Information Systems Security

Name: Information Systems Security | 6th International Conference, ICISS 2010, Gandhinagar, India, December 17-19, 2010
Brand: Springer
Price: 53.49 EUR
Availability: OnlineOnly

6th International Conference, ICISS 2010, Gandhinagar, India, December 17-19, 2010

Somesh Jha Anish Mathuria(Editor)

Springer (Publisher)

Published on 7. December 2010

XIV, 261 pages

E-Book

PDF with digital watermarking

System requirements

978-3-642-17714-9 (ISBN)

€53.49incl. 7% vat

System requirements

for PDF with digital watermarking

E-Book Single Licence

Available for download

Description

More details

Other editions

Content

Title Page
Message from the General Chairs
Message from the Technical Program Chairs
Conference Organization
Table of Contents
Invited Talks
Analyzing Explicit Information Flow
References
WebAppArmor: A Framework for Robust Prevention of Attacks onWeb Applications (Invited Paper)
Introduction
Overview
Methodology
Preventing SQL Injection Attacks
Problem Statement
Program Transformation for Model Enforcement
Cross Site Request Forgery (XSRF)
Preventing Cross-Site Scripting Attacks
Preventing Confidentiality and Integrity Attacks from Untrusted Advertisements
Conclusion
References
Toward Securely Programming the Internet
Reference
Attribution of Malicious Behavior
Introduction
Overview
Process Attribution
Virtualization-Based Security
Parsing Kernel Data Structures
Kernel-Space Monitoring
Identifying Process Manipulation
Parasitic Malware Behaviors
Component Aggregation
Related Developments
Post-Mortem Forensic Analysis of Attacks
Malicious Code Analysis
Information Flow Analysis
Virtual-Machine Based Protections
Infection Recovery
Next Steps: From Attribution to Remediation
Identification of Malicious Application Components
Disabling of Suspect Code
Reinfection Prevention
Conclusions
References
Integrity and Verifiability
Unifying Facets of Information Integrity
Introduction
Integrity via Invariance
Value Invariance
Predicate Invariance
Generalized Invariance
Integrity via Information Flow
Enforcement
Endorsement
Extensions and Practical Aspects
I/O
Access Control
Practical Aspects
Related Work
Conclusions
References
Determining the Integrity of Application Binaries on Unsecure Legacy Machines Using Software Based Remote Attestation
Introduction
Related Work
Threat Model and Attack Scenarios
Threat Model and Assumptions
Fixing Attack Scenarios
Performing Remote Attestation
Injection of Code on P
Communication with Trent
Determining Machine Identifiers
Determining MD5 and Arithmetic Checksum
Determining Process Identifiers
Generation of Attestation Code
Results
Extended Verified Code Execution
Conclusion and Future Work
References
Stamp-It: A Method for Enhancing the Universal Verifiability of E2E Voting Systems
Introduction
Limitations of Current Systems
Stamp-It
Related Work
E2E Voting Systems
Other Approaches to the Problem of Receipt Checking
Informal Description of Stamp-It
Actors
The Modified Paper Ballot
Voting Ceremony as the Voter Sees It
What Actually Happens during the Voting Ceremony
Formal Description of Stamp-It
Formal Description
Stamp-It as an Enhancement
Security Analysis of Stamp-It
Universal Verifiability Analysis
The Stamp-It Enhancement as an Add-on That Does Not Degrade the Security of the Original Scheme
Discussion
Conclusions
References
Web and Data Security
Strengthening XSRF Defenses for Legacy Web Applications Using Whitebox Analysis and Transformation
Introduction
Background
Running Example
Existing Secret-Token-Based Defenses and Limitations
Approach Overview
Server-Side Code Transformation
HTML Transformation
Identifying URLs to Retrofit
Supplying Token at the Client Side
Discussion
Evaluation
Related Work
Conclusion
References
Coverage Criteria for Automatic Security Testing of Web Applications
Introduction
Background
Web Application Vulnerabilities
Automatic Security Testing
Limitation of Traditional Coverage Criteria in Security Testing
Branch Coverage-Based Security Testing
Sink Coverage-Based Security Testing
Problem Summary and Our Approach
Proposed Coverage Criteria
Wrapper Coverage
Vulnerability-Aware Wrapper Coverage
Vulnerability-Aware Sink Coverage
Experiment
Experiment Setup
Experiment Result
Discussion
Related Work
Conclusion
References
A Practical Generic Privacy Language
Introduction
Related Work
S4P
Case Study
Trace Semantics
Trace Semantics of Policies
Trace Semantics of Preferences
Satisfaction and Compliance
Safe Data Handling
Implementation
Evaluating S4P's Design
References
Efficient Detection of the Return-Oriented Programming Malicious Code
Introduction
Feature of ROP Malicious Code
Overview
Implementation Details
ELF Analysis
Library Static Analysis
Library Dynamic Analysis
ROP Monitor
Evaluation
Dynamic Library Analysis
False Negatives and False Positives
Performance Evaluation
Discussion
Related Work
Traditional Code Injection Defenses
Other Code-Reuse Techniques
Conclusion
References
ValueGuard: Protection of Native Applications against Data-Only Buffer Overflows
Introduction
Data-Only or Non-control-Data Attacks
Critical Data Structures
Non-control Data Attack
ValueGuard Design
Prototype Implementation
Canaries
Memory Map
Security Evaluation
Effectiveness
Real World Test
Heap Overflow in em3d
Performance Evaluation
Related Work
Bounds Checkers
Probabilistic Countermeasures
Separation and Replication of Information
Runtime Enforcement of Static Analysis Results
Conclusion
References
Access Control and Auditing
Mining RBAC Roles under Cardinality Constraint
Introduction
Related Work
Constrained Role Miner (CRM)
Experimental Results
Performance of CRM
Comparison of CRM with Other Role Mining Algorithms
Conclusion and Future Work
References
Specification of History Based Constraints for Access Control in Conceptual Level
Introduction
TDLBAC-2
Preliminaries
Overall TDLBAC-2 Model Description
Model Terminology
Ground Assertions
Security Policy Rules Definition
Patterns of History Constrained Policy Rules
Access Control Procedure
Storing the History of Accesses in HB
Access Control Algorithm
Complexity of the Access Control Algorithm
Evaluation and Comparison
The Applied Logic
Expressiveness
Related Work
Conclusions
References
Abstracting Audit Data for Lightweight Intrusion Detection
Introduction
Related Work
Abstracting Audit Data for Intrusion Detection
No Data Abstraction: Direct Use of k-NN and One Class SVM
Attribute Abstraction and Intrusion Detection with PCA
Exemplar Extraction
Experiments and Comparative Results
Data
Experiment Settings
Exemplars Extracted
Detection Efficiency
Comparative Results on HTTP Traffic
Comparative Results on KDD 1999 Data
Concluding Remarks
References
System Security
A Persistent Public Watermarking of Relational Databases
Introduction
Basic Concepts
Persistent Public/Private Watermarking
Public Watermarking
Private Watermarking
Discussions
Conclusions
References
Security Rules $versus$ Security Properties
Introduction
Systems
Security Policies
Security Policies and Systems
Related Works
Conclusion
References
Protecting and Restraining the Third Party in RFID-Enabled 3PL Supply Chains
Introduction
Third Party Logistics Supply Chain
3PL Supply Chain
Attacking Scenario of Adversaries
Security and Privacy Requirements
Designing Principle
Solution Based on Aggregate MAC Scheme
Building Blocks of Our MAC-Based Solution
Aggregate MAC-Based Solution
Analysis of the MAC-Based Solution
Solution Based on Aggregate Signature Scheme
Building Blocks of Our Aggregated Signature-Based Scheme
Basic Aggregate Signature-Based Solution
Advanced Aggregate Signature-Based Solution
Analysis of the Aggregated Signature Based Solution
Discussions
Related Works
Conclusions
References
Author Index

System requirements

Save as PDF Copy link into clipboard

Schweitzer Fachinformationen

Information Systems Security

Description

More details

Other editions

Additional editions

Content

System requirements