Vehicular ad hoc networks (VANETs) have the potential to increase road safety and comfort. Especially because of the road safety functions, there is a strong demand for security in VANETs. After defining three application categories the paper outlines main security and privacy requirements in VANETs. Next, a security architecture for VANETs (SAV) is proposed that strives to satisfy the requirements. To find mechanisms applicable in the architecture a survey of existing mechanisms is given.
{"title":"Towards a security architecture for vehicular ad hoc networks","authors":"Klaus Plößl, Thomas Nowey, C. Mletzko","doi":"10.1109/ARES.2006.136","DOIUrl":"https://doi.org/10.1109/ARES.2006.136","url":null,"abstract":"Vehicular ad hoc networks (VANETs) have the potential to increase road safety and comfort. Especially because of the road safety functions, there is a strong demand for security in VANETs. After defining three application categories the paper outlines main security and privacy requirements in VANETs. Next, a security architecture for VANETs (SAV) is proposed that strives to satisfy the requirements. To find mechanisms applicable in the architecture a survey of existing mechanisms is given.","PeriodicalId":106780,"journal":{"name":"First International Conference on Availability, Reliability and Security (ARES'06)","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134624051","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The security of corporate business processes is crucial for the business success of companies. Existing business process management methodologies barely consider security and dependability objectives. Business processes and security issues are developed separately and often do not follow the same strategy. Growing business integration and legal requirements raise the need for secure business processes as security problems negatively affect profit and reputation of companies and their stakeholders. In this paper we summarize the state of the art of business process management and security and identify shortcomings of existing approaches. Based on that we identify research challenges and present a roadmap for secure business process management (SBPM) that allows an integrated view on business process management and security. This approach provides top management in process oriented enterprises with a stepwise methodology for the parallel and continuous development and improvement of business processes along with security issues over the whole business process life cycle.
{"title":"Secure business process management: a roadmap","authors":"T. Neubauer, M. Klemen, S. Biffl","doi":"10.1109/ARES.2006.121","DOIUrl":"https://doi.org/10.1109/ARES.2006.121","url":null,"abstract":"The security of corporate business processes is crucial for the business success of companies. Existing business process management methodologies barely consider security and dependability objectives. Business processes and security issues are developed separately and often do not follow the same strategy. Growing business integration and legal requirements raise the need for secure business processes as security problems negatively affect profit and reputation of companies and their stakeholders. In this paper we summarize the state of the art of business process management and security and identify shortcomings of existing approaches. Based on that we identify research challenges and present a roadmap for secure business process management (SBPM) that allows an integrated view on business process management and security. This approach provides top management in process oriented enterprises with a stepwise methodology for the parallel and continuous development and improvement of business processes along with security issues over the whole business process life cycle.","PeriodicalId":106780,"journal":{"name":"First International Conference on Availability, Reliability and Security (ARES'06)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133800853","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Sheikh Iqbal Ahamed, Mohammad Zulkernine, Suresh Anamanamuri
Distributed applications and middleware services targeted for mobile devices must use device discovery service to provide any kind of service to other devices. Device discovery algorithms developed for wired networks are not suitable for mobile ad-hoc networks of pervasive computing environments. This research proposes a dependable device discovery mechanism for the middleware of the applications consisting of rapidly reconfiguring mobile devices. Our approach offers a comprehensive solution to potential problems that can arise in highly adaptive mobile ad-hoc networks of pervasive computing environments. The approach is robust enough to accommodate the device limitations and rapid changes in the resource strengths of each device in the network. We present three new device discovery algorithms in this paper: a window based broadcasting algorithm, a connectivity based dynamic algorithm, and a policy-based scalable algorithm. The algorithms vary in complexity and efficiency depending upon the pervasive computing applications. We identify the desirable dependability related characteristics of device discovery services and present how our algorithms realize those characteristics. Experimental results are presented to compare and contrast the algorithms.
{"title":"A dependable device discovery approach for pervasive computing middleware","authors":"Sheikh Iqbal Ahamed, Mohammad Zulkernine, Suresh Anamanamuri","doi":"10.1109/ARES.2006.5","DOIUrl":"https://doi.org/10.1109/ARES.2006.5","url":null,"abstract":"Distributed applications and middleware services targeted for mobile devices must use device discovery service to provide any kind of service to other devices. Device discovery algorithms developed for wired networks are not suitable for mobile ad-hoc networks of pervasive computing environments. This research proposes a dependable device discovery mechanism for the middleware of the applications consisting of rapidly reconfiguring mobile devices. Our approach offers a comprehensive solution to potential problems that can arise in highly adaptive mobile ad-hoc networks of pervasive computing environments. The approach is robust enough to accommodate the device limitations and rapid changes in the resource strengths of each device in the network. We present three new device discovery algorithms in this paper: a window based broadcasting algorithm, a connectivity based dynamic algorithm, and a policy-based scalable algorithm. The algorithms vary in complexity and efficiency depending upon the pervasive computing applications. We identify the desirable dependability related characteristics of device discovery services and present how our algorithms realize those characteristics. Experimental results are presented to compare and contrast the algorithms.","PeriodicalId":106780,"journal":{"name":"First International Conference on Availability, Reliability and Security (ARES'06)","volume":"126 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134396235","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The raising need for e-government applications leads to many new approaches in this sector. To fulfill the requirement for a flexible government-to-government (G2G) software system being adaptable for the usage in many sectors of e-government applications we introduce the reference architecture for e-government (RAfEG) in this paper. The key features of the system are flexibility, security, adaptability and interoperability between authorities. The efficient usage of heterogeneous systems and heterogeneous hardware platforms, respectively, allows the execution of large interactive applications in e-government. Because security is a critical issue in e-government applications our solution uses different types of authentication and authorization methods and also supports secure communication between the interoperating heterogeneous systems. Due to the fact that the electronically supported execution of government procedures is the main aspect of the RAfEG system, an approach where these procedures are modeled as workflows and executed by an underlying workflow management system (WfMS) is the solution we present in this paper. Although many e-government applications exist at present, the RAfEG system is a new approach because it is able to cope with a wide range of internal official procedures and also highly adaptable to new procedures within e-government.
{"title":"A component based software architecture for e-government applications","authors":"D. Beer, Raphael Kunis, G. Rünger","doi":"10.1109/ARES.2006.3","DOIUrl":"https://doi.org/10.1109/ARES.2006.3","url":null,"abstract":"The raising need for e-government applications leads to many new approaches in this sector. To fulfill the requirement for a flexible government-to-government (G2G) software system being adaptable for the usage in many sectors of e-government applications we introduce the reference architecture for e-government (RAfEG) in this paper. The key features of the system are flexibility, security, adaptability and interoperability between authorities. The efficient usage of heterogeneous systems and heterogeneous hardware platforms, respectively, allows the execution of large interactive applications in e-government. Because security is a critical issue in e-government applications our solution uses different types of authentication and authorization methods and also supports secure communication between the interoperating heterogeneous systems. Due to the fact that the electronically supported execution of government procedures is the main aspect of the RAfEG system, an approach where these procedures are modeled as workflows and executed by an underlying workflow management system (WfMS) is the solution we present in this paper. Although many e-government applications exist at present, the RAfEG system is a new approach because it is able to cope with a wide range of internal official procedures and also highly adaptable to new procedures within e-government.","PeriodicalId":106780,"journal":{"name":"First International Conference on Availability, Reliability and Security (ARES'06)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130226826","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
O. Mangisengi, W. Eßmayr, Johannes Huber, E. Weippl
Healthcare organisations practicing evidence-based medicine strive to unite their data assets in order to achieve a wider knowledge base for more sophisticated research as well as to provide a matured decision support service for the care givers. The central point of such an integrated system is a data warehouse, to which all participants have access. Due to the high confidentiality of healthcare data, and the privacy policy of participating organisations, the proposed warehouse is not created physically but as a federated system. Its conceptual model is based on a widely accepted international standard to overwhelm the heterogeneity of the components. Any disclosure of health data, especially when related to a particular person, could be irreparably harmful, and their protection is even legally prescribed. Depersonalisation and pseudonymisation are used to ensure that personal identities are made secret before sending data to the federation. In this paper a case study of a federation of health insurance data warehouses (HEWAF) is described. The protection of data privacy and confidentiality in the underlying warehouse is guaranteed through reliable security measures in the federation.
{"title":"The security issue of federated data warehouses in the area of evidence-based medicine","authors":"O. Mangisengi, W. Eßmayr, Johannes Huber, E. Weippl","doi":"10.1109/ARES.2006.132","DOIUrl":"https://doi.org/10.1109/ARES.2006.132","url":null,"abstract":"Healthcare organisations practicing evidence-based medicine strive to unite their data assets in order to achieve a wider knowledge base for more sophisticated research as well as to provide a matured decision support service for the care givers. The central point of such an integrated system is a data warehouse, to which all participants have access. Due to the high confidentiality of healthcare data, and the privacy policy of participating organisations, the proposed warehouse is not created physically but as a federated system. Its conceptual model is based on a widely accepted international standard to overwhelm the heterogeneity of the components. Any disclosure of health data, especially when related to a particular person, could be irreparably harmful, and their protection is even legally prescribed. Depersonalisation and pseudonymisation are used to ensure that personal identities are made secret before sending data to the federation. In this paper a case study of a federation of health insurance data warehouses (HEWAF) is described. The protection of data privacy and confidentiality in the underlying warehouse is guaranteed through reliable security measures in the federation.","PeriodicalId":106780,"journal":{"name":"First International Conference on Availability, Reliability and Security (ARES'06)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134574062","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The growth of the Internet has been accompanied by a proliferation of e-services. The increasing attacks on these services by malicious individuals have highlighted the need for security. The security requirements of an e-service may be specified by the service provider in a security policy. However, a service consumer may have security preferences that are not reflected in this policy. In order for service providers to reach a wider market, a way of personalizing a security policy to a particular consumer is needed. We introduce the concept of security personalization, derive the content of an e-service security policy suitable for personalization, and describe four approaches for such personalization, including the design and use of a context-aware security policy agent (CASPA) that personalizes an e-service security policy to the needs of the consumer on-the-fly. We further give recommendations on applying the personalization approaches based on their advantages and disadvantages.
{"title":"Personalized security for e-services","authors":"George Yee","doi":"10.1109/ARES.2006.92","DOIUrl":"https://doi.org/10.1109/ARES.2006.92","url":null,"abstract":"The growth of the Internet has been accompanied by a proliferation of e-services. The increasing attacks on these services by malicious individuals have highlighted the need for security. The security requirements of an e-service may be specified by the service provider in a security policy. However, a service consumer may have security preferences that are not reflected in this policy. In order for service providers to reach a wider market, a way of personalizing a security policy to a particular consumer is needed. We introduce the concept of security personalization, derive the content of an e-service security policy suitable for personalization, and describe four approaches for such personalization, including the design and use of a context-aware security policy agent (CASPA) that personalizes an e-service security policy to the needs of the consumer on-the-fly. We further give recommendations on applying the personalization approaches based on their advantages and disadvantages.","PeriodicalId":106780,"journal":{"name":"First International Conference on Availability, Reliability and Security (ARES'06)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134155210","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper we describe our novel solution for Web services enabling users from the trusted organizations to access learning objects in the repository based on their attributes in their home organizations. The solution extends a Web-based Shibboleth system into the realm of Web services. It utilizes the Web services security SAML profile and combines it with the XACML access control policies. The technical solution is described in the context of the course management systems with complex access policies in operation at our campus.
{"title":"Unlocking repositories: federated security solution for attribute and policy based access to repositories via Web services","authors":"M. Hatala, Ty Mey Eap, Ashok Shah","doi":"10.1109/ARES.2006.140","DOIUrl":"https://doi.org/10.1109/ARES.2006.140","url":null,"abstract":"In this paper we describe our novel solution for Web services enabling users from the trusted organizations to access learning objects in the repository based on their attributes in their home organizations. The solution extends a Web-based Shibboleth system into the realm of Web services. It utilizes the Web services security SAML profile and combines it with the XACML access control policies. The technical solution is described in the context of the course management systems with complex access policies in operation at our campus.","PeriodicalId":106780,"journal":{"name":"First International Conference on Availability, Reliability and Security (ARES'06)","volume":"79 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121871513","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Distributed-hash-table (DHT) has been proposed to solve the problem of scaling for P2P networks. However, there are some problems of security in P2P networks. One of the problem is that key exchange is not performed preventing against endangering security. This reason may be the fact that P2P networks have no trusted server. Although certification and authentication are able to protect key exchange from spoofing and man-in-the-middle attacks, these cannot be applied because of that. Therefore, an attacker can easily compromise key exchange since P2P networks should accept any node whether it is malicious or not, and every node of P2P networks plays a role of router. Until today, for the above reasons, there is no way to exchange the secret key on P2P networks protecting against encountering security. In this paper, we propose a key exchange method on P2P networks protecting against spoofing and man-in-the-middle attacks. For the purpose of protecting key exchange from encountering security, we present the enhanced routings which are directional and probabilistic routings.
{"title":"Multipath key exchange on P2P networks","authors":"Yuuki Takano, N. Isozaki, Y. Shinoda","doi":"10.1109/ARES.2006.87","DOIUrl":"https://doi.org/10.1109/ARES.2006.87","url":null,"abstract":"Distributed-hash-table (DHT) has been proposed to solve the problem of scaling for P2P networks. However, there are some problems of security in P2P networks. One of the problem is that key exchange is not performed preventing against endangering security. This reason may be the fact that P2P networks have no trusted server. Although certification and authentication are able to protect key exchange from spoofing and man-in-the-middle attacks, these cannot be applied because of that. Therefore, an attacker can easily compromise key exchange since P2P networks should accept any node whether it is malicious or not, and every node of P2P networks plays a role of router. Until today, for the above reasons, there is no way to exchange the secret key on P2P networks protecting against encountering security. In this paper, we propose a key exchange method on P2P networks protecting against spoofing and man-in-the-middle attacks. For the purpose of protecting key exchange from encountering security, we present the enhanced routings which are directional and probabilistic routings.","PeriodicalId":106780,"journal":{"name":"First International Conference on Availability, Reliability and Security (ARES'06)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124178935","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Key agreement protocols constitute one of the most valuable cryptographic primitives since they allow two (or more) users to setup a private and authenticated communication channel over a public network. This paper is concerned with key agreement protocols in the symmetric trust model, wherein the shared key is a password. This setting is very appealing from the user's perspective since two parties, in principle, can easily agree on a shared password beforehand (e.g. on the telephone). However, designing such protocols represents an interesting challenge since there is no standard way of choosing a password that achieves an optimum trade-off between usability and security. Indeed, passwords belonging to a highly structured language (including PINs personal identification numbers) are essentially equivalent to low entropy strings. A fundamental goal is that of obtaining secure and efficient protocols, with optimum computational complexity, round complexity and communication efficiency. These properties make them ideal candidates for mobile devices. We present a new construction (DH-BPAKE) based on the encrypted key exchange protocol of Bellovin and Merritt augmented with an efficient key confirmation round. The communication model is asynchronous, meaning that each party can simultaneously send a message to the other party. In addition, we formally prove security in a modified version of the model of Boyko et al. (which is based on the model of Shoup).
{"title":"An optimal round two-party password-authenticated key agreement protocol","authors":"M. A. Strangio","doi":"10.1109/ARES.2006.29","DOIUrl":"https://doi.org/10.1109/ARES.2006.29","url":null,"abstract":"Key agreement protocols constitute one of the most valuable cryptographic primitives since they allow two (or more) users to setup a private and authenticated communication channel over a public network. This paper is concerned with key agreement protocols in the symmetric trust model, wherein the shared key is a password. This setting is very appealing from the user's perspective since two parties, in principle, can easily agree on a shared password beforehand (e.g. on the telephone). However, designing such protocols represents an interesting challenge since there is no standard way of choosing a password that achieves an optimum trade-off between usability and security. Indeed, passwords belonging to a highly structured language (including PINs personal identification numbers) are essentially equivalent to low entropy strings. A fundamental goal is that of obtaining secure and efficient protocols, with optimum computational complexity, round complexity and communication efficiency. These properties make them ideal candidates for mobile devices. We present a new construction (DH-BPAKE) based on the encrypted key exchange protocol of Bellovin and Merritt augmented with an efficient key confirmation round. The communication model is asynchronous, meaning that each party can simultaneously send a message to the other party. In addition, we formally prove security in a modified version of the model of Boyko et al. (which is based on the model of Shoup).","PeriodicalId":106780,"journal":{"name":"First International Conference on Availability, Reliability and Security (ARES'06)","volume":"94 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124429138","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper presents a software tool allowing the automatic analysis of a dynamic fault tree (DFT) exploiting its conversion to a dynamic Bayesian network (DBN). First, the architecture of the tool is described, together with the rules implemented in the tool, to convert dynamic gates in DBNs. Then, the tool is tested on a case of system: its DFT model and the corresponding DBN are provided and analyzed by means of the tool. The obtained unreliability results are compared with those returned by other tools, in order to verify their correctness.
{"title":"Automatically translating dynamic fault trees into dynamic Bayesian networks by means of a software tool","authors":"S. Montani, L. Portinale, A. Bobbio, D. Raiteri","doi":"10.1109/ARES.2006.34","DOIUrl":"https://doi.org/10.1109/ARES.2006.34","url":null,"abstract":"This paper presents a software tool allowing the automatic analysis of a dynamic fault tree (DFT) exploiting its conversion to a dynamic Bayesian network (DBN). First, the architecture of the tool is described, together with the rules implemented in the tool, to convert dynamic gates in DBNs. Then, the tool is tested on a case of system: its DFT model and the corresponding DBN are provided and analyzed by means of the tool. The obtained unreliability results are compared with those returned by other tools, in order to verify their correctness.","PeriodicalId":106780,"journal":{"name":"First International Conference on Availability, Reliability and Security (ARES'06)","volume":"113 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115589055","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: