Information Systems Security
7th International Conference, ICISS 2011, Kolkata, India, December 15-19, 2011, Proceedings
Published on 11. November 2011
XV, 388 pages
978-3-642-25560-1 (ISBN)
Description
This book constitutes the refereed proceedings of the 7th International Conference on Information Systems Security, ICISS 2011, held in Kolkata, India, in December 2011.
The 20 revised full papers presented together with 4 short papers and 4 invited papers were carefully reviewed and selected from 105 submissions. The papers are organized in topical sections on access control and authorization, malwares and anomaly detection, crypto and steganographic systems, verification and analysis, wireless and mobile systems security, Web and network security.
More details
Other editions
Additional editions
Sushil Jajodia | Chandan Mazumdar
Information Systems Security
7th International Conference, ICISS 2011, Kolkata, India, December 15-19, 2011, Proceedings
Book
11/2011
Springer
€53.49
Shipment within 7-9 days
Content
- Intro
- Title Page
- Foreword from the General Chairs
- Foreword from the Technical Program Chairs
- Conference Organization
- Table of Contents
- Invited Papers
- Understanding and Protecting Privacy: Formal Semantics and Principled Audit Mechanisms
- Introduction
- Concepts in Privacy Policies
- Structure of Privacy Policies
- Common Concepts in Privacy Policies
- Subjective Concepts
- Logic of Privacy and Its Semantic Model
- Overview
- Syntax of the Logic of Privacy
- Partial Structures and Semantics
- Policy Audits over Incomplete Logs
- Related Work
- Periodic Audits with Imperfect Information
- Related Work
- Research Directions
- References
- Efficient Secure Computation with Garbled Circuits
- Introduction
- Garbled Circuits Background
- Oblivious Transfer
- Improvements
- Frameworks
- Efficient Garbled Circuits Framework
- Pipelined Circuit Execution
- Generating Efficient Circuits
- Implementation
- Applications
- Stronger Adversaries
- Threats
- Previous Work
- Our Approach
- Communication Complexity
- Fairness
- Complete Fairness for Specific Functions
- Partial Fairness
- Fairness with Rational Parties
- Conclusion
- References
- Defending Users against Smartphone Apps: Techniques and Future Directions
- Introduction
- Background
- Application Markets
- Platform Protection
- Protection Mechanisms
- Rule Driven Policy Approach
- High-Level Policy Approach
- Platform Hardening
- Multiple Users
- Faking Sensitive Information
- Application Analysis
- Permission Analysis
- Dynamic Analysis
- Static Analysis
- Cloud-Based Monitoring
- Additional Research Directions
- Conclusion
- References
- Secure Composition of Cryptographic Protocols
- Talk Overview
- Regular Papers
- Flow Based Interpretation of Access Control: Detection of Illegal Information Flows
- Introduction
- Access Control Models and Induced Information Flows
- Flow Policies
- Detecting Illegal Information Flows
- Implementation
- Conclusion
- References
- Consistency Policies for Dynamic Information Systems with Declassification Flows
- Introduction
- Motivating Scenario
- Declassification Flows and Consistency Issues
- Information System Model with Dynamic Behavior
- ECA Rules Security Model
- Flow Control Policy and Declassification Policy
- Scenario Specification
- Dynamic Information Systems and Consistency
- Graph Model for the ECA Rules
- Explanation Graphs
- Consistency Property
- Initial Database Consistency Policy
- Dynamic Explanation Graph Evaluations and Consistency Policy
- Invariants on the state based knowledge: initializing a node
- Explicit Derivation Rules: after a node $N_i$ is created
- Explicit Derivation Rules: after a predicate $P$ is defined in $s_i$
- Implicit Derivation Rules: after a predicate $P$is defined in $s_i$
- Index Evaluation
- Consistency Policy for Dynamic Information Systems
- Related Work
- Conclusion
- References
- Authorization Policy Specification and Enforcement for Group-Centric Secure Information Sharing
- Introduction
- Background
- Overview of g-SIS
- The Stateless p -system G-SIS Specification
- Stateful p -system
- Stateful p -system Design
- Stateful p -system Specification
- Implementation Considerations
- Equivalence of Stateful and Stateless p -system Specifications
- Conclusion and Future Work
- References
- Abductive Analysis of Administrative Policies in Rule-Based Access Control
- Introduction
- Policy Framework
- Abductive Reachability
- Becker and Nanz's Algorithm for Tabled Policy Evaluation with Proof Construction and Abduction
- Analysis Algorithm
- Phase 1: Elimination of addRule and removeRule
- Phase 2: Tabled Policy Evaluation
- Phase 3: Ordering Constraints
- Implementation and Experience
- References
- Towards Detection of Botnet Communication through Social Media by Monitoring User Activity
- Introduction
- Related Work
- Detection Principle
- Detection of Botnet Traffic to Twitter.com
- Empirical Estimation of Optimal Time Windows
- Theoretical Performance of the Detector
- Experimental Evaluation of the Detection Algorithm
- Special Cases of Twitter Traffic
- Automatic Legal Traffic
- Evasion by User Synchronized Botnet Traffic
- Conclusions and Future Work
- References
- Finding Non-trivial Malware Naming Inconsistencies
- Introduction
- Malware Naming Inconsistencies
- Finding Naming Inconsistencies
- Types of Inconsistency
- Phase 1: Naming Convention Modeling
- Phase 2: Comparing Vendors
- Experimental Measurements
- Naming Tree Visual Comparison
- Singletons and ``Not Detected'' Samples
- Quantitative Comparison
- Conclusions
- References
- Taint-Enhanced Anomaly Detection
- Introduction
- Approach Description
- Fine-Grained Taint-Tracking
- Taint-Enhanced Behavior Models
- Coarse-Grained Taint Properties
- Fine-Grained Taint Properties
- Implementation
- Evaluation
- Effectiveness in Detecting Attacks
- False Positives
- Performance Overheads
- Related Work
- Conclusion
- References
- Secured Cloud Storage Scheme Using ECC Based Key Management in User Hierarchy
- Introduction
- Related Work
- Review of Key Management Schemes with Access Control in Hierarchy
- Setup Phase
- Key Generation Phase
- Changing Secret Key of a Security Class
- Proposed Cloud Storage Scheme
- System and Network Model
- Detail Description of the Cloud Storage Model
- Performance Analysis
- Computational Overhead
- Storage Overhead
- Security Analysis
- Comparison with Other Scheme
- Conclusion
- References
- Reversible Image Watermarking through Coordinate Logic Operation Based Prediction
- Introduction
- Coordinate Logic Operations
- Proposed Algorithm
- Watermark Embedding Algorithm
- Watermark Extraction Algorithm
- Handling of Under/Overflow
- Results and Discussion
- Conclusions
- References
- Some Combinatorial Results towards State Recovery Attack on RC4
- Introduction
- Previous Works on State Recovery
- State Recovery with Known j: Theoretical Analysis
- Without Using the Keystream Bytes
- Using the Keystream Bytes
- Heuristics for Further Improvement
- Experimental Results
- Conclusion
- References
- Distributed Signcryption from Pairings
- Introduction
- Mathematical Background
- Overview of Pairings
- Intractable Problems
- Signcryption Scheme with Key Privacy Proposed by Li et al
- Distributed Signcryption and Group Signcryption
- Definition and Security Models for Distributed Signcryption from Pairings
- Definition and Security Models for Group Signcryption from Pairings
- DSC$pairge$ and GSC$pairge$ Schemes
- Distributed Signcryption Scheme Based on Pairings: DSC$pairge$
- Group Signcryption Scheme Based on Pairings: GSC$ pairge$
- Performance and Security Analysis
- Complexity Analysis and Expansion Factor
- Security Analysis
- Comparative Study
- Conclusion
- References
- Formal Privacy Analysis of Communication Protocols for Identity Management
- Introduction
- A Three-Layer Model of Personal Information
- Personal Information
- Three-LayerModel
- Maps between Layers and Equivalence
- Knowledge Analysis
- Messages Analysis on the Information Layer
- Message Analysis on the Object Layer
- Deduction on Object vs Information Layer
- Knowledge of Personal Information
- Defining and Verifying Identity-Related Properties
- Case Study: TAS3 Attribute Aggregation
- TAS3 Attribute Aggregation
- Formalization
- Formal Analysis and Discussion
- Conclusion and Future Work
- References
- Load Time Security Verification
- Introduction
- The SX C Architecture for the Java Card Platform Evolution
- The Java Card Platform Architecture and the Loading Process
- Security-by-Contract for Java Cards
- Threats to Validity of the SxC Approach
- The Java Card Internals
- Application Contract
- The Contract Delivered on the Card
- Contract Population
- The Claim Checker Algorithm
- The Algorithm
- Implementation of the Claim Checker
- The Policy Checker and the Policy Applet Implementation
- Details of the Claim Checker Implementation Memory Statistics
- Related Work
- Conclusions and Future Work
- References
- Preserving Location Privacy for Continuous Queries on Known Route
- Introduction
- Related Work
- Background
- Theoretical Framework
- Hiding Policy of Rule Based Approach
- Rule Based (RB) Approach
- Hide Rules for Individual Attacks
- Hide Rules for Non-separated Attacks
- Time Complexity
- Correctness
- Change of Plans: Real-Time Modifications to User Path
- Experimental Results
- Conclusion
- References
- A Data Mining Framework for Securing 3G Core Network from GTP Fuzzing Attacks
- Introduction
- Related Work
- GPRS Architecture
- $G_ n$ Interface
- Dataset
- Benign Traffic
- Fuzzed Dataset
- GTP Malformed Packet Detection Framework
- Packet Byte Analyzer
- Benign Packet Definitions
- Decision Module
- Experiments and Results
- Conclusion and Future Work
- References
- An Efficient Decentralized Rekeying Scheme to Secure Hierarchical Geographic Multicast Routing in Wireless Sensor Networks
- Introduction
- Secure Hierarchical Geographic Multicast Routing (SHGMR)
- Description of Key Hierarchy
- Initialization Phase
- Secure Message Transmissions
- Security Analysis
- Performance Analysis
- Conclusion
- References
- SecWEM: A Security Solution for Web Based E-mail
- Introduction
- Security of Webmails
- Security Threats to E-mails
- Protection of E-mail against Security Threats
- Related Work
- Our Approach to Webmail Security
- Service-Independent Handling of Webmails
- SecWEM Architecture and Working
- Steps Involved in Securing the Webmail Using SecWEM
- Implementation and Testing
- Performance and Overhead Statistics
- Discussion and Conclusion
- References
- A Multilayer Overlay Network Architecture for Enhancing IP Services Availability against DoS
- Introduction
- Threat Model
- A Secure Multilayer Overlay Network Architecture
- The MON Structure
- Users and the Ticket Mechanism
- A Collaborative DoS Detection and Mitigation Mechanism
- Implementation
- Ticket Acquisition
- MON-enabled Users
- MON Nodes
- Evaluation
- Performance Evaluation
- Qualitative Analysis
- Related Work
- Conclusions and Future Work
- References
- Mitigation of Malicious Modifications by Insiders in Databases
- Introduction
- Background and Related Work
- The Attack Prevention System
- Working of the Models
- Definitions
- Log Based Model
- Identifying Threats
- Dependency Graph Based Model
- Comparison of the Two Models
- Conclusions and Future Work
- References
- A Semantic Hierarchy for Erasure Policies
- Introduction
- Erasure Case Studies
- Total Erasure
- Partial Erasure
- Low Dependent Erasure
- High Dependent Erasure
- An Abstract Model of Information Flow
- Trace Models
- Equivalence Relations and Partitions
- Attacker Models and K-Spaces
- Comparing K-Spaces: Facts and Queries
- The Policy Hierarchy
- Varying the Attacker Model
- Related Work
- Conclusions and Further Work
- References
- Short Papers
- A Universal Semantic Bridge for Virtual Machine Introspection
- Introduction
- Challenges in View Generation
- Implementation
- Conclusion
- References
- A Signature-Based Approach of Correctness Assurance in Data Outsourcing Scenarios
- Introduction
- The Proposed Approach
- Query Processing
- Implementation and Result
- Conclusion
- References
- Towards Access Control Model Engineering
- Introduction
- Idea
- Conclusion
- References
- IFrandbox - Client Side Protection from Malicious Injected Iframes
- Introduction
- Related Work
- Iframe Injection Attack
- Techniques for Hiding Iframe
- Motivation
- IFrandbox - Sandbox for Iframes
- Testing of IFrandbox
- Conclusion
- References
- Author Index
