Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652108
Mahalingam Ramkumar
We present two "asymmetric" probabilistic key predistribution schemes to cater for mutual authentication and broadcast authentication respectively. The schemes however employ only symmetric cryptographic primitives - the asymmetry is due to the use of different secrets for encryption/authentication and decryption/verification, which are however related through a one-way function. Both schemes try to take advantage of an abundant and inexpensive resource, storage, to improve their security. While both schemes can have a wide range of applications, we limit ourselves to their utility in securing multi-hop ad hoc networks
{"title":"Securing Ad Hoc Networks with \"Asymmetric\" Probabilistic Key Predistribution Schemes","authors":"Mahalingam Ramkumar","doi":"10.1109/IAW.2006.1652108","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652108","url":null,"abstract":"We present two \"asymmetric\" probabilistic key predistribution schemes to cater for mutual authentication and broadcast authentication respectively. The schemes however employ only symmetric cryptographic primitives - the asymmetry is due to the use of different secrets for encryption/authentication and decryption/verification, which are however related through a one-way function. Both schemes try to take advantage of an abundant and inexpensive resource, storage, to improve their security. While both schemes can have a wide range of applications, we limit ourselves to their utility in securing multi-hop ad hoc networks","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123198607","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652105
H. Read, A. Blyth
This paper builds upon earlier work (H. Read, 2005), (N. Avourdiadis, 2005) regarding the need for advanced visualisation techniques applied within the intrusion detection arena. Individual visualisation tools can tell us a lot about the way different attacks have been initiated, but we cannot pass interesting sets of data from one tool to another to get a different perspective on the attack. While much work has concentrated on novel visualisation techniques, we explore ways to bring different tools together to work seamlessly with one another. This research explores the need for a framework upon which different visualisation tools can sit and communicate with one another to aid analysts in the intrusion detection process. In this paper we present our ideas and our proposition for the framework
本文建立在早期的工作(H. Read, 2005), (N. Avourdiadis, 2005)关于需要在入侵检测领域应用高级可视化技术的基础上。单个可视化工具可以告诉我们很多关于不同攻击发起方式的信息,但我们无法将有趣的数据集从一个工具传递到另一个工具,以获得对攻击的不同视角。虽然很多工作都集中在新颖的可视化技术上,但我们也在探索将不同的工具结合在一起,以便彼此无缝协作的方法。本研究探讨了对一个框架的需求,在这个框架上,不同的可视化工具可以坐在一起,相互交流,以帮助分析人员进行入侵检测过程。在本文中,我们提出了我们的想法和我们对框架的主张
{"title":"An Integrated Visualisation Framework for Intrusion Detection","authors":"H. Read, A. Blyth","doi":"10.1109/IAW.2006.1652105","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652105","url":null,"abstract":"This paper builds upon earlier work (H. Read, 2005), (N. Avourdiadis, 2005) regarding the need for advanced visualisation techniques applied within the intrusion detection arena. Individual visualisation tools can tell us a lot about the way different attacks have been initiated, but we cannot pass interesting sets of data from one tool to another to get a different perspective on the attack. While much work has concentrated on novel visualisation techniques, we explore ways to bring different tools together to work seamlessly with one another. This research explores the need for a framework upon which different visualisation tools can sit and communicate with one another to aid analysts in the intrusion detection process. In this paper we present our ideas and our proposition for the framework","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133022979","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652082
Sudip Chakraborty, Indrajit Ray
Every time a user conducts an electronic transaction over the Internet a wealth of personal information is revealed, either voluntarily or involuntarily. This causes serious breach of privacy for the user, in particular, if the personally identifying information is misused by the other users present in the network. Ideally, therefore, the user would like to have a considerable degree of control over what personal information to reveal and to whom. Researchers have proposed models to allow a user to determine what personal information to reveal while doing a transaction over the Internet. However, these models do not help the user in determining who to trust, how much to trust and why to trust them with the personal information. The models fail to address loss of privacy through the misuse of information. In this paper we propose a privacy enhancing trust model to measure the degree of confidence that a user can have in the context of preservation of her privacy during a transaction. The model considers several factor while computing trust which include a user's own experience and knowledge about the target user and feedback obtained from groups of peer users called 'trusted neighbors' and 'friends'. The proposed scheme provides a flexible and powerful approach for the secure handling of private data and offers a user considerable control over how she wishes to disseminate her personal data
{"title":"Allowing Finer Control Over Privacy Using Trust as a Benchmark","authors":"Sudip Chakraborty, Indrajit Ray","doi":"10.1109/IAW.2006.1652082","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652082","url":null,"abstract":"Every time a user conducts an electronic transaction over the Internet a wealth of personal information is revealed, either voluntarily or involuntarily. This causes serious breach of privacy for the user, in particular, if the personally identifying information is misused by the other users present in the network. Ideally, therefore, the user would like to have a considerable degree of control over what personal information to reveal and to whom. Researchers have proposed models to allow a user to determine what personal information to reveal while doing a transaction over the Internet. However, these models do not help the user in determining who to trust, how much to trust and why to trust them with the personal information. The models fail to address loss of privacy through the misuse of information. In this paper we propose a privacy enhancing trust model to measure the degree of confidence that a user can have in the context of preservation of her privacy during a transaction. The model considers several factor while computing trust which include a user's own experience and knowledge about the target user and feedback obtained from groups of peer users called 'trusted neighbors' and 'friends'. The proposed scheme provides a flexible and powerful approach for the secure handling of private data and offers a user considerable control over how she wishes to disseminate her personal data","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132149962","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652079
D. Schweitzer, L. Baird
Cryptography is a fundamental topic in an information assurance curriculum. Students should understand the basic concepts and weaknesses of both historical and current cipher algorithms. Visualization tools can help students understand these concepts, both in the classroom and as out-of-class exercises. This paper describes a set of such tools designed for a cryptography course at the United States Air Force Academy. The design goals, implementation details, and classroom experiences are addressed
{"title":"The Design and Use of Interactive Visualization Applets for Teaching Ciphers","authors":"D. Schweitzer, L. Baird","doi":"10.1109/IAW.2006.1652079","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652079","url":null,"abstract":"Cryptography is a fundamental topic in an information assurance curriculum. Students should understand the basic concepts and weaknesses of both historical and current cipher algorithms. Visualization tools can help students understand these concepts, both in the classroom and as out-of-class exercises. This paper describes a set of such tools designed for a cryptography course at the United States Air Force Academy. The design goals, implementation details, and classroom experiences are addressed","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128422837","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652073
Andreas Thümmel, K. Eckstein
This publication introduces the concept of cryptographically secured, extensible markup language (XML) based security labels, which either globally label any non-XML electronic document, or label individual sections of an XML infoset. It further describes the architecture and construction of a guard prototype for file transfer and Web services based applications. This prototype employs the XML security labels to verify information classification prior to releasing information across a security domain boundary separating enclaves belonging to different security domains. If necessary, XML infosets containing information at multiple security levels can be redacted by the guard filtering algorithms to create a releasable subset of the original XML infoset or document
{"title":"Design and Implementation of a File Transfer and Web Services Guard Employing Cryptographically Secured XML Security Labels","authors":"Andreas Thümmel, K. Eckstein","doi":"10.1109/IAW.2006.1652073","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652073","url":null,"abstract":"This publication introduces the concept of cryptographically secured, extensible markup language (XML) based security labels, which either globally label any non-XML electronic document, or label individual sections of an XML infoset. It further describes the architecture and construction of a guard prototype for file transfer and Web services based applications. This prototype employs the XML security labels to verify information classification prior to releasing information across a security domain boundary separating enclaves belonging to different security domains. If necessary, XML infosets containing information at multiple security levels can be redacted by the guard filtering algorithms to create a releasable subset of the original XML infoset or document","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124423880","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652117
J. Alves-Foss
The modern digital battlesphere requires the development and deployment of multi-level secure computing systems and networks. A portion of these systems are necessarily be operating under real-time processing constraints. High assurance systems processing national security information must be analyzed for possible information leakages, including covert channels. In this paper we provide a mathematical framework for examining the impact the rate-monotonic real-time scheduling algorithm has on covert timing channels. We prove that in some system configurations, it would not be possible to completely close the covert channel due to the rate-monotonic timing constraints. In addition, we propose a simple method to formulate a security metric to compare covert channels in terms of the relative amount of possible information leakage
{"title":"Covert Timing Channel Analysis of Rate Monotonic Real-Time Scheduling Algorithm in MLS Systems","authors":"J. Alves-Foss","doi":"10.1109/IAW.2006.1652117","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652117","url":null,"abstract":"The modern digital battlesphere requires the development and deployment of multi-level secure computing systems and networks. A portion of these systems are necessarily be operating under real-time processing constraints. High assurance systems processing national security information must be analyzed for possible information leakages, including covert channels. In this paper we provide a mathematical framework for examining the impact the rate-monotonic real-time scheduling algorithm has on covert timing channels. We prove that in some system configurations, it would not be possible to completely close the covert channel due to the rate-monotonic timing constraints. In addition, we propose a simple method to formulate a security metric to compare covert channels in terms of the relative amount of possible information leakage","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"20 15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116718767","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652113
Net, M. Carlisle, J. Humphries, J. Hamilton
Reusing software components is a textbook software engineering best practice. Developers reuse components written by others, combining them in unique ways to create new software products. Reusing software components can create a significant security risk, as these reused components may behave badly, either by malicious intent or negligence on the part of their authors. The .NET framework provides fine-grained mechanisms for specifying how software should be trusted. Permissions are granted based on the source of software, and where it currently resides (on the local disk, or in a particular internet zone). Unfortunately, these trust guarantees are difficult to manage, and there is no guarantee that an end-user receiving a redistributed untrusted component would correctly set its trust level. We propose a framework with a set of easily understood trust levels, and a simple mechanism for applying these trust levels both to already-compiled applications and libraries within the .NET framework. This allows both end-users and software developers to leverage the work of others, while maintaining guarantees that this software would not, intentionally or otherwise, cause damage to their systems or leak confidential information. This tool should provide significant opportunities for code reuse with security and should be easily extended to handle related applications, such as those using compiled Java class libraries
{"title":"Safely Redistributing Untrusted Code using .NET","authors":"Net, M. Carlisle, J. Humphries, J. Hamilton","doi":"10.1109/IAW.2006.1652113","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652113","url":null,"abstract":"Reusing software components is a textbook software engineering best practice. Developers reuse components written by others, combining them in unique ways to create new software products. Reusing software components can create a significant security risk, as these reused components may behave badly, either by malicious intent or negligence on the part of their authors. The .NET framework provides fine-grained mechanisms for specifying how software should be trusted. Permissions are granted based on the source of software, and where it currently resides (on the local disk, or in a particular internet zone). Unfortunately, these trust guarantees are difficult to manage, and there is no guarantee that an end-user receiving a redistributed untrusted component would correctly set its trust level. We propose a framework with a set of easily understood trust levels, and a simple mechanism for applying these trust levels both to already-compiled applications and libraries within the .NET framework. This allows both end-users and software developers to leverage the work of others, while maintaining guarantees that this software would not, intentionally or otherwise, cause damage to their systems or leak confidential information. This tool should provide significant opportunities for code reuse with security and should be easily extended to handle related applications, such as those using compiled Java class libraries","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"32 4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125708968","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652077
M. Aboutabl
We developed a two-semester curriculum for undergraduate information security education. In the first semester students are provided with the necessary background in cryptography and cryptographic protocols, network security threats and defense mechanisms, as well as an overview of various security models. In the second semester, a set of laboratory-based modules provides the students with hands-on experience in implementing several of the security mechanisms they have learned so far. These modules cover topics such as host discovery and scanning, security assessment, perimeter security, secure communication, and Web security. The students finally engage in an attack-defense exercise through which they gain more insight into the vulnerabilities of existing platforms, and thus mitigate them. A dedicated laboratory has been established for this purpose. The setup of the laboratory and the pedagogical modules are described in this paper
{"title":"The CyberDefense Laboratory: A Framework for Information Security Education","authors":"M. Aboutabl","doi":"10.1109/IAW.2006.1652077","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652077","url":null,"abstract":"We developed a two-semester curriculum for undergraduate information security education. In the first semester students are provided with the necessary background in cryptography and cryptographic protocols, network security threats and defense mechanisms, as well as an overview of various security models. In the second semester, a set of laboratory-based modules provides the students with hands-on experience in implementing several of the security mechanisms they have learned so far. These modules cover topics such as host discovery and scanning, security assessment, perimeter security, secure communication, and Web security. The students finally engage in an attack-defense exercise through which they gain more insight into the vulnerabilities of existing platforms, and thus mitigate them. A dedicated laboratory has been established for this purpose. The setup of the laboratory and the pedagogical modules are described in this paper","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128483232","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: