Pub Date : 2008-10-28DOI: 10.1504/IJICS.2009.031040
Guillaume Hiet, Valérie Viet Triem Tong, L. Mé, B. Morin
This article focuses on intrusion detection in systems using Web applications and COTS. We present a solution that combines policy-based intrusion detection and information flow control. We describe JBlare, an inline Java monitor that tracks inter-method flows in Java applications. This monitor collaborates with Blare, a monitor that tracks information flow in the whole system at the OS-level. The combination of these two detectors constitutes a policy-based Intrusion Detection System that can address a wide range of attacks.
{"title":"Policy-based intrusion detection in Web applications by monitoring Java information flows","authors":"Guillaume Hiet, Valérie Viet Triem Tong, L. Mé, B. Morin","doi":"10.1504/IJICS.2009.031040","DOIUrl":"https://doi.org/10.1504/IJICS.2009.031040","url":null,"abstract":"This article focuses on intrusion detection in systems using Web applications and COTS. We present a solution that combines policy-based intrusion detection and information flow control. We describe JBlare, an inline Java monitor that tracks inter-method flows in Java applications. This monitor collaborates with Blare, a monitor that tracks information flow in the whole system at the OS-level. The combination of these two detectors constitutes a policy-based Intrusion Detection System that can address a wide range of attacks.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114235686","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-10-01DOI: 10.1109/CRISIS.2008.4757485
Nadia Chalabi, A. M'hamed, B. Messabih
Thanks to the dynamic and decentralized nature of their infrastructure, mobile ad-hoc networks (MANET) contribute significantly to the deployment of services in pervasive environments. In the small area environments (houses, workplaces, hotspots, public areas, etc), these networks are not completely as secure as expected, according to user privacy. Within this kind of environment, it is still a challenging task to provide user authentication, without revealing the identity and/or the location of the communicating nodes. In this paper, we propose a new protocol called APP aiming to preserve user anonymity while providing authentication and secure routing among users within small area networks.
{"title":"Towards a new user Anonymity Preserving Protocol (APP) for MANETs","authors":"Nadia Chalabi, A. M'hamed, B. Messabih","doi":"10.1109/CRISIS.2008.4757485","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757485","url":null,"abstract":"Thanks to the dynamic and decentralized nature of their infrastructure, mobile ad-hoc networks (MANET) contribute significantly to the deployment of services in pervasive environments. In the small area environments (houses, workplaces, hotspots, public areas, etc), these networks are not completely as secure as expected, according to user privacy. Within this kind of environment, it is still a challenging task to provide user authentication, without revealing the identity and/or the location of the communicating nodes. In this paper, we propose a new protocol called APP aiming to preserve user anonymity while providing authentication and secure routing among users within small area networks.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122124818","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-10-01DOI: 10.1109/CRISIS.2008.4757480
Y. Hlaoui, Leila Jemni Ben Ayed
This paper focuses on how to model and compose workflow applications of Grid services without considering lower level description of the Grid environment. To reach this objective, we propose a model-driven approach (MDA) for developing workflow applications from existing Grid services. The workflows are built on an abstract level with semantic and syntactic descriptions of services available on the Grid using UML activity diagram language. As there are particular needs for modeling composed workflows of Grid services, we propose to extend the UML activity diagram notation. These extensions deal with additional information allowing a systematic composition of workflows and containing appropriate data to describe a Grid service. These data are useful for the execution of the resulting workflow.
{"title":"Extended UML activity diagram for composing Grid services workflows","authors":"Y. Hlaoui, Leila Jemni Ben Ayed","doi":"10.1109/CRISIS.2008.4757480","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757480","url":null,"abstract":"This paper focuses on how to model and compose workflow applications of Grid services without considering lower level description of the Grid environment. To reach this objective, we propose a model-driven approach (MDA) for developing workflow applications from existing Grid services. The workflows are built on an abstract level with semantic and syntactic descriptions of services available on the Grid using UML activity diagram language. As there are particular needs for modeling composed workflows of Grid services, we propose to extend the UML activity diagram notation. These extensions deal with additional information allowing a systematic composition of workflows and containing appropriate data to describe a Grid service. These data are useful for the execution of the resulting workflow.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121498729","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-10-01DOI: 10.1109/CRISIS.2008.4757472
P. E. Abi-Char, M. Mokhtari, A. M'hamed, B. El-Hassan
Anonymous authentication is a means of authorizing a user without revealing his/her identification. Mobile technologies such as radiofrequency identification (RFID) tags, PDAs and mobile phone systems are increasingly being deployed in pervasive computing. These mobile devices have raised public concern regarding violation of privacy, anonymity and information confidentiality. Considering these concerns, there is a growing need to discover and develop techniques and methods to overcome the threats described above. In this paper we propose an architecture which enhances the privacy and anonymity of users in ubiquitous computing and yet preserves the security requirements of the system. Our proposed architecture is based on elliptic curve techniques, on MaptoCurve or MapToPoint function, on Weil pairing techniques and finally on elliptic curve based Okamoto identification scheme. In addition, we present a formal validation of our protocol by using the AVISPA tool. The main comparative study of our proposed architecture is to provide privacy and anonymity for mobile users. Our proposed architecture achieves many of desirable security requirements.
{"title":"Towards a robust privacy and anonymity preserving architecture for ubiquitous computing","authors":"P. E. Abi-Char, M. Mokhtari, A. M'hamed, B. El-Hassan","doi":"10.1109/CRISIS.2008.4757472","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757472","url":null,"abstract":"Anonymous authentication is a means of authorizing a user without revealing his/her identification. Mobile technologies such as radiofrequency identification (RFID) tags, PDAs and mobile phone systems are increasingly being deployed in pervasive computing. These mobile devices have raised public concern regarding violation of privacy, anonymity and information confidentiality. Considering these concerns, there is a growing need to discover and develop techniques and methods to overcome the threats described above. In this paper we propose an architecture which enhances the privacy and anonymity of users in ubiquitous computing and yet preserves the security requirements of the system. Our proposed architecture is based on elliptic curve techniques, on MaptoCurve or MapToPoint function, on Weil pairing techniques and finally on elliptic curve based Okamoto identification scheme. In addition, we present a formal validation of our protocol by using the AVISPA tool. The main comparative study of our proposed architecture is to provide privacy and anonymity for mobile users. Our proposed architecture achieves many of desirable security requirements.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114825137","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-10-01DOI: 10.1109/CRISIS.2008.4757464
Wei Wang, Sylvain Gombault
DDoS attacks are major threats in current computer networks. However, DDoS attacks are difficult to be quickly detected. In this paper, we introduce a system that only extracts several important attributes from network traffic for DDoS attack detection in real computer networks. We collect a large set of DDoS attack traffic by implementing various DDoS attacks as well as normal data during normal usage. Information Gain and Chi-square methods are used to rank the importance of 41 attributes extracted from the network traffic with our programs. Bayesian networks as well as C4.5 are then employed to detect attacks as well as to determine what size of attributes is appropriate for fast detection. Empirical results show that only using the most important 9 attributes, the detection accuracy remains the same or even has some improvements compared with that of using all the 41 attributes based on Bayesian Networks and C4.5 methods. Only using several attributes also improves the efficiency in terms of attributes constructing, models training as well as intrusion detection.
{"title":"Efficient detection of DDoS attacks with important attributes","authors":"Wei Wang, Sylvain Gombault","doi":"10.1109/CRISIS.2008.4757464","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757464","url":null,"abstract":"DDoS attacks are major threats in current computer networks. However, DDoS attacks are difficult to be quickly detected. In this paper, we introduce a system that only extracts several important attributes from network traffic for DDoS attack detection in real computer networks. We collect a large set of DDoS attack traffic by implementing various DDoS attacks as well as normal data during normal usage. Information Gain and Chi-square methods are used to rank the importance of 41 attributes extracted from the network traffic with our programs. Bayesian networks as well as C4.5 are then employed to detect attacks as well as to determine what size of attributes is appropriate for fast detection. Empirical results show that only using the most important 9 attributes, the detection accuracy remains the same or even has some improvements compared with that of using all the 41 attributes based on Bayesian Networks and C4.5 methods. Only using several attributes also improves the efficiency in terms of attributes constructing, models training as well as intrusion detection.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132416399","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-10-01DOI: 10.1109/CRISIS.2008.4757487
Lilia Frikha, Z. Trabelsi
Covert channels are not a new topic. However they remain an interesting research area. The most proposed techniques are located in the upper layers of the OSI model. In this paper, we present a new covert channel in the data link layer dedicated to wireless local area networks. It uses either sequence control or initial vector fields or both of them depending on the configuration of the network. We present also some measurements to protect the proposed channel against steganalysis and sniffing.
{"title":"A new covert channel in WIFI networks","authors":"Lilia Frikha, Z. Trabelsi","doi":"10.1109/CRISIS.2008.4757487","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757487","url":null,"abstract":"Covert channels are not a new topic. However they remain an interesting research area. The most proposed techniques are located in the upper layers of the OSI model. In this paper, we present a new covert channel in the data link layer dedicated to wireless local area networks. It uses either sequence control or initial vector fields or both of them depending on the configuration of the network. We present also some measurements to protect the proposed channel against steganalysis and sniffing.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123642049","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-10-01DOI: 10.1109/CRISIS.2008.4757471
Wael Kanoun, N. Cuppens-Boulahia, F. Cuppens, J. Araújo
Nowadays, intrusion detection systems do not only aim to detect attacks; but they go beyond by providing reaction mechanisms to cope with detected attacks, or at least reduce their effects. Previous research works have proposed several methods to automatically select possible countermeasures capable of ending the detected attack, but without taking into account their side effects. In fact, countermeasures can be as harmful as the detected attack. Moreover, sometimes selected countermeasures are not adapted to the attackerpsilas actions and/or knowledge. In this paper, we propose to turn the reaction selection process intelligent by giving means to (i) quantify the effectiveness and select the countermeasure that has the minimum negative side effect on the information system by adopting a risk assessment and analysis approach, and (ii) assess the skill and knowledge level of the attacker from a defensive point of view.
{"title":"Automated reaction based on risk analysis and attackers skills in intrusion detection systems","authors":"Wael Kanoun, N. Cuppens-Boulahia, F. Cuppens, J. Araújo","doi":"10.1109/CRISIS.2008.4757471","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757471","url":null,"abstract":"Nowadays, intrusion detection systems do not only aim to detect attacks; but they go beyond by providing reaction mechanisms to cope with detected attacks, or at least reduce their effects. Previous research works have proposed several methods to automatically select possible countermeasures capable of ending the detected attack, but without taking into account their side effects. In fact, countermeasures can be as harmful as the detected attack. Moreover, sometimes selected countermeasures are not adapted to the attackerpsilas actions and/or knowledge. In this paper, we propose to turn the reaction selection process intelligent by giving means to (i) quantify the effectiveness and select the countermeasure that has the minimum negative side effect on the information system by adopting a risk assessment and analysis approach, and (ii) assess the skill and knowledge level of the attacker from a defensive point of view.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130041489","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-10-01DOI: 10.1109/CRISIS.2008.4757478
C. Kollmitzer, O. Maurhart, S. Schauer, S. Rass
Companies running research and development (R&D) departments invest considerable effort into the protection of results and security of communication channels. In cases where particular expertise is unavailable within the company, R&D may be partially outsourced to external specialists being universities or independent research centers. In any such case where highly valuable data is to be exchanged between departments of a company or a university, quantum cryptography offers a convenient way to protect the investment and revenue tied to the research. Upon recent results within the EU-project SECOQC, we present an application framework that is suitable for meeting R&D security requirements. We draw from the latest experimental results, demonstrating the feasibility and efficiency of using quantum cryptography in that context.
{"title":"Application framework for high security requirements in R&D environments based on quantum cryptography","authors":"C. Kollmitzer, O. Maurhart, S. Schauer, S. Rass","doi":"10.1109/CRISIS.2008.4757478","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757478","url":null,"abstract":"Companies running research and development (R&D) departments invest considerable effort into the protection of results and security of communication channels. In cases where particular expertise is unavailable within the company, R&D may be partially outsourced to external specialists being universities or independent research centers. In any such case where highly valuable data is to be exchanged between departments of a company or a university, quantum cryptography offers a convenient way to protect the investment and revenue tied to the research. Upon recent results within the EU-project SECOQC, we present an application framework that is suitable for meeting R&D security requirements. We draw from the latest experimental results, demonstrating the feasibility and efficiency of using quantum cryptography in that context.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115892803","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-10-01DOI: 10.1109/CRISIS.2008.4757473
N. Pavaday, K. Soyjaudah
The rise of the Internet and the push for ubiquitous computing has brought a proliferation of numerous single method solutions, forcing users to remember numerous secret codes, a task that is becoming increasingly difficult. On the web, codes are used by publications, blogs, Webmail, e-commerce sites, and financial institutions. Elsewhere, they serve as authentication mechanism for Internet service providers (ISPs), email servers, local and remote host account, ATM, voicemails and so on. Existing textual passwords, token based systems, and other methods often do not offer the necessary security standard. Fortunately biometric systems that are based on the biological features of the user when typing texts are very promising in enhancing the de facto textual password. The main objective of this paper is to assess and report on the suitability of keystroke dynamics in protecting access to resources when users are typing the different types of password that exist.
{"title":"A comparative study of secret code variants in terms of keystroke dynamics","authors":"N. Pavaday, K. Soyjaudah","doi":"10.1109/CRISIS.2008.4757473","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757473","url":null,"abstract":"The rise of the Internet and the push for ubiquitous computing has brought a proliferation of numerous single method solutions, forcing users to remember numerous secret codes, a task that is becoming increasingly difficult. On the web, codes are used by publications, blogs, Webmail, e-commerce sites, and financial institutions. Elsewhere, they serve as authentication mechanism for Internet service providers (ISPs), email servers, local and remote host account, ATM, voicemails and so on. Existing textual passwords, token based systems, and other methods often do not offer the necessary security standard. Fortunately biometric systems that are based on the biological features of the user when typing texts are very promising in enhancing the de facto textual password. The main objective of this paper is to assess and report on the suitability of keystroke dynamics in protecting access to resources when users are typing the different types of password that exist.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123551805","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-10-01DOI: 10.1504/IJICS.2009.031032
Mohamed Elhoucine Elhdhili, Lamia Ben Azzouz, F. Kamoun
Clustering in ad hoc networks consists in dividing the network into clusters (groups) managed by elected nodes called clusterheads. This technique has been used for different goals as routing efficiency, transmission management and information collection. As far as we know, no existing clustering algorithms have taken into account the existence of malicious nodes for clusterheads election and maintenance. These nodes can lie to be elected as clusterheads. Consequently the network might be managed by most of them. To solve this problem, we propose a reputation based clustering algorithm (RECA) that aims to elect trustworthy, stable and high energy clusterheads that can be used to manage the security of the network. Simulations were conducted to evaluate RECA performances in the presence of liars. Results show that it converges to a stable and convenient network division into clusters with no untrustworthy clusterheads and mainly one hop members.
{"title":"Reputation based clustering algorithm for security management in ad hoc networks with liars","authors":"Mohamed Elhoucine Elhdhili, Lamia Ben Azzouz, F. Kamoun","doi":"10.1504/IJICS.2009.031032","DOIUrl":"https://doi.org/10.1504/IJICS.2009.031032","url":null,"abstract":"Clustering in ad hoc networks consists in dividing the network into clusters (groups) managed by elected nodes called clusterheads. This technique has been used for different goals as routing efficiency, transmission management and information collection. As far as we know, no existing clustering algorithms have taken into account the existence of malicious nodes for clusterheads election and maintenance. These nodes can lie to be elected as clusterheads. Consequently the network might be managed by most of them. To solve this problem, we propose a reputation based clustering algorithm (RECA) that aims to elect trustworthy, stable and high energy clusterheads that can be used to manage the security of the network. Simulations were conducted to evaluate RECA performances in the presence of liars. Results show that it converges to a stable and convenient network division into clusters with no untrustworthy clusterheads and mainly one hop members.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129674026","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: