ARES 2010: Krakow, Poland

ARES 2010, Fifth International Conference on Availability, Reliability and Security, 15-18 February 2010, Krakow, Poland. IEEE Computer Society 2010, ISBN 978-0-7695-3965-2

ARES 2010 Full Papers

Network Security I

Christophe Feltus, Djamel Khadraoui, Jocelyn Aubert:
A Security Decision-Reaction Architecture for Heterogeneous Distributed Network. 1-8
Anjali Sardana, Ramesh Chandra Joshi:
Dual-Level Attack Detection and Characterization for Networks under DDoS. 9-16
Hai Nguyen, Katrin Franke, Slobodan Petrovic:
Improving Effectiveness of Intrusion Detection by Correlation Feature Selection. 17-24

Network Security II

Phongphun Kijsanayothin, Rattikorn Hewett:
Analytical Approach to Attack Graph Analysis for Network Security. 25-32
Gregory Epiphaniou, Carsten Maple, Paul Sant, Matthew Reeve:
Affects of Queuing Mechanisms on RTP Traffic: Comparative Analysis of Jitter, End-to-End Delay and Packet Loss. 33-40
Klaus Hildebrandt, Igor Podebrad, Bernd Klauer:
A Computer Architecture with Hardwarebased Malware Detection. 41-45

Identity Management, Authentication, and Authorization I

Alan H. Karp, Jun Li:
Solving the Transitive Access Problem for the Services Oriented Architecture. 46-53
Byoungcheon Lee:
Unified Public Key Infrastructure Supporting Both Certificate-Based and ID-Based Cryptography. 54-61
Florian Kohlar, Jörg Schwenk, Meiko Jensen, Sebastian Gajek:
Secure Bindings of SAML Assertions to TLS Sessions. 62-69

Identity Management, Authentication, and Authorization II

Yehia Elrakaiby, Frédéric Cuppens, Nora Cuppens-Boulahia:
From Contextual Permission to Dynamic Pre-obligation: An Integrated Approach. 70-78
Anna Vapen, David Byers, Nahid Shahmehri:
2-clickAuth. 79-86
Stere Preda, Nora Cuppens-Boulahia, Frédéric Cuppens, Laurent Toutain:
Architecture-Aware Adaptive Deployment of Contextual Security Policies. 87-95

Availability and Reliability I

Guenther Starnberger, Lorenz Froihofer, Karl M. Göschka:
Using Smart Cards for Tamper-Proof Timestamps on Untrusted Clients. 96-103
Alex Hai Wang, Su Yan, Peng Liu:
A Semi-Markov Survivability Evaluation Model for Intrusion Tolerant Database Systems. 104-111

Availability and Reliability II

Fatima-Zohra Benhamida, Yacine Challal:
FaT2D: Fault Tolerant Directed Diffusion for Wireless Sensor Networks. 112-118
Somayeh Bahramnejad, Hamid R. Zarandi:
An Adaptive Redundancy Oriented Method to Tolerate Soft Errors in SRAM-Based FPGAs Using Unused Resources. 119-124
Iman Faraji, Moslem Didehban, Hamid R. Zarandi:
Analysis of Transient Faults on a MIPS-Based Dual-Core Processor. 125-130

Risk and Security Management I

Jan Kolter, Michael Netter, Günther Pernul:
Visualizing Past Personal Data Disclosures. 131-139
Bernard Stepien, Stan Matwin, Amy P. Felty:
Strategies for Reducing Risks of Inconsistencies in Access Control Policies. 140-147
Yudistira Asnar, Paolo Giorgini:
Multi-dimensional Uncertainty Analysis in Secure and Dependable Domain. 148-155

Risk and Security Management II

Achim D. Brucker, Dieter Hutter:
Information Flow in Disaster Management Systems. 156-163
Komminist Weldemariam, Richard A. Kemmerer, Adolfo Villafiorita:
Formal Specification and Analysis of an E-voting System. 164-171
Esma Aïmeur, Sébastien Gambs, Ai Ho:
Towards a Privacy-Enhanced Social Networking Site. 172-179

Risk and Security Management III

Stefan Jakoubi, Simon Tjoa, Sigrun Goluch, Gerhard Kitzler:
A Formal Approach Towards Risk-Aware Service Level Analysis and Planning. 180-187
Holger Schmidt:
Threat- and Risk-Analysis During Early Security Requirements Engineering. 188-195
Shuhaili Talib, Nathan L. Clarke, Steven Furnell:
An Analysis of Information Security Awareness within Home and Work Environments. 196-203

ARES 2010 Short Papers

Security and Privacy

Poonam Gera, Kumkum Garg, Manoj Misra:
Trust Based Multi Path DSR Protocol. 204-209
Rui Miguel Soares Silva, Rui Gustavo Nunes Pereira Crespo, Mário Serafim dos Santos Nunes:
Enhanced Chaotic Stream Cipher for WSNs. 210-215
A. A. Adekunle, S. R. Woodhead:
Zone Based Systems Design Framework for the Realisation of Efficient Block Cipher Based Message Authentication Code Algorithms. 216-221

Identity Management, Authentication, and Authorization

Stefan Durbeck, Christoph Fritsch, Günther Pernul, Rolf Schillinger:
A Semantic Security Architecture for Web Services. 222-227
Thorsten Höllrigl, Jochen Dinger, Hannes Hartenstein:
FedWare: Middleware Services to Cope with Information Consistency in Federated Identity Management. 228-235
Mohsen Saffarian, Babak Sadighi:
Owner-Based Role-Based Access Control OB-RBAC. 236-241

Cryptography and Secure Protocols

Zeljko Vrba, Pål Halvorsen, Carsten Griwodz:
Program Obfuscation by Strong Cryptography. 242-247
Nina Moebius, Kurt Stenzel, Wolfgang Reif:
Pitfalls in Formal Reasoning about Security Protocols. 248-253
Sigurd Eskeland, Vladimir A. Oleshchuk:
Secure Group Communication Using Fractional Public Keys. 254-257

Risk and Security Management

Jan Willemson:
Extending the Gordon and Loeb Model for Information Security Investment. 258-261
Jocelyn Aubert, Thomas Schaberreiter, Christophe Incoul, Djamel Khadraoui, Benjamin Gâteau:
Risk-Based Methodology for Real-Time Security Monitoring of Interdependent Services in Critical Infrastructures. 262-267
Simon Tjoa, Stefan Jakoubi, Sigrun Goluch, Gerhard Kitzler:
Planning Dynamic Activity and Resource Allocations Using a Risk-Aware Business Process Management Approach. 268-274

Miscellaneous

Ronald Kainda, Ivan Flechais, A. W. Roscoe:
Security and Usability: Analysis and Evaluation. 275-282
Matthew Simon, Jill Slay:
Recovery of Skype Application Activity Data from Physical Memory. 283-288
Arash Rezaei, Mohsen Sharifi:
Rejuvenating High Available Virtualized Systems. 289-294

Fifth International Workshop on Frontiers in Availability, Reliability, and Security (FARES 2010 )

Fraud and Misuse Detection

Raja Khurram Shahzad, Syed Imran Haider, Niklas Lavesson:
Detection of Spyware by Mining Executable Files. 295-302
Gerardo Canfora, Bice Cavallo:
A Probabilistic Approach for On-Line Sum-Auditing. 303-308
Mansoor Ahmed, Amin Anjomshoaa, Muhammad Asfand-e-yar, A. Min Tjoa, Abid Khan:
Towards an Ontology-Based Solution for Managing License Agreement Using Semantic Desktop. 309-314

Intrusion Detection

Hao Chen, John A. Clark, Siraj A. Shaikh, Howard Chivers, Philip Nobles:
Optimising IDS Sensor Placement. 315-320
Neminath Hubballi, Santosh Biswas, Sukumar Nandi:
Layered Higher Order N-grams for Hardening Payload Based Anomaly Intrusion Detection. 321-326
Jorge Blasco Alís, Agustín Orfila, Arturo Ribagorda:
Improving Network Intrusion Detection by Means of Domain-Aware Genetic Programming. 327-332

Privacy and Trust

Martin Boldt, Anton Borg, Bengt Carlsson:
On the Simulation of a Software Reputation System. 333-340
Yun Ding, Karsten Klein:
Model-Driven Application-Level Encryption for the Privacy of E-health Data. 341-346
Tanveer Zia, Md. Zahidul Islam:
Communal Reputation and Individual Trust (CRIT) in Wireless Sensor Networks. 347-352

Global Information Security

Solange Ghernaouti-Helie, Igli Tashi, David Simms:
A Multi-stage Methodology for Ensuring Appropriate Security Culture and Governance. 353-360
Hiroshi Nagano:
Development of ICT Infrastructure for Local Socio-Economic System in Japan. 361-369
Solange Ghernaouti-Helie:
A National Strategy for an Effective Cybersecurity Approach and Culture. 370-373

Software Security and Authentication

Milos Milovanovic, Marija Bogicevic, Miroslav Lazovic, Dejan B. Simic, Dusan Starcevic:
Choosing Authentication Techniques in E-procurement System in Serbia. 374-379
Ines Brosso, Alessandro La Neve, Graça Bressan, Wilson Vicente Ruggiero:
A Continuous Authentication System Based on User Behavior Analysis. 380-385
Dejan Baca:
Identifying Security Relevant Warnings from Static Code Analysis Tools through Code Tainting. 386-390

Digital Content Security

Laila El Aimani, Yona Raekow:
Reselling Digital Content. 391-396
Sascha Müller, Stefan Katzenbeisser:
A New DRM Architecture with Strong Enforcement. 397-403
Benjamin Aziz, Alvaro Arenas, Giovanni Cortese, Bruno Crispo, Silvio Causetti:
A Secure and Scalable Grid-Based Content Management System. 404-409
Nils Gruschka, Meiko Jensen, Luigi Lo Iacono:
A Design Pattern for Event-Based Processing of Security-Enriched SOAP Messages. 410-415

The Second International Workshop on Organizational Security Aspects (OSA 2010)

Organizational Aspects of Security: Session 1

Juhani Anttila, Jorma Kajava:
Challenging IS and ISM Standardization for Business Benefits. 416-421
Luís Enrique Sanchez, Carlos Ruiz, Eduardo Fernández-Medina, Mario Piattini:
Managing the Asset Risk of SMEs. 422-429

Organizational Aspects of Security: Session 2

André Miede, Nedislav Nedyalkov, Christian Gottron, André König, Nicolas Repp, Ralf Steinmetz:
A Generic Metamodel for IT Security. 430-437
Inger Anne Tøndel, Jostein Jensen, Lillian Røstad:
Combining Misuse Cases with Attack Trees and Security Activity Models. 438-445
Virginia N. L. Franqueira, André van Cleeff, Pascal van Eck, Roel Wieringa:
External Insider Threat: A Real Security Challenge in Enterprise Value Webs. 446-453

Organizational Aspects of Security: Session 3

Kassidy P. Clark, Martijn Warnier, Frances M. T. Brazier, Thomas B. Quillinan:
Secure Monitoring of Service Level Agreements. 454-461
Jordan Crain, Lukasz Opyrchal, Atul Prakash:
Fighting Phishing with Trusted Email. 462-467
Matthias Kehlenbeck, Thorben Sandner, Michael H. Breitner:
Application and Economic Implications of an Automated Requirement-Oriented and Standard-Based Compliance Monitoring and Reporting Prototype. 468-474

Organizational Aspects of Security: Session 4

Lucie Langer, Axel Schmidt, Johannes Buchmann, Melanie Volkamer:
A Taxonomy Refining the Security Requirements for Electronic Voting: Analyzing Helios as a Proof of Concept. 475-480
Kyawt Kyawt Khaing, Khin Mi Mi Aung:
Secured Key Distribution Scheme for Cryptographic Key Management System. 481-486
Natasha Bodorik, A. Nur Zincir-Heywood:
One Size Fits None: The Importance of Detector Parameterization. 487-494

Fourth International Workshop on Secure Software Engineering (SecSE 2010 )

Agile Development and Hot Patching

Steffen Bartsch:
Supporting Authorization Policy Modification in Agile Development of Web Applications. 495-500
Richard Sasson, Martin Gilje Jaatun, Jostein Jensen:
The Road to Hell is Paved with Good Intentions: A Story of (In)secure Software Development. 501-506
Ashwin Ramaswamy, Sergey Bratus, Sean W. Smith, Michael E. Locasto:
Katana: A Hot Patching Framework for ELF Executables. 507-512

Testing, Monitoring, and Validation

Federico Mancini, Dag Hovland, Khalid A. Mughal:
Investigating the Limitations of Java Annotations for Input Validation. 513-518
Hossain Shahriar, Mohammad Zulkernine:
Classification of Buffer Overflow Vulnerability Monitors. 519-524
Huning Dai, Christian Murphy, Gail E. Kaiser:
Configuration Fuzzing for Software Vulnerability Detection. 525-530

Security Modeling and Vulnerabilites

Christian Jung, Frank Elberzhager, Alessandra Bagnato, Fabio Raiteri:
Practical Experience Gained from Modeling Security Goals: Using SGITs in an Industrial Project. 531-536
Egil Trygve Baadshaug, Gencer Erdogan, Per Håkon Meland:
Security Modeling and Tool Support Advantages. 537-542
Shamal Faily, Ivan Flechais:
Analysing and Visualising Security and Usability in IRIS. 543-548
Ziyad S. Al-Salloum, Stephen D. Wolthusen:
Security and Performance Aspects of an Agent-Based Link-Layer Vulnerability Discovery Mechanism. 549-554

Fourth International Workshop on Secure Systems Methodologies Using Patterns (SPattern 2010)

SPattern Application

Yuki Shiroma, Hironori Washizaki, Yoshiaki Fukazawa, Atsuto Kubo, Nobukazu Yoshioka:
Model-Driven Security Patterns Application Based on Dependences among Patterns. 555-559
Michael Netter, Eduardo B. Fernández, Günther Pernul:
Refining the Pattern-Based Reference Model for Electronic Invoices by Incorporating Threats. 560-564
Eduardo B. Fernández, Nobukazu Yoshioka, Hironori Washizaki, Michael VanHilst:
Measuring the Level of Security Introduced by Security Patterns. 565-568

SPattern Development

Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy:
Patterns for Secure Boot and Secure Storage in Computer Systems. 569-573

Fourth International Workshop on Advances in Information Security (WAIS 2010)

Identity and Privacy

Yoshio Kakizaki, Keiichi Iwamura:
A Consideration of the Reliability of Registration and Attribute Exchange. 574-579
Minh-Triet Tran, Isao Echizen, Anh Duc Duong:
Binomial-Mix-Based Location Anonymizer System with Global Dummy Generation to Preserve User Location Privacy in Location-Based Services. 580-585
Mebae Ushida, Tetsuya Izu, Masahiko Takenaka, Kazuo Ohta:
Multiple Designated Verifiers Signatures Reconsidered. 586-590

System Security

Takamasa Isohara, Keisuke Takemori, Yutaka Miyake, Ning Qu, Adrian Perrig:
LSM-Based Secure System Monitoring Using Kernel Protection Schemes. 591-596
Grégoire Jacob, Eric Filiol, Hervé Debar:
Formalization of Viruses and Malware Through Process Algebras. 597-602
Kazuya Kuwabara, Hiroaki Kikuchi, Masato Terada, Masashi Fujiwara:
Heuristics for Detecting Botnet Coordinated Attacks. 603-607

Experimental and Physical Security

Kitahiro Kaneda, Yuki Fujii, Keiichi Iwamura, Seiichiro Hangai:
An Improvement of Robustness Against Physical Attacks and Equipment Independence in Information Hiding Based on the Artificial Fiber Pattern. 608-612
Ken Wakasa, Hiroaki Hazeyama, Toshifumi Kai, Akira Hashiguchi, Masaya Yamagata, Masahiko Fujinaga, Ryunosuke Ohshima, Takashi Shintani:
Large Scale Demonstration Experiments Towards Acheiving Practical Traceback on the Internet. 613-618
Atsushi Waseda, Masahide Sasaki, Masahiro Takeoka, Mikio Fujiwara, Morio Toyoshima, Hidema Tanaka:
Quantum Detection of Wavelength Division Multiplexing Optical Coherent Signals in Lossy Channels. 619-624
Tetsuya Izu, Masahiko Takenaka, Masaya Yasuda:
Experimental Results on Cheon's Algorithm. 625-628

Third International Workshop on Digital Forensics (WSDF 2010)

Digital Forenisc Workshop: Session 1

Grant Osborne, Benjamin Turnbull, Jill Slay:
The 'Explore, Investigate and Correlate' (EIC) Conceptual Framework for Digital Forensics Information Visualisation. 629-634
Andrew Marrington, George M. Mohay, Hasmukh Morarji, Andrew Clark:
A Model for Computer Profiling. 635-640
Stefan Axelsson:
Using Normalized Compression Distance for Classifying File Fragments. 641-646

Digital Forenisc Workshop: Session 2

Talania Grobler, C. P. Louwrens, Sebastiaan H. von Solms:
A Multi-component View of Digital Forensics. 647-652
Chiew Kang Leng, Josef Pieprzyk:
Blind Steganalysis: A Countermeasure for Binary Image Steganography. 653-658
Jorge Herrerías Guerrero, Roberto Gómez Cárdenas:
Log Analysis Towards an Automated Forensic Diagnosis System. 659-664

Digital Forenisc Workshop: Session 3

Yinghua Guo, Jill Slay:
A Function Oriented Methodology to Validate and Verify Forensic Copy Function of Digital Forensic Tools. 665-670
Richard E. Overill, Jantje A. M. Silomon, Kam-Pui Chow:
A Complexity Based Model for Quantifying Forensic Evidential Probabilities. 671-676
Talania Grobler, C. P. Louwrens, Sebastiaan H. von Solms:
A Framework to Guide the Implementation of Proactive Digital Forensics in Organisations. 677-682
Chiew Kang Leng, Josef Pieprzyk:
Estimating Hidden Message Length in Binary Image Embedded by Using Boundary Pixels Steganography. 683-688

Digital Forenisc Workshop Session 4

Jason Howarth, Irfan Altas, Barney Dalgarno:
Information Flow Control Using the Java Virtual Machine Tool Interface (JVMTI). 689-695
Maximilian Bielecki, Gerald Quirchmayr:
A Prototype for Support of Computer Forensic Analysis Combined with the Expected Knowledge Level of an Attacker to More Efficiently Achieve Investigation Results. 696-701
Zahra Toony, Mansour Jamzad:
A Novel Image Hiding Scheme Using Content Aware Seam Carving Method. 702-707

Last update Thu May 17 01:48:57 2012 CET by the DBLP Team —

Data released under the ODC-BY 1.0 license — See also our legal information page