Retrieval of files without the support of file system structures is arguably essential for digital forensics. Files are typically stored as sequences of data blocks, which have to be reconstructed in the retrieval process. This is commonly performed, among other approaches, through file carving, in general detecting the original block sequences by means of signatures of known headers and footers of files. Of course, this creates challenges with fragmented files, where blocks belonging to different files may be interleaved. Ways to classify file blocks into file types relying on their content may provide a support to achieve a successful reconstruction. We propose to classify file blocks using Support Vector Machines (SVMs), and we do so by studying in-depth the impact of an appropriate selection of the features used in the classification process. We analyze several potential features and test their performance over a large and representative collection of file blocks and file types. We find out that SVM classifiers can achieve a good accuracy and that a specific type of features (based on byte frequency distribution) performs well across almost all of the examined file types.
{"title":"File Block Classification by Support Vector Machine","authors":"L. Sportiello, S. Zanero","doi":"10.1109/ARES.2011.52","DOIUrl":"https://doi.org/10.1109/ARES.2011.52","url":null,"abstract":"Retrieval of files without the support of file system structures is arguably essential for digital forensics. Files are typically stored as sequences of data blocks, which have to be reconstructed in the retrieval process. This is commonly performed, among other approaches, through file carving, in general detecting the original block sequences by means of signatures of known headers and footers of files. Of course, this creates challenges with fragmented files, where blocks belonging to different files may be interleaved. Ways to classify file blocks into file types relying on their content may provide a support to achieve a successful reconstruction. We propose to classify file blocks using Support Vector Machines (SVMs), and we do so by studying in-depth the impact of an appropriate selection of the features used in the classification process. We analyze several potential features and test their performance over a large and representative collection of file blocks and file types. We find out that SVM classifiers can achieve a good accuracy and that a specific type of features (based on byte frequency distribution) performs well across almost all of the examined file types.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123130916","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A sensor node has extremely limited power supply capacity and operation performance, therefore, key management schemes that can be achieved with less calculation in sensor networks have been proposed. However, these key management schemes cannot be flexibly applied to various connection topologies and network configurations. In this paper, we propose a key management scheme that can be generally used in a network that supports various connection topologies and that is capable of adding new nodes. Finally, we implement and evaluate our scheme.
{"title":"Key Management Scheme Applicable to Various Topologies of Sensor Networks","authors":"Hidetoshi Yukimaru, Yoshio Kakizaki, Keiichi Iwamura","doi":"10.1109/ARES.2011.69","DOIUrl":"https://doi.org/10.1109/ARES.2011.69","url":null,"abstract":"A sensor node has extremely limited power supply capacity and operation performance, therefore, key management schemes that can be achieved with less calculation in sensor networks have been proposed. However, these key management schemes cannot be flexibly applied to various connection topologies and network configurations. In this paper, we propose a key management scheme that can be generally used in a network that supports various connection topologies and that is capable of adding new nodes. Finally, we implement and evaluate our scheme.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"91 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121102247","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Spam over Internet Telephony (SPIT) is a rising IP voice telephony threat. Voice over IP enables the transmission of telephone calls over the Internet, as opposed to plain old telephone service. Internet Telephony essentially means low-cost phone calls, i.e. a clear benefit for both consumers and businesses, which may also lead to cheap methods of mass advertising. Still, industry observers warn that VoIP's low-cost and openness makes it relatively easy for spammers to send unsolicited audio-commercials to VoIP voice-mail inboxes, in much the same way they currently bombard e-mail inboxes. In this paper we set the foundations of an adaptive approach that handles SPIT through an adaptive anti-SPIT policy-based framework (ASPF). ASPF incorporates a set of rules for SPIT detection, together with appropriate actions and controls that should be enforced, so as to counter these attacks. ASPF is formally described through an XML schema. A working prototype is also demonstrated for evaluating ASPF. The prototype is able to make policy alterations, based on abnormal network events.
{"title":"ASPF: Adaptive anti-SPIT Policy-based Framework","authors":"Yannis Soupionis, D. Gritzalis","doi":"10.1109/ARES.2011.29","DOIUrl":"https://doi.org/10.1109/ARES.2011.29","url":null,"abstract":"Spam over Internet Telephony (SPIT) is a rising IP voice telephony threat. Voice over IP enables the transmission of telephone calls over the Internet, as opposed to plain old telephone service. Internet Telephony essentially means low-cost phone calls, i.e. a clear benefit for both consumers and businesses, which may also lead to cheap methods of mass advertising. Still, industry observers warn that VoIP's low-cost and openness makes it relatively easy for spammers to send unsolicited audio-commercials to VoIP voice-mail inboxes, in much the same way they currently bombard e-mail inboxes. In this paper we set the foundations of an adaptive approach that handles SPIT through an adaptive anti-SPIT policy-based framework (ASPF). ASPF incorporates a set of rules for SPIT detection, together with appropriate actions and controls that should be enforced, so as to counter these attacks. ASPF is formally described through an XML schema. A working prototype is also demonstrated for evaluating ASPF. The prototype is able to make policy alterations, based on abnormal network events.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"83 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124943303","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
E. Andrade, F. Machida, Dong Seong Kim, Kishor S. Trivedi
High-availability assurance of server systems is becoming an important issue, since many mission-critical applications are implemented on server systems. To achieve high-availability, software rejuvenation is a practical technique to reduce unexpected downtime caused by software aging in software applications running on server systems. Although analytic models of software rejuvenation are well-studied, such analysis is not used in server system administration due to the complexity of modeling. In this paper, we present an availability modeling method for server system with software rejuvenation based on SysML that is used to describe system configurations and maintenance operations semi-formally. The proposed approach allows system administrators, who do not have expertise in availability modeling, to design and study the effects of different rejuvenation policies deployed in server systems. To show the applicability of the proposed modeling and evaluation process, a case study of a web application server is presented. We show the correctness of our modeling method by comparing the conventional models for condition-based and time-based software rejuvenation.
{"title":"Modeling and Analyzing Server System with Rejuvenation through SysML and Stochastic Reward Nets","authors":"E. Andrade, F. Machida, Dong Seong Kim, Kishor S. Trivedi","doi":"10.1109/ARES.2011.28","DOIUrl":"https://doi.org/10.1109/ARES.2011.28","url":null,"abstract":"High-availability assurance of server systems is becoming an important issue, since many mission-critical applications are implemented on server systems. To achieve high-availability, software rejuvenation is a practical technique to reduce unexpected downtime caused by software aging in software applications running on server systems. Although analytic models of software rejuvenation are well-studied, such analysis is not used in server system administration due to the complexity of modeling. In this paper, we present an availability modeling method for server system with software rejuvenation based on SysML that is used to describe system configurations and maintenance operations semi-formally. The proposed approach allows system administrators, who do not have expertise in availability modeling, to design and study the effects of different rejuvenation policies deployed in server systems. To show the applicability of the proposed modeling and evaluation process, a case study of a web application server is presented. We show the correctness of our modeling method by comparing the conventional models for condition-based and time-based software rejuvenation.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"132 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122644412","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
File carving is a recovery technique which does not consider file tables or other meta-data which is used to organize data on storage media. As files can be recovered based only on their content and/or structure this technique is an indispensable task during digital investigations. The main contribution of this paper is a survey about new approaches in the file carving research field and a roadmap that outlines the necessary steps towards video file carving. So far many approaches for the recovery of digital images have been proposed. After a short discussion of relevant representatives in this domain we focus on the applicability of these approaches to the recovery of multimedia files. Further this paper discusses ideas from the forensics wiki for their applicability to such a file carver. Finally our findings are summarized verbally and visually as a roadmap.
{"title":"Roadmap to Approaches for Carving of Fragmented Multimedia Files","authors":"R. Poisel, S. Tjoa","doi":"10.1109/ARES.2011.118","DOIUrl":"https://doi.org/10.1109/ARES.2011.118","url":null,"abstract":"File carving is a recovery technique which does not consider file tables or other meta-data which is used to organize data on storage media. As files can be recovered based only on their content and/or structure this technique is an indispensable task during digital investigations. The main contribution of this paper is a survey about new approaches in the file carving research field and a roadmap that outlines the necessary steps towards video file carving. So far many approaches for the recovery of digital images have been proposed. After a short discussion of relevant representatives in this domain we focus on the applicability of these approaches to the recovery of multimedia files. Further this paper discusses ideas from the forensics wiki for their applicability to such a file carver. Finally our findings are summarized verbally and visually as a roadmap.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128581899","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Web services security requirements and capabilities are described in security policies. To enable the seamless interoperation between services, security policy intersection aims to provide a security policy that will satisfy both the service provider and consumer. Not only are there numerous problems with this approach, but is it also difficult for administrators to evaluate the resultant security level supported by such a policy. In contrast to this approach, security policy trade-off analysis can allow parties to make compromises to accommodate each other, while still achieving a satisfactory security level. This paper focuses on modeling the decisions and compromises to be made by web services providers or consumers to be able to interact with each other securely. The security policy support system built to model this problem employs domain vocabularies, fuzzy techniques and domain-specific preferences.
{"title":"Web Services Security Policy Assertion Trade-offs","authors":"Tristan Lavarack, M. Coetzee","doi":"10.1109/ARES.2011.80","DOIUrl":"https://doi.org/10.1109/ARES.2011.80","url":null,"abstract":"Web services security requirements and capabilities are described in security policies. To enable the seamless interoperation between services, security policy intersection aims to provide a security policy that will satisfy both the service provider and consumer. Not only are there numerous problems with this approach, but is it also difficult for administrators to evaluate the resultant security level supported by such a policy. In contrast to this approach, security policy trade-off analysis can allow parties to make compromises to accommodate each other, while still achieving a satisfactory security level. This paper focuses on modeling the decisions and compromises to be made by web services providers or consumers to be able to interact with each other securely. The security policy support system built to model this problem employs domain vocabularies, fuzzy techniques and domain-specific preferences.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129913542","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We formalise in a theorem prover the notion of provable anonymity proposed by Garcia et al. Our formalization relies on inductive definitions of message distinguish ability and observational equivalence over observed traces by the intruder. Our theory differs from its original proposal which essentially boils down to the existence of a reinterpretation function. We build our theory in Isabelle/HOL to have a mechanical framework for the analysis of anonymity protocols. Its feasibility is illustrated through the onion routing protocol.
{"title":"An Inductive Approach to Provable Anonymity","authors":"Yongjian Li, Jun Pang","doi":"10.1109/ARES.2011.70","DOIUrl":"https://doi.org/10.1109/ARES.2011.70","url":null,"abstract":"We formalise in a theorem prover the notion of provable anonymity proposed by Garcia et al. Our formalization relies on inductive definitions of message distinguish ability and observational equivalence over observed traces by the intruder. Our theory differs from its original proposal which essentially boils down to the existence of a reinterpretation function. We build our theory in Isabelle/HOL to have a mechanical framework for the analysis of anonymity protocols. Its feasibility is illustrated through the onion routing protocol.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116309710","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Inger Anne Tøndel, Åsmund Ahlmann Nyre, K. Bernsmed
This paper suggests a machine learning approach to preference generation in the context of privacy agents. With this solution, users are relieved from the complex task of specifying their preferences beforehand, disconnected from actual situations. Instead, historical privacy decisions are used as a basis for providing privacy recommendations to users in new situations. The solution also takes into account the reasons why users act as they do, and allows users to benefit from information on the privacy trade-offs made by others.
{"title":"Learning Privacy Preferences","authors":"Inger Anne Tøndel, Åsmund Ahlmann Nyre, K. Bernsmed","doi":"10.1109/ARES.2011.96","DOIUrl":"https://doi.org/10.1109/ARES.2011.96","url":null,"abstract":"This paper suggests a machine learning approach to preference generation in the context of privacy agents. With this solution, users are relieved from the complex task of specifying their preferences beforehand, disconnected from actual situations. Instead, historical privacy decisions are used as a basis for providing privacy recommendations to users in new situations. The solution also takes into account the reasons why users act as they do, and allows users to benefit from information on the privacy trade-offs made by others.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122278737","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper we present all ID-based Group Key Agreement (GKA) protocols proposed so far in the literature and evaluate their efficiency. The protocols have been categorized into 5 different classes and we have computed their computation and communication complexity having as parameter the size of the group. Our theoretical analysis shows in detail the computation and communication cost of the protocols taking into account also the size of the sent messages, while our extensive experimental assessments compare their total energy cost for different group sizes. Furthermore, our evaluation is presented in a generalized way and can therefore serve as a reference point for future evaluations and for the design of new, improved ID-based GKA protocols.
{"title":"Performance Evaluation of ID-based Group Key Agreement Protocols","authors":"Elisavet Konstantinou, Eleni Klaoudatou, Pavlos Kamparmpakis","doi":"10.1109/ARES.2011.63","DOIUrl":"https://doi.org/10.1109/ARES.2011.63","url":null,"abstract":"In this paper we present all ID-based Group Key Agreement (GKA) protocols proposed so far in the literature and evaluate their efficiency. The protocols have been categorized into 5 different classes and we have computed their computation and communication complexity having as parameter the size of the group. Our theoretical analysis shows in detail the computation and communication cost of the protocols taking into account also the size of the sent messages, while our extensive experimental assessments compare their total energy cost for different group sizes. Furthermore, our evaluation is presented in a generalized way and can therefore serve as a reference point for future evaluations and for the design of new, improved ID-based GKA protocols.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"114 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115802721","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Kristian Beckers, Holger Schmidt, Jan-Christoph Küster, Stephan Faßbender
The ISO 27000 is a well-established series of information security standards. The scope for applying these standards can be an organisation as a whole, single business processes or even an IT application or IT infrastructure. The context establishment and the asset identification are among the first steps to be performed. The quality of the results produced when performing these steps has a crucial influence on the subsequent steps such as identifying loss, vulnerabilities, possible attacks and defining countermeasures. Thus, a context analysis to gather all necessary information in the initial steps is important, but is not offered in the standard. In this paper, we focus on the scope of cloud computing systems and present a way to support the context establishment and the asset identification described in ISO 27005. A cloud system analysis pattern and different kinds of stakeholder templates serve to understand and describe a given cloud development problem, i.e. the envisaged IT systems and the relevant parts of the operational environment. We illustrate our support using an online banking cloud scenario.
ISO 27000是一套完善的信息安全标准。应用这些标准的范围可以是整个组织、单个业务流程,甚至是IT应用程序或IT基础设施。上下文建立和资产标识是要执行的第一步。执行这些步骤时产生的结果质量对后续步骤(如识别损失、漏洞、可能的攻击和定义对策)具有至关重要的影响。因此,在初始步骤中收集所有必要信息的上下文分析很重要,但标准中没有提供。在本文中,我们关注云计算系统的范围,并提出一种支持ISO 27005中描述的上下文建立和资产识别的方法。云系统分析模式和不同类型的涉众模板用于理解和描述给定的云开发问题,即设想的IT系统和操作环境的相关部分。我们使用一个在线银行云场景来说明我们的支持。
{"title":"Pattern-Based Support for Context Establishment and Asset Identification of the ISO 27000 in the Field of Cloud Computing","authors":"Kristian Beckers, Holger Schmidt, Jan-Christoph Küster, Stephan Faßbender","doi":"10.1109/ARES.2011.55","DOIUrl":"https://doi.org/10.1109/ARES.2011.55","url":null,"abstract":"The ISO 27000 is a well-established series of information security standards. The scope for applying these standards can be an organisation as a whole, single business processes or even an IT application or IT infrastructure. The context establishment and the asset identification are among the first steps to be performed. The quality of the results produced when performing these steps has a crucial influence on the subsequent steps such as identifying loss, vulnerabilities, possible attacks and defining countermeasures. Thus, a context analysis to gather all necessary information in the initial steps is important, but is not offered in the standard. In this paper, we focus on the scope of cloud computing systems and present a way to support the context establishment and the asset identification described in ISO 27005. A cloud system analysis pattern and different kinds of stakeholder templates serve to understand and describe a given cloud development problem, i.e. the envisaged IT systems and the relevant parts of the operational environment. We illustrate our support using an online banking cloud scenario.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133142161","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: