Pub Date : 2008-10-01DOI: 10.1109/CRISIS.2008.4757460
Amine Baïna, Y. Deswarte, A. A. E. Kalam, M. Kaâniche
Collaboration allows sharing, processing and exchanging large amounts of data between individuals as well as groups and organizations. In this context, security and access control are important issues that should be studied, specified and enforced. In this paper, we discuss the different approaches that address access control for cooperative systems while putting emphasis on some important proposals; we conclude with a comparison between some interesting approaches, and we introduce some perspectives that help developing the domain.
{"title":"Access control for cooperative systems: A comparative analysis","authors":"Amine Baïna, Y. Deswarte, A. A. E. Kalam, M. Kaâniche","doi":"10.1109/CRISIS.2008.4757460","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757460","url":null,"abstract":"Collaboration allows sharing, processing and exchanging large amounts of data between individuals as well as groups and organizations. In this context, security and access control are important issues that should be studied, specified and enforced. In this paper, we discuss the different approaches that address access control for cooperative systems while putting emphasis on some important proposals; we conclude with a comparison between some interesting approaches, and we introduce some perspectives that help developing the domain.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":"71 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133958808","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-10-01DOI: 10.1109/CRISIS.2008.4757481
Sebastian Sageder, J. Sametinger, Andreas Wiesauer
Even in medium-sized hospitals, thousands of medical records are created every day. These documents have to be archived over many years. This is important for having access to information for later treatments of patients and for potential legal disputes. The latter makes signing of medical records important. The process of getting rid of paper in hospitals is quite challenging for many reasons. Using digital signatures is definitely one of these challenges. This article will report on this process and on experiences made in an Austrian medium-sized hospital.
{"title":"Case study: Using digital signatures for the archival of medical records in hospitals","authors":"Sebastian Sageder, J. Sametinger, Andreas Wiesauer","doi":"10.1109/CRISIS.2008.4757481","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757481","url":null,"abstract":"Even in medium-sized hospitals, thousands of medical records are created every day. These documents have to be archived over many years. This is important for having access to information for later treatments of patients and for potential legal disputes. The latter makes signing of medical records important. The process of getting rid of paper in hospitals is quite challenging for many reasons. Using digital signatures is definitely one of these challenges. This article will report on this process and on experiences made in an Austrian medium-sized hospital.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":"955 ","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"113995581","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-10-01DOI: 10.1109/CRISIS.2008.4757475
A. Keller, K. Voß, Dominic Battré, M. Hovestadt, O. Kao
Quality assurance is a key aspect in scope of the provisioning of grid services since end-users ask for specific quality of service (QoS) criteria defined in service level agreements (SLA). To commit to an SLA, grid providers need a risk analysis during SLA negotiation in order to estimate the probability of an SLA violation. In addition, such a risk analysis is necessary in the post-negotiation phase, in order to find the most profitable solution if not all SLAs can be fulfilled. Current job failure rates in grids (10-45%) highlight the necessity of fault-tolerance mechanisms. If not enough resources exist to compensate for all resource outages, the provider has to prefer those jobs which are in expectation the most profitable ones. Hence, this quality assurance ensures that obligations from the most important jobs will be fulfilled.
{"title":"Quality assurance of Grid service provisioning by risk aware managing of resource failures","authors":"A. Keller, K. Voß, Dominic Battré, M. Hovestadt, O. Kao","doi":"10.1109/CRISIS.2008.4757475","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757475","url":null,"abstract":"Quality assurance is a key aspect in scope of the provisioning of grid services since end-users ask for specific quality of service (QoS) criteria defined in service level agreements (SLA). To commit to an SLA, grid providers need a risk analysis during SLA negotiation in order to estimate the probability of an SLA violation. In addition, such a risk analysis is necessary in the post-negotiation phase, in order to find the most profitable solution if not all SLAs can be fulfilled. Current job failure rates in grids (10-45%) highlight the necessity of fault-tolerance mechanisms. If not enough resources exist to compensate for all resource outages, the provider has to prefer those jobs which are in expectation the most profitable ones. Hence, this quality assurance ensures that obligations from the most important jobs will be fulfilled.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125283177","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-10-01DOI: 10.1109/CRISIS.2008.4757458
Clara Bertolissi, M. Fernández
We propose an access control model that takes into account the specific behaviour of distributed, highly dynamic environments, and describe their representation using an algebraic-functional framework. The declarative nature of the model facilitates the analysis of policies, and direct implementations for access control checking even when resources and information are widely dispersed.
{"title":"An algebraic-functional framework for distributed access control","authors":"Clara Bertolissi, M. Fernández","doi":"10.1109/CRISIS.2008.4757458","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757458","url":null,"abstract":"We propose an access control model that takes into account the specific behaviour of distributed, highly dynamic environments, and describe their representation using an algebraic-functional framework. The declarative nature of the model facilitates the analysis of policies, and direct implementations for access control checking even when resources and information are widely dispersed.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129058989","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-10-01DOI: 10.1109/CRISIS.2008.4757489
Ryma Abassi, S. Fatmi
A security policy constitutes one of the major actors in the protection of communication networks. However, it can be one of their weaknesses if it is inadequate according to the network security requirements. For this, a security policy has to be validated before its deployment. Unfortunately, in the literature, there is no well established validation mechanisms ensuring the well founded of such security policies. This paper proposes a validation framework for security policies based on the concept of executable specifications and applied to the firewall case. The main contributions provided by this paper concerns the adaptation of some concepts and mechanisms traditionally used in software engineering for validation aims, such as specification, executable specification or reachability graph.
{"title":"Towards an automated firewall security policies validation process","authors":"Ryma Abassi, S. Fatmi","doi":"10.1109/CRISIS.2008.4757489","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757489","url":null,"abstract":"A security policy constitutes one of the major actors in the protection of communication networks. However, it can be one of their weaknesses if it is inadequate according to the network security requirements. For this, a security policy has to be validated before its deployment. Unfortunately, in the literature, there is no well established validation mechanisms ensuring the well founded of such security policies. This paper proposes a validation framework for security policies based on the concept of executable specifications and applied to the firewall case. The main contributions provided by this paper concerns the adaptation of some concepts and mechanisms traditionally used in software engineering for validation aims, such as specification, executable specification or reachability graph.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134240926","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-10-01DOI: 10.1109/CRISIS.2008.4757465
M. Loulou, A. Kacem, M. Jmaiel, M. Mosbah
Security in mobile agent systems is twofold: protection of mobile agents and protection of agent execution system. Indeed, the proposed solutions for the security of distributed systems arenpsilat sufficient. Moreover, therepsilas no solution which treats the different concerns of security in the mobile agent systems. To achieve this goal, we use formal foundations which provide a rigorous reasoning about security of mobile agent systems. We propose in this paper a formal framework for the security in mobile agent systems which consists of three basic frameworks. The specification framework proposes, explicitly, a generic definition of security policies that may be enhanced by several concepts related to one or more security models. For illustration, we present a security policy enhancement based on the concepts of the RBAC model. Inevitably, we associate to the specification framework a verification framework which checks the consistency of the proposed specifications as well as the consistency intra-policy. In response to the dynamic changes of security requirements in mobile agent systems, we propose a third framework for the reconfiguration of policies.
{"title":"A formal security framework for mobile agent systems: Specification and verification","authors":"M. Loulou, A. Kacem, M. Jmaiel, M. Mosbah","doi":"10.1109/CRISIS.2008.4757465","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757465","url":null,"abstract":"Security in mobile agent systems is twofold: protection of mobile agents and protection of agent execution system. Indeed, the proposed solutions for the security of distributed systems arenpsilat sufficient. Moreover, therepsilas no solution which treats the different concerns of security in the mobile agent systems. To achieve this goal, we use formal foundations which provide a rigorous reasoning about security of mobile agent systems. We propose in this paper a formal framework for the security in mobile agent systems which consists of three basic frameworks. The specification framework proposes, explicitly, a generic definition of security policies that may be enhanced by several concepts related to one or more security models. For illustration, we present a security policy enhancement based on the concepts of the RBAC model. Inevitably, we associate to the specification framework a verification framework which checks the consistency of the proposed specifications as well as the consistency intra-policy. In response to the dynamic changes of security requirements in mobile agent systems, we propose a third framework for the reconfiguration of policies.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":"149 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133639764","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-10-01DOI: 10.1109/CRISIS.2008.4757462
B. Morel
Anomaly based intrusion detection suffers from the uncontrollability of the rate of false alarms (false positive). What one computer may not be able to accomplish (reliable detection of a new malware with small false positive) many networked intelligently may. This paper is a proof of concept of that idea based on simulation with real data analysis. It speculates on how such set-up could be made part of a large scale intelligent system.
{"title":"Anomaly-based intrusion detection using distributed intelligent systems","authors":"B. Morel","doi":"10.1109/CRISIS.2008.4757462","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757462","url":null,"abstract":"Anomaly based intrusion detection suffers from the uncontrollability of the rate of false alarms (false positive). What one computer may not be able to accomplish (reliable detection of a new malware with small false positive) many networked intelligently may. This paper is a proof of concept of that idea based on simulation with real data analysis. It speculates on how such set-up could be made part of a large scale intelligent system.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122651577","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-10-01DOI: 10.1109/CRISIS.2008.4757484
Fakher Ben Ftima, K. Karoui, H. Ghézala
Firewalls are core elements in network security. However, detecting anomalies, particularly in distributed firewalls has become a complex task. Mobile agents promise an interesting approach for communications between different distributed systems specially Web services applications. In this work, we propose a firewall anomaliespsila detection system based on interactions between the Web services and the mobile agents technologies. Then, we highlight the trumps of this approach compared to the client/server model.
{"title":"Firewalls anomalies’ detection system based on web services / mobile agents interactions","authors":"Fakher Ben Ftima, K. Karoui, H. Ghézala","doi":"10.1109/CRISIS.2008.4757484","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757484","url":null,"abstract":"Firewalls are core elements in network security. However, detecting anomalies, particularly in distributed firewalls has become a complex task. Mobile agents promise an interesting approach for communications between different distributed systems specially Web services applications. In this work, we propose a firewall anomaliespsila detection system based on interactions between the Web services and the mobile agents technologies. Then, we highlight the trumps of this approach compared to the client/server model.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128054154","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-10-01DOI: 10.1109/CRISIS.2008.4757467
Christophe Incoul, B. Gâteau, Jocelyn Aubert, Nicolas Bounoughaz, C. Feltus
Dynamic and evolved environment make the Information Systems (IS), and consequently access rights to its components, always more complex to define and to manage. To bring up a contribution for improving that matter, our paperpsilas first objective is to realize the development of an automated deployment of policies from an administrative platform that encompasses business requirements down to infrastructurepsilas components and devices. This objective is achieved by adapting the XACML OASIS framework and by formalizing a protocol for information exchange through different components of a multi-agent system. The second paperpsilas objective aims at providing guaranties that defined and deployed access rights are continuously aligned with business requirements. This objective is completed by complementary developments that aim to perform a systematic and/or on-demand audit of the effective rights against the desired ones. This second objective is achieved by adding new functionality to the proposed agents architecture and by adapting the protocol accordingly. Practically, this research has been performed in the framework of the SIM project and has privileged free and open source components for the prototyping phase.
{"title":"If only I can trust my police! SIM : An agent-based audit solution of access right deployment through open network","authors":"Christophe Incoul, B. Gâteau, Jocelyn Aubert, Nicolas Bounoughaz, C. Feltus","doi":"10.1109/CRISIS.2008.4757467","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757467","url":null,"abstract":"Dynamic and evolved environment make the Information Systems (IS), and consequently access rights to its components, always more complex to define and to manage. To bring up a contribution for improving that matter, our paperpsilas first objective is to realize the development of an automated deployment of policies from an administrative platform that encompasses business requirements down to infrastructurepsilas components and devices. This objective is achieved by adapting the XACML OASIS framework and by formalizing a protocol for information exchange through different components of a multi-agent system. The second paperpsilas objective aims at providing guaranties that defined and deployed access rights are continuously aligned with business requirements. This objective is completed by complementary developments that aim to perform a systematic and/or on-demand audit of the effective rights against the desired ones. This second objective is achieved by adding new functionality to the proposed agents architecture and by adapting the protocol accordingly. Practically, this research has been performed in the framework of the SIM project and has privileged free and open source components for the prototyping phase.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125345115","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-10-01DOI: 10.1109/CRISIS.2008.4757479
A. B. Shil, Kaouther Blibech Sinaoui, R. Robbana
Timestamping [1] is a cryptographic technique for adding a reliable date to a document in order to prove its existence at a given time. Several solutions of timestamping exist. They are all based on cryptographic techniques as digital signatures and hash functions. However, with the increase of computing power and the evolution of cryptanalysis methods, cryptography becomes more and more the target of criticism. That's why we need new directions and orientations for timestamping techniques. One of these directions was introduced in [2] and dealt with non interactive timestamping solutions in the Bounded Storage Model. In the Bounded Storage Model, we make the hypothesis that user's storage capacity is bounded but user's computing power is unlimited. In this paper, we first present the existing timestamping systems. Then we introduce the Bounded Storage Model. Finally, we present a new timestamping schema that we have conceived in the bounded storage model.
{"title":"A new timestamping schema in the Bounded Storage Model","authors":"A. B. Shil, Kaouther Blibech Sinaoui, R. Robbana","doi":"10.1109/CRISIS.2008.4757479","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757479","url":null,"abstract":"Timestamping [1] is a cryptographic technique for adding a reliable date to a document in order to prove its existence at a given time. Several solutions of timestamping exist. They are all based on cryptographic techniques as digital signatures and hash functions. However, with the increase of computing power and the evolution of cryptanalysis methods, cryptography becomes more and more the target of criticism. That's why we need new directions and orientations for timestamping techniques. One of these directions was introduced in [2] and dealt with non interactive timestamping solutions in the Bounded Storage Model. In the Bounded Storage Model, we make the hypothesis that user's storage capacity is bounded but user's computing power is unlimited. In this paper, we first present the existing timestamping systems. Then we introduce the Bounded Storage Model. Finally, we present a new timestamping schema that we have conceived in the bounded storage model.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":"86 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133003884","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: