Formal modeling and verification of security protocols typically assumes that a protocol is executed in isolation, without other protocols sharing the network. We investigate the existence of multi-protocol attacks on protocols described in literature. Given two or more protocols, that share key structures and are executed in the same environment, are new attacks possible? Out of 30 protocols from literature, we find that 23 are vulnerable to multi-protocol attacks. We identify two likely attack patterns and sketch a tagging scheme to prevent multi-protocol attacks.
{"title":"Feasibility of multi-protocol attacks","authors":"C. Cremers","doi":"10.1109/ARES.2006.63","DOIUrl":"https://doi.org/10.1109/ARES.2006.63","url":null,"abstract":"Formal modeling and verification of security protocols typically assumes that a protocol is executed in isolation, without other protocols sharing the network. We investigate the existence of multi-protocol attacks on protocols described in literature. Given two or more protocols, that share key structures and are executed in the same environment, are new attacks possible? Out of 30 protocols from literature, we find that 23 are vulnerable to multi-protocol attacks. We identify two likely attack patterns and sketch a tagging scheme to prevent multi-protocol attacks.","PeriodicalId":106780,"journal":{"name":"First International Conference on Availability, Reliability and Security (ARES'06)","volume":"346 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123416749","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Self-protection is an attribute of autonomic computing systems, reflecting the requirement to proactively defend against attackers, and automatically detect and recover from attacks. As demonstrated by increasing numbers of Internet worms, a single previously unknown vulnerability can cause an entire infrastructure to crumble, due to software and hardware monocultures. One defence against complete failures is diversity: by utilizing differing implementations of software and hardware, the potential total damage from a single exploit is lessened. The self-deployment and self-configuration features of an autonomic computing infrastructure make it practical to use diversity as a self-protection mechanism. We explore the idea of using diversity as a factor in resource allocation decisions, showing how it could be used to limit the damage an attacker can inflict.
{"title":"Diversity to enhance autonomic computing self-protection","authors":"Michael Jarrett, R. Seviora","doi":"10.1109/ARES.2006.55","DOIUrl":"https://doi.org/10.1109/ARES.2006.55","url":null,"abstract":"Self-protection is an attribute of autonomic computing systems, reflecting the requirement to proactively defend against attackers, and automatically detect and recover from attacks. As demonstrated by increasing numbers of Internet worms, a single previously unknown vulnerability can cause an entire infrastructure to crumble, due to software and hardware monocultures. One defence against complete failures is diversity: by utilizing differing implementations of software and hardware, the potential total damage from a single exploit is lessened. The self-deployment and self-configuration features of an autonomic computing infrastructure make it practical to use diversity as a self-protection mechanism. We explore the idea of using diversity as a factor in resource allocation decisions, showing how it could be used to limit the damage an attacker can inflict.","PeriodicalId":106780,"journal":{"name":"First International Conference on Availability, Reliability and Security (ARES'06)","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121731165","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper we present a novel approach for the specification of access rights in a service oriented architecture. Being part of the SECTET framework for model driven security for B2B-workflows, our specification language SECTET-PL for permissions is influenced by the OCL specification language and is interpreted in the context of UML models. Concerning the technological side, SECTET-PL specifications are translated into platform independent XACML permissions interpreted by a security gateway.
{"title":"Modeling permissions in a (U/X)ML world","authors":"Muhammad Alam, R. Breu, M. Hafner","doi":"10.1109/ARES.2006.84","DOIUrl":"https://doi.org/10.1109/ARES.2006.84","url":null,"abstract":"In this paper we present a novel approach for the specification of access rights in a service oriented architecture. Being part of the SECTET framework for model driven security for B2B-workflows, our specification language SECTET-PL for permissions is influenced by the OCL specification language and is interpreted in the context of UML models. Concerning the technological side, SECTET-PL specifications are translated into platform independent XACML permissions interpreted by a security gateway.","PeriodicalId":106780,"journal":{"name":"First International Conference on Availability, Reliability and Security (ARES'06)","volume":"173 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124231517","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Mobile location estimation or mobile positioning is becoming an important service for a mobile phone network. It is well-known that GPS can provide accurate location estimation, but it is also a known fact that GPS does not perform well in urban areas like downtown New York and cities like Hong Kong. Then many mobile location estimation approaches based on radio cellular networks have been proposed to compensate the problem of the lost of GPS signals in providing location services to mobile users in metropolitan areas. In this paper, we present a selector method with the linear discriminant analysis (LDA) among different kinds of mobile location estimation technologies we had proposed in previous work in order to combine their merits, then provide a more accurate estimation for location services. We build up a three-level binary tree to classify these four algorithms. These three levels are named as Stat-Geo level, CG-nonCG level and CT-EPM level. And these success ratios of these three levels are 85.22%, 88.45% and 88.89% respectively. We have tested our selector method with real data taken in Hong Kong and it is proven that it outperforms other existing location estimation algorithms among different kinds of terrains.
{"title":"A selector method for providing mobile location estimation services within a radio cellular network","authors":"Junyang Zhou, J. Ng","doi":"10.1109/ARES.2006.16","DOIUrl":"https://doi.org/10.1109/ARES.2006.16","url":null,"abstract":"Mobile location estimation or mobile positioning is becoming an important service for a mobile phone network. It is well-known that GPS can provide accurate location estimation, but it is also a known fact that GPS does not perform well in urban areas like downtown New York and cities like Hong Kong. Then many mobile location estimation approaches based on radio cellular networks have been proposed to compensate the problem of the lost of GPS signals in providing location services to mobile users in metropolitan areas. In this paper, we present a selector method with the linear discriminant analysis (LDA) among different kinds of mobile location estimation technologies we had proposed in previous work in order to combine their merits, then provide a more accurate estimation for location services. We build up a three-level binary tree to classify these four algorithms. These three levels are named as Stat-Geo level, CG-nonCG level and CT-EPM level. And these success ratios of these three levels are 85.22%, 88.45% and 88.89% respectively. We have tested our selector method with real data taken in Hong Kong and it is proven that it outperforms other existing location estimation algorithms among different kinds of terrains.","PeriodicalId":106780,"journal":{"name":"First International Conference on Availability, Reliability and Security (ARES'06)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126377886","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Most current anomaly intrusion detection systems (IDSs) detect computer network behavior as normal or abnormal but cannot identify the type of attacks. Moreover, most current intrusion detection methods cannot process large amounts of audit data for real-time operation. In this paper, we propose a novel method for intrusion identification in computer networks based on principal component analysis (PCA). Each network connection is transformed into an input data vector. PCA is employed to reduce the dimensionality of the data vectors and identification is handled in a low dimensional space with high efficiency and low use of system resources. The normal behavior is profiled based on normal data for anomaly detection and models of each type of attack are built based on attack data for intrusion identification. The distance between a vector and its reconstruction onto those reduced subspaces representing the different types of attacks and normal activities is used for identification. The method is tested with network data from MIT Lincoln labs for the 1998 DARPA intrusion detection evaluation program and testing results show that the model is promising in terms of identification accuracy and computational efficiency for real-time intrusion identification.
{"title":"Identifying intrusions in computer networks with principal component analysis","authors":"Wei Wang, R. Battiti","doi":"10.1109/ARES.2006.73","DOIUrl":"https://doi.org/10.1109/ARES.2006.73","url":null,"abstract":"Most current anomaly intrusion detection systems (IDSs) detect computer network behavior as normal or abnormal but cannot identify the type of attacks. Moreover, most current intrusion detection methods cannot process large amounts of audit data for real-time operation. In this paper, we propose a novel method for intrusion identification in computer networks based on principal component analysis (PCA). Each network connection is transformed into an input data vector. PCA is employed to reduce the dimensionality of the data vectors and identification is handled in a low dimensional space with high efficiency and low use of system resources. The normal behavior is profiled based on normal data for anomaly detection and models of each type of attack are built based on attack data for intrusion identification. The distance between a vector and its reconstruction onto those reduced subspaces representing the different types of attacks and normal activities is used for identification. The method is tested with network data from MIT Lincoln labs for the 1998 DARPA intrusion detection evaluation program and testing results show that the model is promising in terms of identification accuracy and computational efficiency for real-time intrusion identification.","PeriodicalId":106780,"journal":{"name":"First International Conference on Availability, Reliability and Security (ARES'06)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129851725","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Detailed and reliable knowledge of the characteristics of an information system is becoming a very important feature for operational security. Unfortunately, vulnerability assessment tools have important side effects on the monitored information systems. In this paper, we propose an approach to gather or deduce information similar to vulnerability assessment reports, based on passive network observation. Information collected goes beyond classic server vulnerability assessment, enabling compliance verification of desktop clients.
{"title":"Improving security management through passive network observation","authors":"Yohann Thomas, Hervé Debar, B. Morin","doi":"10.1109/ARES.2006.74","DOIUrl":"https://doi.org/10.1109/ARES.2006.74","url":null,"abstract":"Detailed and reliable knowledge of the characteristics of an information system is becoming a very important feature for operational security. Unfortunately, vulnerability assessment tools have important side effects on the monitored information systems. In this paper, we propose an approach to gather or deduce information similar to vulnerability assessment reports, based on passive network observation. Information collected goes beyond classic server vulnerability assessment, enabling compliance verification of desktop clients.","PeriodicalId":106780,"journal":{"name":"First International Conference on Availability, Reliability and Security (ARES'06)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129555425","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Dynamic data replication schemes perform superior compared to static schemes in terms of operation availabilities. However, most of them are bounded wrt. the replication degree, i.e. "classic" dynamics varies the degree in the range from one to n replicas not allowing to exceed this upper bound at run-time. In this paper, we present a new framework for adaptable dynamic replication schemes that is able to overcome this limitation by means of creating and deleting an arbitrary number of replicas at run-time. The new framework conceptually extends the dynamic general structured voting framework. The underlying concepts are presented and an example scenario is provided that compares the adaptable approach to the dynamic grid protocol via simulation. It is shown that adaptiveness increases operation availability while providing cost-efficiency.
{"title":"Highly adaptable dynamic quorum schemes for managing replicated data","authors":"C. Storm, Oliver E. Theel","doi":"10.1109/ARES.2006.72","DOIUrl":"https://doi.org/10.1109/ARES.2006.72","url":null,"abstract":"Dynamic data replication schemes perform superior compared to static schemes in terms of operation availabilities. However, most of them are bounded wrt. the replication degree, i.e. \"classic\" dynamics varies the degree in the range from one to n replicas not allowing to exceed this upper bound at run-time. In this paper, we present a new framework for adaptable dynamic replication schemes that is able to overcome this limitation by means of creating and deleting an arbitrary number of replicas at run-time. The new framework conceptually extends the dynamic general structured voting framework. The underlying concepts are presented and an example scenario is provided that compares the adaptable approach to the dynamic grid protocol via simulation. It is shown that adaptiveness increases operation availability while providing cost-efficiency.","PeriodicalId":106780,"journal":{"name":"First International Conference on Availability, Reliability and Security (ARES'06)","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116047669","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
M. Neil, Manesh Tailor, N. Fenton, D. Marquez, P. Hearty
A hybrid Bayesian network (BN) is one that incorporates both discrete and continuous nodes. In our extensive applications of BNs for system dependability assessment the models are invariably hybrid and the need for efficient and accurate computation is paramount. We apply a new iterative algorithm that efficiently combines dynamic discretisation with robust propagation algorithms on junction tree structures to perform inference in hybrid BNs. We illustrate its use on two example dependability problems: reliability estimation and diagnosis of a faulty sensor in a temporal system. Dynamic discretisation can be used as an alternative to analytical or Monte Carlo methods with high precision and can be applied to a wide range of dependability problems.
{"title":"Modeling dependable systems using hybrid Bayesian networks","authors":"M. Neil, Manesh Tailor, N. Fenton, D. Marquez, P. Hearty","doi":"10.1109/ARES.2006.83","DOIUrl":"https://doi.org/10.1109/ARES.2006.83","url":null,"abstract":"A hybrid Bayesian network (BN) is one that incorporates both discrete and continuous nodes. In our extensive applications of BNs for system dependability assessment the models are invariably hybrid and the need for efficient and accurate computation is paramount. We apply a new iterative algorithm that efficiently combines dynamic discretisation with robust propagation algorithms on junction tree structures to perform inference in hybrid BNs. We illustrate its use on two example dependability problems: reliability estimation and diagnosis of a faulty sensor in a temporal system. Dynamic discretisation can be used as an alternative to analytical or Monte Carlo methods with high precision and can be applied to a wide range of dependability problems.","PeriodicalId":106780,"journal":{"name":"First International Conference on Availability, Reliability and Security (ARES'06)","volume":"78 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126901752","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper we present a mixed qualitative and quantitative approach for evaluation of information technology (IT) security investments. For this purpose, we model security scenarios by using defense trees, an extension of attack trees with attack countermeasures and we use economic quantitative indexes for computing the defender's return on security investment and the attacker's return on attack. We show how our approach can be used to evaluate effectiveness and economic profitability of countermeasures as well as their deterrent effect on attackers, thus providing decision makers with a useful tool for performing better evaluation of IT security investments during the risk management process.
{"title":"Defense trees for economic evaluation of security investments","authors":"Stefano Bistarelli, F. Fioravanti, Pamela Peretti","doi":"10.1109/ARES.2006.46","DOIUrl":"https://doi.org/10.1109/ARES.2006.46","url":null,"abstract":"In this paper we present a mixed qualitative and quantitative approach for evaluation of information technology (IT) security investments. For this purpose, we model security scenarios by using defense trees, an extension of attack trees with attack countermeasures and we use economic quantitative indexes for computing the defender's return on security investment and the attacker's return on attack. We show how our approach can be used to evaluate effectiveness and economic profitability of countermeasures as well as their deterrent effect on attackers, thus providing decision makers with a useful tool for performing better evaluation of IT security investments during the risk management process.","PeriodicalId":106780,"journal":{"name":"First International Conference on Availability, Reliability and Security (ARES'06)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124198463","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The introduction and evolution of security standards for wireless networking has been a problematic process. Flaws in the initial security standard resulted in quick-fix solutions and interoperability issues. As wireless networks are not confined to a building, there is an added security risk that radio signals can be detected externally. Wireless networking has rapidly increased in popularity over the last few years due to the flexibility it provides. Given the simultaneous growth of e-government services there is particular risk to the citizen of identity theft. This article discusses the progression of wireless security protocols since their introduction and the effect this has had on home and business users. The risks of using wireless networks are outlined in the paper and recommendations for securing wireless networks are reviewed.
{"title":"Choosing the right wireless LAN security protocol for the home and business user","authors":"C. Maple, H. Jacobs, M. Reeve","doi":"10.1109/ARES.2006.42","DOIUrl":"https://doi.org/10.1109/ARES.2006.42","url":null,"abstract":"The introduction and evolution of security standards for wireless networking has been a problematic process. Flaws in the initial security standard resulted in quick-fix solutions and interoperability issues. As wireless networks are not confined to a building, there is an added security risk that radio signals can be detected externally. Wireless networking has rapidly increased in popularity over the last few years due to the flexibility it provides. Given the simultaneous growth of e-government services there is particular risk to the citizen of identity theft. This article discusses the progression of wireless security protocols since their introduction and the effect this has had on home and business users. The risks of using wireless networks are outlined in the paper and recommendations for securing wireless networks are reviewed.","PeriodicalId":106780,"journal":{"name":"First International Conference on Availability, Reliability and Security (ARES'06)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129071377","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: