Pub Date : 2005-09-05DOI: 10.1109/SECCMW.2005.1588294
J. Seigneur, P. Cofta, S. Marsh
Security is usually centrally managed, for example in a form of policies duly executed by individual nodes. This workshop will cover the alternative trend of using collaboration and trust to provide security. Instead of centrally managed security policies, nodes may use specific knowledge (both local and acquired from other nodes) to make security-related decisions. For example, in reputationbased schemes, the reputation of a given node (and hence its security access rights) can be determined based on the recommendations of peer nodes.
{"title":"SECOVAL: the IEEE/CREATE-NET workshop on the value of security through collaboration","authors":"J. Seigneur, P. Cofta, S. Marsh","doi":"10.1109/SECCMW.2005.1588294","DOIUrl":"https://doi.org/10.1109/SECCMW.2005.1588294","url":null,"abstract":"Security is usually centrally managed, for example in a form of policies duly executed by individual nodes. This workshop will cover the alternative trend of using collaboration and trust to provide security. Instead of centrally managed security policies, nodes may use specific knowledge (both local and acquired from other nodes) to make security-related decisions. For example, in reputationbased schemes, the reputation of a given node (and hence its security access rights) can be determined based on the recommendations of peer nodes.","PeriodicalId":382662,"journal":{"name":"Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005.","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125216069","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-09-05DOI: 10.1504/IJITST.2007.014836
K. Ylitalo, S. Holtmanns
In peer-to-peer (P2P) communities, users make personal trust evaluations of each other based on their experiences and observations. The available information of the peer's past behavior, i.e. reputation, is often incomplete, the credibility of evaluations is a concern and the relevance of the available information varies. In this paper, we propose functions for producing tailored trustworthiness estimations in P2P communities based on the peers past behavior. The presented mechanism provides some flexibility on applying it in different kinds of P2P networks.
{"title":"Tailored trustworthiness estimations in peer-to-peer networks","authors":"K. Ylitalo, S. Holtmanns","doi":"10.1504/IJITST.2007.014836","DOIUrl":"https://doi.org/10.1504/IJITST.2007.014836","url":null,"abstract":"In peer-to-peer (P2P) communities, users make personal trust evaluations of each other based on their experiences and observations. The available information of the peer's past behavior, i.e. reputation, is often incomplete, the credibility of evaluations is a concern and the relevance of the available information varies. In this paper, we propose functions for producing tailored trustworthiness estimations in P2P communities based on the peers past behavior. The presented mechanism provides some flexibility on applying it in different kinds of P2P networks.","PeriodicalId":382662,"journal":{"name":"Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005.","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127986473","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-09-05DOI: 10.1109/SECCMW.2005.1588295
D. Huang, de Shane Bracher
In a global computing environment, trust management is important for entities to collaborate. Traditional access control methods cannot meet the needs of autonomous decision making with partial information. The SECURE project introduced a collaboration model using the combination of trust and risk models. This allows an entity to formulate trust according to its own observations and also by accepting recommendations from other entities. Evidence, which originates from other entities, must be gathered in a secure way to ensure that integrity is maintained. This paper introduces a trust broker model which describes how one entity can locate and retrieve evidence on another entity's historic behavior. This evidence-based trust brokering approach provides a basic model for secure evidence gathering and is appropriate for the global computing environment.
{"title":"Towards evidence-based trust brokering","authors":"D. Huang, de Shane Bracher","doi":"10.1109/SECCMW.2005.1588295","DOIUrl":"https://doi.org/10.1109/SECCMW.2005.1588295","url":null,"abstract":"In a global computing environment, trust management is important for entities to collaborate. Traditional access control methods cannot meet the needs of autonomous decision making with partial information. The SECURE project introduced a collaboration model using the combination of trust and risk models. This allows an entity to formulate trust according to its own observations and also by accepting recommendations from other entities. Evidence, which originates from other entities, must be gathered in a secure way to ensure that integrity is maintained. This paper introduces a trust broker model which describes how one entity can locate and retrieve evidence on another entity's historic behavior. This evidence-based trust brokering approach provides a basic model for secure evidence gathering and is appropriate for the global computing environment.","PeriodicalId":382662,"journal":{"name":"Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005.","volume":"83 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132333493","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-09-05DOI: 10.1109/SECCMW.2005.1588300
T. Ryutov, C. Neuman, Li Zhou, N. Foukia
We present a framework that introduces key concepts relevant to agreement negotiation in virtual organizations (VO). The framework serves as a foundation for implementing an automated system that facilitates the establishment of VO agreements, considerably reduces the effort for setting up a VO and consequently reduces the VO's time for operation. The framework captures the relationship between the initial participants' behaviors, expectations, obligations and agreements, making sure that in implementing a system, one does not overlook the important aspects of the agreement structure and negotiation. The framework can be used to validate a negotiation, ensure validity of the achieved agreement and form strategies for future negotiations. A novel aspect of the initial trust establishment described in this paper is the consideration of the effects of the participants' behaviors during the negotiation process on mutual trust. We use the concepts to describe our work-in-progress for specification and negotiation of the agreements that govern the behavior of VO entities.
{"title":"Establishing agreements in dynamic virtual organizations","authors":"T. Ryutov, C. Neuman, Li Zhou, N. Foukia","doi":"10.1109/SECCMW.2005.1588300","DOIUrl":"https://doi.org/10.1109/SECCMW.2005.1588300","url":null,"abstract":"We present a framework that introduces key concepts relevant to agreement negotiation in virtual organizations (VO). The framework serves as a foundation for implementing an automated system that facilitates the establishment of VO agreements, considerably reduces the effort for setting up a VO and consequently reduces the VO's time for operation. The framework captures the relationship between the initial participants' behaviors, expectations, obligations and agreements, making sure that in implementing a system, one does not overlook the important aspects of the agreement structure and negotiation. The framework can be used to validate a negotiation, ensure validity of the achieved agreement and form strategies for future negotiations. A novel aspect of the initial trust establishment described in this paper is the consideration of the effects of the participants' behaviors during the negotiation process on mutual trust. We use the concepts to describe our work-in-progress for specification and negotiation of the agreements that govern the behavior of VO entities.","PeriodicalId":382662,"journal":{"name":"Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005.","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124802799","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-09-05DOI: 10.1109/SECCMW.2005.1588296
F. Ulivieri
Trust is one of the most important elements in agents' relations: there is no cooperation (and ultimately no society) without this original core of trustworthiness towards a partner. In this article we focus on trust within technology-based environments, a subject which has been addressed by several disciplines and from several perspectives. Classical approaches to trust-building are presented here briefly: trust nourished by technological security; trust based on a rigid organization of cooperation; trust provided by a trusted third party and so on. We show that online trust or, more generally, trust in a technical environment, can only be nourished by approaches that are able to integrate cognitive and social elements in a strong way. More precisely, we propose a "paradigm shift" based on an extensive use of communality, reputation and over-help. We also suggest that it is important to study the role of familiarity and habit as one of the factors that could facilitate the presence of trust in a community of users.
{"title":"Social approaches to trust-building in Web technologies","authors":"F. Ulivieri","doi":"10.1109/SECCMW.2005.1588296","DOIUrl":"https://doi.org/10.1109/SECCMW.2005.1588296","url":null,"abstract":"Trust is one of the most important elements in agents' relations: there is no cooperation (and ultimately no society) without this original core of trustworthiness towards a partner. In this article we focus on trust within technology-based environments, a subject which has been addressed by several disciplines and from several perspectives. Classical approaches to trust-building are presented here briefly: trust nourished by technological security; trust based on a rigid organization of cooperation; trust provided by a trusted third party and so on. We show that online trust or, more generally, trust in a technical environment, can only be nourished by approaches that are able to integrate cognitive and social elements in a strong way. More precisely, we propose a \"paradigm shift\" based on an extensive use of communality, reputation and over-help. We also suggest that it is important to study the role of familiarity and habit as one of the factors that could facilitate the presence of trust in a community of users.","PeriodicalId":382662,"journal":{"name":"Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005.","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121317852","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-09-05DOI: 10.1109/SECCMW.2005.1588288
S. Mitropoulos, Dimitrios Patsos, Christos Douligeris
The traceback problem is one of the hardest in information security and has always been the utmost solution to holding attackers accountable for their actions. This paper presents a brief overview of the traceback problem, while discussing the features of software, network and computer forensics. In the rest of this paper, various traceback mechanisms are examined while categorized according to their features and modes of operation. Finally, we propose a classification schema for all traceback methods in order to assess and combine their benefits so as to provide enough information for digital forensics analyses, thus getting -the right way- one step closer to the actual attacker.
{"title":"Network forensics: towards a classification of traceback mechanisms","authors":"S. Mitropoulos, Dimitrios Patsos, Christos Douligeris","doi":"10.1109/SECCMW.2005.1588288","DOIUrl":"https://doi.org/10.1109/SECCMW.2005.1588288","url":null,"abstract":"The traceback problem is one of the hardest in information security and has always been the utmost solution to holding attackers accountable for their actions. This paper presents a brief overview of the traceback problem, while discussing the features of software, network and computer forensics. In the rest of this paper, various traceback mechanisms are examined while categorized according to their features and modes of operation. Finally, we propose a classification schema for all traceback methods in order to assess and combine their benefits so as to provide enough information for digital forensics analyses, thus getting -the right way- one step closer to the actual attacker.","PeriodicalId":382662,"journal":{"name":"Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005.","volume":"61 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126131592","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-09-05DOI: 10.1109/SECCMW.2005.1588321
A. Prasad, A. Zugenmaier, P. Schoo
The next generation communications system will constitute of a heterogeneous access network technologies under a common IP layer. This next generation is often called beyond third generation, B3G. The heterogeneity present in these networks leads to security challenges not present in homogeneous networks. Besides the security issues there is also the issue of providing fast handover such that the user does not perceive any change in service quality or in other words seamless handover. In this paper, we will first define B3G systems and present some of the issues related to it. Next, we will propose approaches to secure and seamless handover in a B3G system.
{"title":"Next generation communications and secure seamless handover","authors":"A. Prasad, A. Zugenmaier, P. Schoo","doi":"10.1109/SECCMW.2005.1588321","DOIUrl":"https://doi.org/10.1109/SECCMW.2005.1588321","url":null,"abstract":"The next generation communications system will constitute of a heterogeneous access network technologies under a common IP layer. This next generation is often called beyond third generation, B3G. The heterogeneity present in these networks leads to security challenges not present in homogeneous networks. Besides the security issues there is also the issue of providing fast handover such that the user does not perceive any change in service quality or in other words seamless handover. In this paper, we will first define B3G systems and present some of the issues related to it. Next, we will propose approaches to secure and seamless handover in a B3G system.","PeriodicalId":382662,"journal":{"name":"Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005.","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125571085","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-09-05DOI: 10.1109/SECCMW.2005.1588316
Aybek Mukhamedov
The paper analyzes BAN Kerberos - a timestamp based key distribution protocol with mutual agent authentication. The protocol is formalized in the strand spaces model and it is shown that BAN Kerberos guarantees the strongest form of authentication in Lowe's hierarchy of authentication specifications [Lowe, 1997] - full agreement on all data items.
{"title":"Full agreement in BAN kerberos","authors":"Aybek Mukhamedov","doi":"10.1109/SECCMW.2005.1588316","DOIUrl":"https://doi.org/10.1109/SECCMW.2005.1588316","url":null,"abstract":"The paper analyzes BAN Kerberos - a timestamp based key distribution protocol with mutual agent authentication. The protocol is formalized in the strand spaces model and it is shown that BAN Kerberos guarantees the strongest form of authentication in Lowe's hierarchy of authentication specifications [Lowe, 1997] - full agreement on all data items.","PeriodicalId":382662,"journal":{"name":"Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005.","volume":"665 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114140958","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-09-05DOI: 10.1109/SECCMW.2005.1588312
G. Lapiotis, Byungsuk Kim, S. Das, F. Anjum
Wireless Ethernet (or Wi-Fi) security management is a challenging area of increased interest due to the widespread deployment of Wireless LANs (WLANs) and their well-known vulnerabilities to various types of attacks, as well as stringent scalability requirements in the dynamic wireless domain. Until the adoption of the latest security standards is complete, users and network assets on deployed WLANs, such as 802.11a/b/g networks, need to be protected from existing security threats without depending on the latest features. In addition, while new standards can protect the unauthorized use of network resource for outsiders, they do not deal with the misuse or misbehaviors by insiders. In this paper we present a hierarchically distributed policy-based system architecture and prototype implementation for WLAN security management. The architecture includes a central policy engine that validates policies and computes new configuration settings for network elements when access policies are violated, distributed wireless domain policy managers with consistent local policy autonomy that coordinate dedicated local monitors so as to monitor and control multi-vendor WLAN access points (APs). The local monitors include wireless intrusion detection modules and wireless AP interface adaptors. Although in this paper we focus on wireless security aspects, the overall architecture can be applied to end-to-end security management of wireline and wireless networks.
{"title":"A policy-based approach to wireless LAN security management","authors":"G. Lapiotis, Byungsuk Kim, S. Das, F. Anjum","doi":"10.1109/SECCMW.2005.1588312","DOIUrl":"https://doi.org/10.1109/SECCMW.2005.1588312","url":null,"abstract":"Wireless Ethernet (or Wi-Fi) security management is a challenging area of increased interest due to the widespread deployment of Wireless LANs (WLANs) and their well-known vulnerabilities to various types of attacks, as well as stringent scalability requirements in the dynamic wireless domain. Until the adoption of the latest security standards is complete, users and network assets on deployed WLANs, such as 802.11a/b/g networks, need to be protected from existing security threats without depending on the latest features. In addition, while new standards can protect the unauthorized use of network resource for outsiders, they do not deal with the misuse or misbehaviors by insiders. In this paper we present a hierarchically distributed policy-based system architecture and prototype implementation for WLAN security management. The architecture includes a central policy engine that validates policies and computes new configuration settings for network elements when access policies are violated, distributed wireless domain policy managers with consistent local policy autonomy that coordinate dedicated local monitors so as to monitor and control multi-vendor WLAN access points (APs). The local monitors include wireless intrusion detection modules and wireless AP interface adaptors. Although in this paper we focus on wireless security aspects, the overall architecture can be applied to end-to-end security management of wireline and wireless networks.","PeriodicalId":382662,"journal":{"name":"Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005.","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114447154","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-09-05DOI: 10.1109/SECCMW.2005.1588313
Zhiying Yao, Daeyoung Kim, Insun Lee, Kiyoung Kim, Jong-Su Jang
Wireless sensor networks are prone to security attacks, which are either common to conventional networks or unique for themselves due to the resource-constraint, susceptibility to physical capture, and wireless nature. Security solutions using crypto schemes are not enough, and sometimes not efficient. In this paper, we develop a security framework with trust management, i.e. establishment of trustworthy network environment, to secure sensor networks. For trust management, we explore a distributed trust model, enabling recommendation-based trust and trust-based recommendation, to build reasonable trust relationship among network entities, represented by numerical values, i.e. trust values. And our security framework fully relies on the values to execute security-related actions aiming at the tradeoff between security and network performance.
{"title":"A security framework with trust management for sensor networks","authors":"Zhiying Yao, Daeyoung Kim, Insun Lee, Kiyoung Kim, Jong-Su Jang","doi":"10.1109/SECCMW.2005.1588313","DOIUrl":"https://doi.org/10.1109/SECCMW.2005.1588313","url":null,"abstract":"Wireless sensor networks are prone to security attacks, which are either common to conventional networks or unique for themselves due to the resource-constraint, susceptibility to physical capture, and wireless nature. Security solutions using crypto schemes are not enough, and sometimes not efficient. In this paper, we develop a security framework with trust management, i.e. establishment of trustworthy network environment, to secure sensor networks. For trust management, we explore a distributed trust model, enabling recommendation-based trust and trust-based recommendation, to build reasonable trust relationship among network entities, represented by numerical values, i.e. trust values. And our security framework fully relies on the values to execute security-related actions aiming at the tradeoff between security and network performance.","PeriodicalId":382662,"journal":{"name":"Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005.","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115579630","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: