Yamamoto, H. Tsuji","doi":"10.1109/ARES.2006.12","DOIUrl":"https://doi.org/10.1109/ARES.2006.12","url":null,"abstract":"When the Web services are used, there is a case that they need not identify who is the user if the user is the regular user. In this paper, we propose the method that the service based on authority can be used by public-key certificate and attribute certificate without identifying. As a result, the user can take the services though the user with a regular authority is not identified by the service server. Moreover, the service server confirms user is a regular user, and can provide the services without identifying the user. Our method makes it possible to protect the user's usage information.","PeriodicalId":106780,"journal":{"name":"First International Conference on Availability, Reliability and Security (ARES'06)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114786361","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In highly open systems like the Internet, attribute-based access control (ABAC) has proven its appropriateness. The specification and maintenance of ABAC policies however has turned out to be complex and error-prone, especially if heterogeneous attribute schemes are involved. Here, the arising semantic Web can contribute to a solution. This paper presents an approach based on an extension of the established XACML standard. It simplifies the policies by providing an ontology-based attribute management facility.
{"title":"Supporting attribute-based access control with ontologies","authors":"Torsten Priebe, Wolfgang Dobmeier, N. Kamprath","doi":"10.1109/ARES.2006.127","DOIUrl":"https://doi.org/10.1109/ARES.2006.127","url":null,"abstract":"In highly open systems like the Internet, attribute-based access control (ABAC) has proven its appropriateness. The specification and maintenance of ABAC policies however has turned out to be complex and error-prone, especially if heterogeneous attribute schemes are involved. Here, the arising semantic Web can contribute to a solution. This paper presents an approach based on an extension of the established XACML standard. It simplifies the policies by providing an ontology-based attribute management facility.","PeriodicalId":106780,"journal":{"name":"First International Conference on Availability, Reliability and Security (ARES'06)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117044310","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We present a new approach to integrated security and dependability evaluation, which is based on stochastic modelling techniques. Our proposal aims to provide operational measures of the trustworthiness of a system, regardless if the underlying failure cause is intentional or not. By viewing system states as elements in a stochastic game, we can compute the probabilities of expected attacker behavior, and thereby be able to model attacks as transitions between system states. The proposed game model is based on a reward-and cost concept. A section of the paper is devoted to the demonstration of how the expected attacker behavior is affected by the parameters of the game. Our model opens up for use traditional Markov analysis to make new types of probabilistic predictions for a system, such as its expected time to security failure.
{"title":"Towards a stochastic model for integrated security and dependability evaluation","authors":"K. Sallhammar, B. Helvik, S. J. Knapskog","doi":"10.1109/ARES.2006.137","DOIUrl":"https://doi.org/10.1109/ARES.2006.137","url":null,"abstract":"We present a new approach to integrated security and dependability evaluation, which is based on stochastic modelling techniques. Our proposal aims to provide operational measures of the trustworthiness of a system, regardless if the underlying failure cause is intentional or not. By viewing system states as elements in a stochastic game, we can compute the probabilities of expected attacker behavior, and thereby be able to model attacks as transitions between system states. The proposed game model is based on a reward-and cost concept. A section of the paper is devoted to the demonstration of how the expected attacker behavior is affected by the parameters of the game. Our model opens up for use traditional Markov analysis to make new types of probabilistic predictions for a system, such as its expected time to security failure.","PeriodicalId":106780,"journal":{"name":"First International Conference on Availability, Reliability and Security (ARES'06)","volume":"50 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117127105","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Maria Karyda, Theodoros Balopoulos, L. Gymnopoulos, S. Kokolakis, C. Lambrinoudakis, S. Gritzalis, S. Dritsas
This paper addresses the issue of accommodating security requirements in application development. It proposes the use of ontologies for capturing and depicting the security experts' knowledge. In this way developers can exploit security expertise in order to make design choices that help them fulfil security requirements more effectively. We have developed a security ontology for two different application scenarios to illustrate its use. To validate the ontology we have used queries.
{"title":"An ontology for secure e-government applications","authors":"Maria Karyda, Theodoros Balopoulos, L. Gymnopoulos, S. Kokolakis, C. Lambrinoudakis, S. Gritzalis, S. Dritsas","doi":"10.1109/ARES.2006.28","DOIUrl":"https://doi.org/10.1109/ARES.2006.28","url":null,"abstract":"This paper addresses the issue of accommodating security requirements in application development. It proposes the use of ontologies for capturing and depicting the security experts' knowledge. In this way developers can exploit security expertise in order to make design choices that help them fulfil security requirements more effectively. We have developed a security ontology for two different application scenarios to illustrate its use. To validate the ontology we have used queries.","PeriodicalId":106780,"journal":{"name":"First International Conference on Availability, Reliability and Security (ARES'06)","volume":"94 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123610169","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Existing protocols for archival systems make use of verifiability of shares in conjunction with a proactive secret sharing scheme to achieve high availability and long term confidentiality, besides data integrity. In this paper, we extend an existing protocol (Wong et al. [2002]) to take care of more realistic situations. For example, it is assumed in the protocol of Wong et al. that the recipients of the secret shares are all trustworthy; we relax this by requiring that only a majority is trustworthy.
现有的档案系统协议利用股份的可核实性,并结合一个主动的秘密共享计划,以实现高可用性和长期机密性,以及数据完整性。在本文中,我们扩展了现有的协议(Wong et al.[2002]),以照顾更现实的情况。例如,Wong等人的协议假设秘密股份的接收者都是值得信赖的;我们放宽了这一点,要求只有多数人是值得信赖的。
{"title":"An extended verifiable secret redistribution protocol for archival systems","authors":"V. Gupta, K. Gopinath","doi":"10.1109/ARES.2006.26","DOIUrl":"https://doi.org/10.1109/ARES.2006.26","url":null,"abstract":"Existing protocols for archival systems make use of verifiability of shares in conjunction with a proactive secret sharing scheme to achieve high availability and long term confidentiality, besides data integrity. In this paper, we extend an existing protocol (Wong et al. [2002]) to take care of more realistic situations. For example, it is assumed in the protocol of Wong et al. that the recipients of the secret shares are all trustworthy; we relax this by requiring that only a majority is trustworthy.","PeriodicalId":106780,"journal":{"name":"First International Conference on Availability, Reliability and Security (ARES'06)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122110557","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper discusses usability and practicality issues for authentication systems based on biometrics. The effectiveness of a system incorporating an authentication method depends not only on theoretical and technological issues, but also on user interaction with and practical implementation of the system by an organisation. It is becoming increasingly common that IT and physical security are converging, especially in the workplace. This has significant ramifications for the workforce and operational matters. In this paper we pay particular attention to the potential issues that arise when companies introduce biometrics for IT or physical security and provide recommendations that help ensure a usable and practical implementation of the technology.
{"title":"The usability and practicality of biometric authentication in the workplace","authors":"C. Maple, P. Norrington","doi":"10.1109/ARES.2006.133","DOIUrl":"https://doi.org/10.1109/ARES.2006.133","url":null,"abstract":"This paper discusses usability and practicality issues for authentication systems based on biometrics. The effectiveness of a system incorporating an authentication method depends not only on theoretical and technological issues, but also on user interaction with and practical implementation of the system by an organisation. It is becoming increasingly common that IT and physical security are converging, especially in the workplace. This has significant ramifications for the workforce and operational matters. In this paper we pay particular attention to the potential issues that arise when companies introduce biometrics for IT or physical security and provide recommendations that help ensure a usable and practical implementation of the technology.","PeriodicalId":106780,"journal":{"name":"First International Conference on Availability, Reliability and Security (ARES'06)","volume":"54 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124661095","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Y. Nakajima, Kenichi Watanabe, Naohiro Hayashibara, M. Takizawa, T. Enokido, S. Deen
Service supported by an object is modeled to be a set of methods and quality of service (QoS). In addition to finding a peer which holds a target object, it is critical to discuss what peer is allowed to manipulate the target object in what method. In this paper, we take an acquaintance approach to finding and manipulating objects in P2P overlay networks. An acquaintance peer of a peer p is a peer whose service the peer p know and with which the peer p can directly communicate. If an access request is issued, a peer has to find where a target object exists, how to obtain an access right on the target object, and how to manipulate the target object. In this paper, we discuss ways to obtain results which satisfying an access requests by the cooperation of acquaintances. Acquaintance peers of a peer p may knows different information on target peers since it takes time to propagate change information of the target peers and peers may be faulty. Here, it is critical to discuss how much a peer can trust each acquaintance. We define the trustworthiness of an acquaintance peer in terms of the acquaintance relations among the peers.
{"title":"Satisfiability and trustworthiness of peers in peer-to-peer overlay networks","authors":"Y. Nakajima, Kenichi Watanabe, Naohiro Hayashibara, M. Takizawa, T. Enokido, S. Deen","doi":"10.1109/ARES.2006.116","DOIUrl":"https://doi.org/10.1109/ARES.2006.116","url":null,"abstract":"Service supported by an object is modeled to be a set of methods and quality of service (QoS). In addition to finding a peer which holds a target object, it is critical to discuss what peer is allowed to manipulate the target object in what method. In this paper, we take an acquaintance approach to finding and manipulating objects in P2P overlay networks. An acquaintance peer of a peer p is a peer whose service the peer p know and with which the peer p can directly communicate. If an access request is issued, a peer has to find where a target object exists, how to obtain an access right on the target object, and how to manipulate the target object. In this paper, we discuss ways to obtain results which satisfying an access requests by the cooperation of acquaintances. Acquaintance peers of a peer p may knows different information on target peers since it takes time to propagate change information of the target peers and peers may be faulty. Here, it is critical to discuss how much a peer can trust each acquaintance. We define the trustworthiness of an acquaintance peer in terms of the acquaintance relations among the peers.","PeriodicalId":106780,"journal":{"name":"First International Conference on Availability, Reliability and Security (ARES'06)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125039960","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper presents an approach on recognising individuals based on 3D acceleration data from walking, which are collected using MEMS. Unlike most other gait recognition methods, which are based on video source, our approach uses walking acceleration in three directions: vertical, backward-forward and sideways. Using gait samples from 21 individuals and applying two methods, histogram similarity and cycle length, the equal error rates of 5% and 9% are achieved, respectively.
{"title":"Gait recognition using acceleration from MEMS","authors":"D. Gafurov, Kirsi Helkala, Torkjel Søndrol","doi":"10.1109/ARES.2006.68","DOIUrl":"https://doi.org/10.1109/ARES.2006.68","url":null,"abstract":"This paper presents an approach on recognising individuals based on 3D acceleration data from walking, which are collected using MEMS. Unlike most other gait recognition methods, which are based on video source, our approach uses walking acceleration in three directions: vertical, backward-forward and sideways. Using gait samples from 21 individuals and applying two methods, histogram similarity and cycle length, the equal error rates of 5% and 9% are achieved, respectively.","PeriodicalId":106780,"journal":{"name":"First International Conference on Availability, Reliability and Security (ARES'06)","volume":"97 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127372733","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: