IFIP TC6 Open Digital Library

SEC 2007: Sandton, South Africa

New Approaches for Security, Privacy and Trust in Complex Environments, Proceedings of the IFIP TC-11 22nd International Information Security Conference (SEC 2007), 14-16 May 2007, Sandton, South Africa

Hein S. Venter, Mariki M. Eloff, Les Labuschagne, Jan H. P. Eloff, Rossouw von Solms

Springer, IFIP 232, ISBN: 978-0-387-72366-2



Contents

Digital Forensics

FORSIGS: Forensic Signature Analysis of the Hard Drive for Multimedia File Fingerprints.

John Haggerty, Mark John Taylor

 1-12

Digital Forensic Readiness as a Component of Information Security Best Practice.

Talania Grobler, Buks Louwrens

 13-24

Human-Computer Interaction I

Value creation and Return On Security Investments (ROSI).

Christer Magnusson, Josef Molvidsson, Sven Zetterqvist

 25-35

Usability and Security of Personal Firewalls.

Almut Herzog, Nahid Shahmehri

 37-48

Computer-Based Trust

Trusted Ticket Systems and Applications.

Nicolai Kuntze, Andreas U. Schmidt

 49-60

Trust Evaluation for Web Applications based on Behavioral Analysis.

Luiz Fernando Rust C. Carmo, Breno G. de Oliveira, Augusto C. Braga

 61-72

Information Security Management I

Improving the Information Security Model by using TFI.

Rose-Marie Åhlfeldt, Paolo Spagnoletti, Guttorm Sindre

 73-84

Ontological Mapping of Common Criteria's Security Assurance Requirements.

Andreas Ekelhart, Stefan Fenz, Gernot Goluch, Edgar R. Weippl

 85-95

Network Security I

Management of Exceptions on Access Control Policies.

Joaquín García-Alfaro, Frédéric Cuppens, Nora Cuppens-Boulahia

 97-108

Security Analysis of Two Ultra-Lightweight RFID Authentication Protocols.

Tieyan Li, Guilin Wang

 109-120

Information Security Management II

Exploratory survey on an Evaluation Model for a Sense of Security.

Natsuko Hikage, Yuko Murayama, Carl Hauser

 121-132

Employees' Adherence to Information Security Policies: An Empirical Study.

Mikko T. Siponen, Seppo Pahnila, M. Adam Mahmood

 133-144

Network Security II

Phishing in the Wireless: Implementation and Analysis.

Ivan Martinovic, Frank A. Zdarsky, Adam Bachorek, Christian Jung, Jens B. Schmitt

 145-156

Secure Path-Key Revocation for Symmetric Key Pre-distribution Schemes in Sensor Networks.

Tyler Moore, Jolyon Clulow

 157-168

Access Control I

A Credential-Based System for the Anonymous Delegation of Rights.

Liesje Demuynck, Bart De Decker, Wouter Joosen

 169-180

Development and Application of a Proxy Server for Transparently, Digitally Signing E-Learning Content.

Christian J. Eibl, Basie von Solms, Sigrid E. Schubert

 181-192

Human-Computer Interaction II

Identity Theft - Empirical evidence from a Phishing Exercise.

Tjaart Steyn, Hennie A. Kruger, Lynette Drevin

 193-203

A Practical Usability Evaluation of Security Features in End-User Applications.

Steven Furnell, Dimitris Katsabas, Paul Dowland, Fraser Reid

 205-216

Intrusion Detection Systems

Personal Anomaly-based Intrusion Detection Smart Card Using Behavioural Analysis.

A. Maciej Rossudowski, Hein S. Venter, Jan H. P. Eloff

 217-228

A Survey of Bots Used for Distributed Denial of Service Attacks.

Vrizlynn L. L. Thing, Morris Sloman, Naranker Dulay

 229-240

Access Control II

A Hybrid PKI-IBC Based Ephemerizer System.

Srijith Krishnan Nair, Muhammad Torabi Dashti, Bruno Crispo, Andrew S. Tanenbaum

 241-252

Keystroke Analysis for Thumb-based Keyboards on Mobile Devices.

Sevasti Karatzouni, Nathan L. Clarke

 253-263

Information Privacy I

Security Remarks on a Convertible Nominative Signature Scheme.

Guilin Wang, Feng Bao

 265-275

Using Payment Gateways to Maintain Privacy in Secure Electronic Transactions.

Alapan Arnab, Andrew Hutchison

 277-288

Access Control III

A Role-Based Architecture for Seamless Identity Management and Effective Task Separation.

Evangelos Kotsovinos, Ingo Friese, Martin Kurze, Jörg Heuer

 289-300

Extending Role Based Access Control Model for Distributed Multidomain Applications.

Yuri Demchenko, Leon Gommans, Cees de Laat

 301-312

Information Privacy II

A Middleware Architecture for Integrating Privacy Preferences and Location Accuracy.

Claudio Agostino Ardagna, Marco Cremonini, Ernesto Damiani, Sabrina De Capitani di Vimercati, Pierangela Samarati

 313-324

Enabling Privacy of Real-Life LBS.

Jan Zibuschka, Lothar Fritsch, Mike Radmacher, Tobias Scherner, Kai Rannenberg

 325-336

Access Control IV

Crafting Web Counters into Covert Channels.

Xiapu Luo, Edmond W. W. Chan, Rocky K. C. Chang

 337-348

OPA: Onion Policy Administration Model - Another approach to manage rights in DRM.

Thierry Sans, Frédéric Cuppens, Nora Cuppens-Boulahia

 349-360

Security Services

Non-Repudiation in Internet Telephony.

Nicolai Kuntze, Andreas U. Schmidt, Christian Hett

 361-372

FirePatch: Secure and Time-Critical Dissemination of Software Patches.

Håvard D. Johansen, Dag Johansen, Robbert van Renesse

 373-384

Access Control V

An Experimental Evaluation of Multi-Key Strategies for Data Outsourcing.

Ernesto Damiani, Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia, Stefano Paraboschi, Pierangela Samarati

 385-396

Building a Distributed Semantic-aware Security Architecture.

Jan Kolter, Rolf Schillinger, Günther Pernul

 397-408

Trust and Intrusion Detection Systems

Using Trust to Resist Censorship in the Presence of Collusion.

Andriy Panchenko, Lexi Pimenidis

 409-420

Evaluating the Effects of Model Generalization on Intrusion Detection Performance.

Zhuowei Li, Amitabha Das, Jianying Zhou

 421-432

Keynote Paper

Modernising MAC: New Forms for Mandatory Access Control in an Era of DRM.

William J. Caelli

 433-442

IFIP WG 9.6/11.7 - IT Misuse and the Law & the NoE "Future of Identity in the Information Society" (FIDIS) - Workshop on Security and Control of Identity in Society

Covert Identity Information in Direct Anonymous Attestation (DAA).

Carsten Rudolph

 443-448

Safeguarding Personal Data using Rights Management in Distributed Applications.

Adolf Hohl, Alf Zugenmaier

 449-456

Identification Now and in the Future: Social Grant Distribution Process in South Africa.

Stephen Flowerday, Gideon Ranga

 457-459

Hard-drive Disposal and Identity Fraud.

Paula Thomas, Theodore Tryfonas

 461-466

An analysis of security and privacy issues relating to RFID enabled ePassports.

Eleni Kosta, Martin Meints, Marit Hansen, Mark Gasson

 467-472

IFIP WG 11.1/11.8 Workshop on Fostering Knowledge and SkUls for Manageable Information Security

Toward User Evaluation of IT Security Certification Schemes: A Preliminary Framework.

Nicholas Tate, Sharman Lichtenstein, Matthew J. Warren

 473-478

Teaching of Information Security in the "Health Care and Nursing" Postgraduate program.

Tatjana Welzer, Marko Hölbl, Ana Habjanic, Bostjan Brumen, Marjan Druzovec

 479-484

Remote Virtual Information Assurance Network.

Ronald C. Dodge, Corey Bertram, Daniel Ragsdale

 485-490

Certifying the Computer Security Professional Using the Project Management Institute's PMP Model.

Kara L. Nance, Brian Hay

 491-496