IFIP TC6 Open Digital Library

SEC 2008: Milano, Italy

Proceedings of The IFIP TC-11 23rd International Information Security Conference, IFIP 20th World Computer Congress, IFIP SEC 2008, September 7-10, 2008, Milano, Italy

Sushil Jajodia, Pierangela Samarati, Stelvio Cimato

Springer, IFIP 278, ISBN: 978-0-387-09698-8


Privacy Protection

Hiding in Groups: On the Expressiveness of Privacy Distributions.

Karsten Nohl, David Evans


Practical Privacy-Preserving Benchmarking.

Florian Kerschbaum


Enhancing Privacy in Remote Data Classification.

Alessandro Piva, Claudio Orlandi, M. Caini, Tiziano Bianchi, Mauro Barni


Web Applications Security and Malware

Minimizing SSO Effort in Verifying SSL Anti-phishing Indicators.

Yongdong Wu, Haixia Yao, Feng Bao


Robbing Banks with Their Own Software-an Exploit Against Norwegian Online Banks.

Yngve Espelid, Lars-Helge Netland, André N. Klingsheim, Kjell Jørgen Hole


Collaborative architecture for malware detection and analysis.

Michele Colajanni, Daniele Gozzi, Mirco Marchetti


Sensor and Wireless Security

Realizing Stateful Public Key Encryption in Wireless Sensor Network.

Joonsang Baek, Han Chiang Tan, Jianying Zhou, Jun Wen Wong


Establishing secure links in low-rate wireless personal area networks.

Maurizio Adriano Strangio


An Asynchronous Node Replication Attack in Wireless Sensor Networks.

Jianying Zhou, Tanmoy Kanti Das, Javier Lopez


Security Policies

A B Formal Framework for Security Developments in the Domain of Smart Card Applications.

Frédéric Dadeau, Marie-Laure Potet, Régis Tissot


An Implementation of a Privacy Enforcement Scheme based on the Java Security Framework using XACML Policies.

Thomas Scheffler, Stefan Geiß, Bettina Schnor


Negotiation of Prohibition: An Approach Based on Policy Rewriting.

Nora Cuppens-Boulahia, Frédéric Cuppens, Diala Abi Haidar, Hervé Debar


Access Control in Distributed Systems

An Integrity Lock Architecture for Supporting Distributed Authorizations in Database Federations.

Wei Li 0021, Lingyu Wang, Bo Zhu, Lei Zhang 0004


Role Signatures for Access Control in Open Distributed Systems.

Jason Crampton, Hoon Wei Lim


Policies and Security Aspects For Distributed Scientific Laboratories.

Nicoletta Dessì, Maria Grazia Fugini, R. A. Balachandar


Intrusion Detection

A Fuzzy Model for the Composition of Intrusion Detectors.

Inez Raguenet, Carlos Maziero


Investigating the problem of IDS false alarms: An experimental study using Snort.

Gina C. Tjhai, Maria Papadaki, Steven Furnell, Nathan L. Clarke


User Session Modeling for Effective Application Intrusion Detection.

Kapil Kumar Gupta, Baikunth Nath, Kotagiri Ramamohanarao


Anomaly Detection

A Product Machine Model for Anomaly Detection of Interposition Attacks on Cyber-Physical Systems.

Carlo Bellettini, Julian L. Rrushi


Anomaly Detection with Diagnosis in Diversified Systems using Information Flow Graphs.

Frédéric Majorczyk, Eric Totel, Ludovic Mé, Ayda Saïdane


Behavioral Intrusion Detection Indicators.

Jacques Saraydaryan, Luc Paffumi, Véronique Legrand, Stéphane Ubéda


Role Mining and Content Protection

Leveraging Lattices to Improve Role Mining.

Alessandro Colantonio, Roberto Di Pietro, Alberto Ocello


A Parallelization Framework for Exact Knowledge Hiding in Transactional Databases.

Aris Gkoulalas-Divanis, Vassilios S. Verykios


Efficient Coalition Detection in Traitor Tracing.

Hongxia Jin, Jeffery Lotspiech, Nimrod Megiddo


VOIP and Network Security

SPIT Identification Criteria Implementation: Effectiveness and Lessons Learned.

Stelios Dritsas, Yannis Soupionis, Marianthi Theoharidou, Yannis Mallios, Dimitris Gritzalis


Detecting More SIP Attacks on VoIP Services by Combining Rule Matching and State Transition Models.

Dongwon Seo, Heejo Lee, Ejovi Nuwere


A Decentralized Bayesian Attack Detection Algorithm for Network Security.

Kien C. Nguyen, Tansu Alpcan, Tamer Basar


Network Devices Security and Cyber Warfare

An Operation-Based Metric for CPA Resistance.

Jing Pan, J. I. den Hartog, Erik P. de Vink


YASIR: A Low-Latency, High-Integrity Security Retrofit for Legacy SCADA Systems.

Patrick P. Tsang, Sean W. Smith


Adversary Modeling and Simulation in Cyber Warfare.

Samuel N. Hamilton, Wendy L. Hamilton


Security Compliance

Interactive Selection of ISO 27001 Controls under Multiple Objectives.

Thomas Neubauer, Andreas Ekelhart, Stefan Fenz


Feasibility of Automated Information Security Compliance Auditing.

Dennis Longley, Mark Branagan, William J. Caelli, Lam-for Kwok


Software Licence Protection and Management for Organisations.

Muntaha Alawneh, Imad M. Abbadi


Risk and Security Analysis

A Vulnerability Prioritization System Using A Fuzzy Risk Analysis Approach.

Maxwell G. Dondo


ASTRA : A Security Analysis Method Based on Asset Tracking.

Daniel Le Métayer, Claire Loiseaux


A Knowledge-Based Bayesian Model for Analyzing a System after an Insider Attack.

Qutaibah Althebyan, Brajendra Panda


Identity and Trust Management

Portable User-Centric Identity Management.

Gail-Joon Ahn, Moonam Ko, Mohamed Shehab


Ubiquitous Privacy-Preserving Identity Managment.

Kristof Verslype, Bart De Decker


Facilitating Privacy Related Decisions in Different Privacy Contexts on the Internet by Evaluating Trust in Recipients of Private Data.

Indrajit Ray, Sudip Chakraborty


Virtualization and Digital Forensics

Using Virtualization to Create and Deploy Computer Security Lab Exercises.

Brian Hay, Ronald Dodge, Kara L. Nance


DigForNet: Digital Forensic in Networking.

Slim Rekhis, Jihène Krichène, Noureddine Boudriga


A Live Digital Forensic system for Windows networks.

Roberto Battistoni, Alessandro Di Biagio, Roberto Di Pietro, Matteo Formica, Luigi V. Mancini


Short Papers

HoneyID : Unveiling Hidden Spywares by Generating Bogus Events.

Jeheon Han, Jonghoon Kwon, Heejo Lee


A Security Protocol for Self-Organizing Data Storage.

Nouha Oualha, Melek Önen, Yves Roudier


Protecting Financial Institutions from Brute-Force Attacks.

Cormac Herley, Dinei A. F. Florêncio


Agency Theory: Can it be Used to Strengthen IT Governance?.

Shaun Posthumus, Rossouw von Solms


A new Accounting Mechanism for Modern and Future AAA Services.

Alexandros Tsakountakis, Georgios Kambourakis, Stefanos Gritzalis


A user survey on the sense of security, Anshin.

Yasuhiro Fujihara, Yuko Murayama, Kentarou Yamaguchi


Multi-Layer Encryption for Multi-Level Access Control in Wireless Sensor Networks.

Po-Yuan Teng, Shih-I Huang, Adrian Perrig


A Comparative Study of Anomaly Detection Techniques in Web Site Defacement Detection.

Giorgio Davanzo, Eric Medvet, Alberto Bartoli


Managing the lifecycle of XACML delegation policies in federated environments.

Manuel Sánchez, Óscar Cánovas Reverte, Gabriel López, Antonio F. Gómez-Skarmeta


Assessing the Likelihood of Privacy Policy Compliance.

George O. M. Yee, Larry Korba, Ronggong Song


Classification features for detecting Server-side and Client-side Web attacks.

Salem Benferhat, Karim Tabia