首页 > 最新文献

2008 International Conference on Information Security and Assurance (isa 2008)最新文献

英文 中文
Authenticated Group Key Distribution for Unreliable Sensor Networks 不可靠传感器网络的认证组密钥分发
Hwaseong Lee, Y. H. Kim, Dong Hoon Lee
Chadha et al. proposed a group key scheme for wireless sensor networks via local collaboration. A group key was derived from base station's broadcast message and a node's secret. However, there is no authentication in the group key scheme. It is essential to share a reliable group key among the entire nodes even though it results in a little overhead.
Chadha等人提出了一种基于本地协作的无线传感器网络组密钥方案。组密钥来源于基站的广播消息和节点的秘密。但是,在组密钥方案中没有身份验证。在整个节点之间共享可靠的组密钥是必要的,尽管这会带来一点开销。
{"title":"Authenticated Group Key Distribution for Unreliable Sensor Networks","authors":"Hwaseong Lee, Y. H. Kim, Dong Hoon Lee","doi":"10.1109/ISA.2008.54","DOIUrl":"https://doi.org/10.1109/ISA.2008.54","url":null,"abstract":"Chadha et al. proposed a group key scheme for wireless sensor networks via local collaboration. A group key was derived from base station's broadcast message and a node's secret. However, there is no authentication in the group key scheme. It is essential to share a reliable group key among the entire nodes even though it results in a little overhead.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123093800","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Cryptographic Key Management for SCADA Systems-Issues and Perspectives SCADA系统的加密密钥管理——问题与展望
L. Piètre-Cambacédès, P. Sitbon
This article focuses on cryptographic key management systems (KMS) for SCADA systems environments. It first gives a generic view on the constraints, requirements and desired technical properties in SCADA contexts. Then, the most widespread solutions are presented, before discussing how they meet such conditions. The work done by different initiatives on this issue is also introduced. Finally, perspectives and research directions are proposed in consequence. The article aims at presenting open issues on the area, to foster discussion and research, according to the authors' view.
本文主要讨论用于SCADA系统环境的加密密钥管理系统(KMS)。它首先给出了SCADA上下文中的约束、需求和期望的技术属性的一般视图。然后,在讨论它们如何满足这些条件之前,提出了最普遍的解决方案。本文还介绍了不同机构在这方面所做的工作。最后,提出了展望和研究方向。根据作者的观点,这篇文章的目的是提出该领域的开放性问题,促进讨论和研究。
{"title":"Cryptographic Key Management for SCADA Systems-Issues and Perspectives","authors":"L. Piètre-Cambacédès, P. Sitbon","doi":"10.1109/ISA.2008.77","DOIUrl":"https://doi.org/10.1109/ISA.2008.77","url":null,"abstract":"This article focuses on cryptographic key management systems (KMS) for SCADA systems environments. It first gives a generic view on the constraints, requirements and desired technical properties in SCADA contexts. Then, the most widespread solutions are presented, before discussing how they meet such conditions. The work done by different initiatives on this issue is also introduced. Finally, perspectives and research directions are proposed in consequence. The article aims at presenting open issues on the area, to foster discussion and research, according to the authors' view.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130759983","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 60
A Contemporary Technique to Guarantee Quality of Service (QoS) for Heterogeneous Data Traffic 一种保证异构数据流量服务质量的现代技术
P. Newton
The upcoming high-speed networks are expected to support a wide variety of real-time multimedia applications. However, the current Internet architecture offers mainly best-effort service and does not meet the requirements of future integrated services networks that will require guarantee for transferring heterogeneous data. There are many parameters involve in improving the performance of a computer network such as reliability, delay, jitter, bandwidth, etc. These parameters together determine the Quality of Service (QoS). The requirements of the above parameters will vary from one application to another application. Applications like file transfer, remote login, etc., will require high reliability. But, applications like audio, video, etc., will require low reliability, because they can tolerate errors. The objectives of this paper are to propose a technique to store the results of a data transfer in binary based on the above parameters, to compare the expected requirements with the actual requirements, to show performance degradation and to suggest ideas to minimize differences between expected requirements and actual requirements. Ultimately, the outcome of this paper will give better results to improve the performance of the network.
即将到来的高速网络有望支持各种各样的实时多媒体应用。但是,当前的Internet架构主要提供的是尽力而为的服务,不能满足未来综合业务网对异构数据传输的保障要求。提高计算机网络的性能涉及许多参数,如可靠性、延迟、抖动、带宽等。这些参数共同决定了服务质量(QoS)。上述参数的要求将因应用程序而异。像文件传输、远程登录等应用将需要高可靠性。但是,像音频、视频等应用程序将需要低可靠性,因为它们可以容忍错误。本文的目标是提出一种基于上述参数以二进制形式存储数据传输结果的技术,将预期需求与实际需求进行比较,显示性能下降,并提出最小化预期需求与实际需求之间差异的想法。最终,本文的研究结果将为提高网络的性能提供更好的结果。
{"title":"A Contemporary Technique to Guarantee Quality of Service (QoS) for Heterogeneous Data Traffic","authors":"P. Newton","doi":"10.1109/ISA.2008.14","DOIUrl":"https://doi.org/10.1109/ISA.2008.14","url":null,"abstract":"The upcoming high-speed networks are expected to support a wide variety of real-time multimedia applications. However, the current Internet architecture offers mainly best-effort service and does not meet the requirements of future integrated services networks that will require guarantee for transferring heterogeneous data. There are many parameters involve in improving the performance of a computer network such as reliability, delay, jitter, bandwidth, etc. These parameters together determine the Quality of Service (QoS). The requirements of the above parameters will vary from one application to another application. Applications like file transfer, remote login, etc., will require high reliability. But, applications like audio, video, etc., will require low reliability, because they can tolerate errors. The objectives of this paper are to propose a technique to store the results of a data transfer in binary based on the above parameters, to compare the expected requirements with the actual requirements, to show performance degradation and to suggest ideas to minimize differences between expected requirements and actual requirements. Ultimately, the outcome of this paper will give better results to improve the performance of the network.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"189 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132575557","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
A Traffic Analysis of Authentication Methods for Proxy Mobile IPv6 移动IPv6代理认证方法流量分析
Jong‐Hyouk Lee, Tai M. Chung
Proxy mobile IPv6 has been proposed to enable a network-based mobility support which does not require a mobile host to be involved in mobility signaling. In the Proxy mobile IPv6 specification, an authentication procedure is required as an initial part of registration for network access. However, the current specification does not provide the authentication procedure explicitly. Thus, in this paper, we propose authentication methods classified based on security level. Due to the limited resource of wireless networks, we analyze authentication traffic in terms of cost. The presented performance evaluation results demonstrate the impacts of each authentication method.
代理移动IPv6已被提出,以实现基于网络的移动性支持,它不需要移动主机参与移动性信令。在代理移动IPv6规范中,认证过程需要作为网络访问注册的初始部分。但是,当前的规范没有明确地提供身份验证过程。因此,本文提出了基于安全级别分类的认证方法。由于无线网络的资源有限,我们从成本的角度来分析认证流量。给出的性能评估结果显示了每种认证方法的影响。
{"title":"A Traffic Analysis of Authentication Methods for Proxy Mobile IPv6","authors":"Jong‐Hyouk Lee, Tai M. Chung","doi":"10.1109/ISA.2008.75","DOIUrl":"https://doi.org/10.1109/ISA.2008.75","url":null,"abstract":"Proxy mobile IPv6 has been proposed to enable a network-based mobility support which does not require a mobile host to be involved in mobility signaling. In the Proxy mobile IPv6 specification, an authentication procedure is required as an initial part of registration for network access. However, the current specification does not provide the authentication procedure explicitly. Thus, in this paper, we propose authentication methods classified based on security level. Due to the limited resource of wireless networks, we analyze authentication traffic in terms of cost. The presented performance evaluation results demonstrate the impacts of each authentication method.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"231 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132246791","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Smart Card-Based Three-Party Key Exchange without Server's Assisitance 基于智能卡的无需服务器辅助的三方密钥交换
Yong-Hun Kim, Taek-Young Youn, Young-Ho Park, Seokhie Hong
Three-party password-authenticated key exchange protocol is a cryptographic tool that allows two clients to share a common session key using different passwords by the help of a trusted server. In a three-party key exchange protocol, the server should charge some cost to participate in an execution of the protocol between two clients, and the cost can be heavy burden on the server when many users want to establish a session key. In this paper, we propose a smart card-based three-party key exchange protocol which permits two clients to establish a common session key without the server's aid.
三方密码认证密钥交换协议是一种加密工具,它允许两个客户机在可信服务器的帮助下使用不同的密码共享公共会话密钥。在三方密钥交换协议中,服务器应该为参与两个客户端之间的协议执行收取一定的费用,当许多用户希望建立会话密钥时,该费用对服务器来说可能是沉重的负担。本文提出了一种基于智能卡的三方密钥交换协议,该协议允许两个客户端在没有服务器帮助的情况下建立公共会话密钥。
{"title":"Smart Card-Based Three-Party Key Exchange without Server's Assisitance","authors":"Yong-Hun Kim, Taek-Young Youn, Young-Ho Park, Seokhie Hong","doi":"10.1109/ISA.2008.65","DOIUrl":"https://doi.org/10.1109/ISA.2008.65","url":null,"abstract":"Three-party password-authenticated key exchange protocol is a cryptographic tool that allows two clients to share a common session key using different passwords by the help of a trusted server. In a three-party key exchange protocol, the server should charge some cost to participate in an execution of the protocol between two clients, and the cost can be heavy burden on the server when many users want to establish a session key. In this paper, we propose a smart card-based three-party key exchange protocol which permits two clients to establish a common session key without the server's aid.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"69 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123882346","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Live Forensic Analysis of a Compromised Linux System Using LECT (Linux Evidence Collection Tool) 使用LECT (Linux取证工具)对一个被入侵的Linux系统进行实时取证分析
J. Choi, Antonio Savoldi, P. Gubian, Seokhee Lee, Sangjin Lee
The Linux operating system has been used as a server system in plenty of business services worldwide. Nowadays, a lot of incident response approaches on such kind of platform have been established by many researchers active in the computer forensic discipline. Interestingly, many frameworks about how to deal with a live digital investigation on a Linux systems have been illustrated in the forensic literature. Conversely, as a matter of fact, there are not so many tools for approaching live forensic of a Linux system. Thus, we have developed and implemented a new framework to deal with a compromised Linux system in a digital forensic investigation. The resulting framework has been called LECT (Linux Evidence Collection Tool) ant aims to represent a significant contribution in the field of live forensic analysis of Linux based systems.
Linux操作系统已经在世界范围内的许多业务服务中被用作服务器系统。目前,许多活跃在计算机取证领域的研究人员已经建立了许多基于此类平台的事件响应方法。有趣的是,许多关于如何处理Linux系统上的实时数字调查的框架已经在法医文献中进行了说明。相反,事实上,没有那么多工具可以接近Linux系统的实时取证。因此,我们开发并实现了一个新的框架来处理数字取证调查中受到损害的Linux系统。由此产生的框架被称为LECT (Linux证据收集工具),其目的是在基于Linux的系统的现场取证分析领域做出重大贡献。
{"title":"Live Forensic Analysis of a Compromised Linux System Using LECT (Linux Evidence Collection Tool)","authors":"J. Choi, Antonio Savoldi, P. Gubian, Seokhee Lee, Sangjin Lee","doi":"10.1109/ISA.2008.41","DOIUrl":"https://doi.org/10.1109/ISA.2008.41","url":null,"abstract":"The Linux operating system has been used as a server system in plenty of business services worldwide. Nowadays, a lot of incident response approaches on such kind of platform have been established by many researchers active in the computer forensic discipline. Interestingly, many frameworks about how to deal with a live digital investigation on a Linux systems have been illustrated in the forensic literature. Conversely, as a matter of fact, there are not so many tools for approaching live forensic of a Linux system. Thus, we have developed and implemented a new framework to deal with a compromised Linux system in a digital forensic investigation. The resulting framework has been called LECT (Linux Evidence Collection Tool) ant aims to represent a significant contribution in the field of live forensic analysis of Linux based systems.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129938348","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Positioning using Acceleration and Moving Direction 使用加速度和移动方向定位
Bongeun Gu, Yun-Seol Kwak
The position of user or object is important context to provide the user with the user-oriented services. To position the user or object, we propose the autonomous positioning technique in this paper. In the autonomous positioning technique, the acceleration and the moving direction are used to position the user or the moving object. The moving length is calculated from the acceleration. And the calculated moving length and the direction is used to calculate new position of user or object. To show that the autonomous positioning technique is effective and useful, we implement the positioning device which uses the autonomous positioning technique. From the prototype implemented, we know that the proposed positioning is useful.
用户或对象的位置是向用户提供面向用户的服务的重要上下文。为了对用户或物体进行定位,本文提出了自主定位技术。在自主定位技术中,利用加速度和运动方向来定位用户或运动物体。移动长度由加速度计算。计算出的移动长度和方向用于计算用户或物体的新位置。为了证明自主定位技术的有效性和实用性,我们实现了采用自主定位技术的定位装置。从实现的原型来看,我们知道所建议的定位是有用的。
{"title":"Positioning using Acceleration and Moving Direction","authors":"Bongeun Gu, Yun-Seol Kwak","doi":"10.1109/ISA.2008.97","DOIUrl":"https://doi.org/10.1109/ISA.2008.97","url":null,"abstract":"The position of user or object is important context to provide the user with the user-oriented services. To position the user or object, we propose the autonomous positioning technique in this paper. In the autonomous positioning technique, the acceleration and the moving direction are used to position the user or the moving object. The moving length is calculated from the acceleration. And the calculated moving length and the direction is used to calculate new position of user or object. To show that the autonomous positioning technique is effective and useful, we implement the positioning device which uses the autonomous positioning technique. From the prototype implemented, we know that the proposed positioning is useful.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117227323","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Cryptanalysis and Improvement on a Digital Signature Scheme without using One-way Hash and Message Redundancy 不使用单向哈希和消息冗余的数字签名方案的密码分析与改进
Jie Liu, Jianhua Li
Digital signature schemes based on public-key cryptosystems generally permit existential forgery, except the schemes are equipped with some message formatting mechanisms, such as using hash functions or padding redundancies. In 2004, Chang et al. proposed a new digital signature scheme, and claimed the scheme without using any hash function or padding any redundancy can resist forgery attacks. However, many attacks on Chang et al. 's scheme were presented. Kang et al. also gave an effective improvement to resist these forgery attacks. In this letter, we gave a further improvement to shorten the signed signature. Our improvement keeps the security of Kang et al. 's scheme and makes it more efficient in computation and communication.
基于公钥密码系统的数字签名方案通常允许存在伪造,除了这些方案配备了一些消息格式化机制,例如使用散列函数或填充冗余。2004年,Chang等人提出了一种新的数字签名方案,并声称该方案不使用任何哈希函数或填充任何冗余,可以抵抗伪造攻击。然而,许多针对Chang等人的攻击。的方案进行了介绍。Kang等人也对这些伪造攻击进行了有效的改进。在这封信中,我们做了进一步的改进,缩短了签名。我们的改进保证了Kang等人的安全性。的方案,使其在计算和通信方面更加高效。
{"title":"Cryptanalysis and Improvement on a Digital Signature Scheme without using One-way Hash and Message Redundancy","authors":"Jie Liu, Jianhua Li","doi":"10.1109/ISA.2008.37","DOIUrl":"https://doi.org/10.1109/ISA.2008.37","url":null,"abstract":"Digital signature schemes based on public-key cryptosystems generally permit existential forgery, except the schemes are equipped with some message formatting mechanisms, such as using hash functions or padding redundancies. In 2004, Chang et al. proposed a new digital signature scheme, and claimed the scheme without using any hash function or padding any redundancy can resist forgery attacks. However, many attacks on Chang et al. 's scheme were presented. Kang et al. also gave an effective improvement to resist these forgery attacks. In this letter, we gave a further improvement to shorten the signed signature. Our improvement keeps the security of Kang et al. 's scheme and makes it more efficient in computation and communication.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"8 28","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120935885","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
A Comparative Study of RFID Solutions for Security and Privacy: POP vs. Previous Solutions RFID安全与隐私解决方案之比较研究:POP与先前解决方案
K. Koralalage, Jingde Cheng
In a true ubiquitous world, RFID tags will be available in everything, everywhere, and at all times. However, since those tags are bounded with constraints, with no foolproof method to manage the changing hands of the same-tagged item, there is no assurance of privacy and security in passive tags. Yet there are several vender specific solutions but none of them comprehensively solve the security risks and privacy threats arise in the domain of product lifecycle. Thus, there is a need to recognize a standard solution at least for a specific domain. Therefore we proposed the POP Method that comprehensively solves the problems arising in the domain of product lifecycle. In this paper, we compare and contrast the available major solutions against the POP method. We first provide evaluation criteria, and then we survey major proposed solutions, including ours. Next, we present the evaluation results addressing the security and privacy together with the functional aspects. Finally, we conclude the paper by realizing the best available solution for the product lifecycle with passive tags.
在一个真正的无所不在的世界里,RFID标签将在任何地方、任何时候都可用。然而,由于这些标签受到约束,没有万无一失的方法来管理同一标签物品的易手情况,因此被动标签无法保证隐私和安全。然而,虽然有一些针对供应商的解决方案,但没有一个能够全面解决产品生命周期中出现的安全风险和隐私威胁。因此,需要识别至少针对特定领域的标准解决方案。因此,我们提出了全面解决产品生命周期领域问题的POP方法。在本文中,我们将现有的主要解决方案与POP方法进行了比较和对比。我们首先提供评估标准,然后调查主要提出的解决方案,包括我们的解决方案。接下来,我们给出了安全性和隐私性以及功能方面的评估结果。最后,我们通过实现无源标签产品生命周期的最佳可用解决方案来结束本文。
{"title":"A Comparative Study of RFID Solutions for Security and Privacy: POP vs. Previous Solutions","authors":"K. Koralalage, Jingde Cheng","doi":"10.1109/ISA.2008.89","DOIUrl":"https://doi.org/10.1109/ISA.2008.89","url":null,"abstract":"In a true ubiquitous world, RFID tags will be available in everything, everywhere, and at all times. However, since those tags are bounded with constraints, with no foolproof method to manage the changing hands of the same-tagged item, there is no assurance of privacy and security in passive tags. Yet there are several vender specific solutions but none of them comprehensively solve the security risks and privacy threats arise in the domain of product lifecycle. Thus, there is a need to recognize a standard solution at least for a specific domain. Therefore we proposed the POP Method that comprehensively solves the problems arising in the domain of product lifecycle. In this paper, we compare and contrast the available major solutions against the POP method. We first provide evaluation criteria, and then we survey major proposed solutions, including ours. Next, we present the evaluation results addressing the security and privacy together with the functional aspects. Finally, we conclude the paper by realizing the best available solution for the product lifecycle with passive tags.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115420348","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Integrated Access Permission: Secure and Simple Policy Description by Integration of File Access Vector Permission 集成访问权限:通过文件访问矢量权限集成实现安全、简单的策略描述
T. Yamaguchi, T. Tabata, Y. Nakamura
In pervasive computing, embedded systems have a possibility to be attacked by crackers, including 0-day attack, as well as enterprise systems. In particular, in a case where a cracker gets a root privilege, damages are significant. To resolve this problem, Security-Enhanced Linux (SELinux) is useful. However, SELinux has a problem that is significant complexity for configuration because of too fine-grained access control. As a method for resolving this problem, SELinux Policy Editor (SEEdit) has been developed; this is a tool that simplifies the SELinux configuration. SEEdit uses the Simplified Policy Description Language (SPDL) as a policy description language. In the SPDL, we define new access permissions that integrate Access Vector Permissions (AVPs) employed in SELinux to provide access permissions in a security policy. Thus, we propose a set of access permissions named Integrated Access Permissions (IAPs), which enables the achievement of a good balance between reducing the workload of the configurations and guaranteeing security in SELinux. In addition, we evaluate our IAPs and show them almost secure.
在普及计算中,嵌入式系统和企业系统都有可能受到黑客攻击,包括零日攻击。特别是,在黑客获得根权限的情况下,损害是显著的。为了解决这个问题,Security-Enhanced Linux (SELinux)非常有用。但是,SELinux有一个问题,由于过于细粒度的访问控制,配置非常复杂。作为解决这个问题的方法,SELinux策略编辑器(SEEdit)已经被开发出来;这是一个简化SELinux配置的工具。SEEdit使用SPDL (Simplified Policy Description Language)作为策略描述语言。在SPDL中,我们定义了新的访问权限,它集成了SELinux中使用的访问向量权限(avp),以在安全策略中提供访问权限。因此,我们提出了一组访问权限,称为集成访问权限(IAPs),它可以在SELinux中减少配置工作负载和保证安全性之间实现良好的平衡。此外,我们评估了我们的iap并证明它们几乎是安全的。
{"title":"Integrated Access Permission: Secure and Simple Policy Description by Integration of File Access Vector Permission","authors":"T. Yamaguchi, T. Tabata, Y. Nakamura","doi":"10.1109/ISA.2008.21","DOIUrl":"https://doi.org/10.1109/ISA.2008.21","url":null,"abstract":"In pervasive computing, embedded systems have a possibility to be attacked by crackers, including 0-day attack, as well as enterprise systems. In particular, in a case where a cracker gets a root privilege, damages are significant. To resolve this problem, Security-Enhanced Linux (SELinux) is useful. However, SELinux has a problem that is significant complexity for configuration because of too fine-grained access control. As a method for resolving this problem, SELinux Policy Editor (SEEdit) has been developed; this is a tool that simplifies the SELinux configuration. SEEdit uses the Simplified Policy Description Language (SPDL) as a policy description language. In the SPDL, we define new access permissions that integrate Access Vector Permissions (AVPs) employed in SELinux to provide access permissions in a security policy. Thus, we propose a set of access permissions named Integrated Access Permissions (IAPs), which enables the achievement of a good balance between reducing the workload of the configurations and guaranteeing security in SELinux. In addition, we evaluate our IAPs and show them almost secure.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130899200","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
期刊
2008 International Conference on Information Security and Assurance (isa 2008)
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1