Open Problems in Network Security: IFIP WG 11.4 International Workshop, iNetSec 2011, Lucerne, Switzerland, June 9, 2011, Revised Selected Papers

Privacy Policy Framework: Addressing Privacy Problems in SOA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 Laurent Bussard and Ulrich Pinsdorf Flexible and Dynamic Consent-Capturing . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 Muhammad Rizwan Asghar and Giovanni Russello V Problems in the Cloud Towards User Centric Data Governance and Control in the Cloud . . . . . . 132 Stephan Groß and Alexander Schill Securing Data Provenance in the Cloud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 Muhammad Rizwan Asghar, Mihaela Ion, Giovanni Russello, and Bruno Crispo Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161 Evoking Comprehensive Mental Models of Anonymous Credentials Erik Wästlund, Julio Angulo, and Simone Fischer-Hübner Karlstad University, Universitetsgatan 2, 651 88 Karlstad, Sweden {erik.wastlund,julio.angulo,simone.fischer-huebner}@kau.se

[1]  Patrick D. McDaniel,et al.  Understanding Android Security , 2009, IEEE Security & Privacy Magazine.

[2]  Christopher Krügel,et al.  Anomalous system call detection , 2006, TSEC.

[3]  Weimin Zheng,et al.  Enabling Cloud Storage to Support Traditional Applications , 2010, 2010 Fifth Annual ChinaGrid Conference.

[4]  Ross J. Anderson,et al.  A security policy model for clinical information systems , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[5]  Annie I. Antón,et al.  How internet users' privacy concerns have evolved since 2002 , 2010, IEEE Security & Privacy.

[6]  Harald Zwingelberg,et al.  UI prototypes : Policy administration and presentation (version 1) , 2009 .

[7]  Carlos Fernández-Valdivielso,et al.  Personal Privacy Management for Common Users , 2009 .

[8]  Susan B. Davidson,et al.  Privacy issues in scientific workflow provenance , 2010, Wands '10.

[9]  Thomas Shrimpton,et al.  Building a Collision-Resistant Compression Function from Non-compressing Primitives , 2008, ICALP.

[10]  Lalana Kagal,et al.  Access Control is an Inadequate Framework for Privacy Protection , 2010 .

[11]  Margo I. Seltzer,et al.  Provenance-Aware Storage Systems , 2006, USENIX Annual Technical Conference, General Track.

[12]  Laurent Bussard,et al.  Delegation of access rights in multi-domain service compositions , 2009 .

[13]  Vijay Varadharajan,et al.  An Authorization Model for E-consent Requirement in a Health Care Application , 2003, ACNS.

[14]  David H. Jonassen,et al.  Operationalizing mental models: strategies for assessing mental models to support meaningful learning and design-supportive learning environments , 1995, CSCL.

[15]  Giovanni Vigna,et al.  Using Labeling to Prevent Cross-Service Attacks Against Smart Phones , 2006, DIMVA.

[16]  Felix C. Freiling,et al.  Toward Automated Dynamic Malware Analysis Using CWSandbox , 2007, IEEE Secur. Priv..

[17]  James S. Plank,et al.  AONT-RS: Blending Security and Performance in Dispersed Storage Systems , 2011, FAST.

[18]  Hakim Weatherspoon,et al.  RACS: a case for cloud storage diversity , 2010, SoCC '10.

[19]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[20]  Ravi S. Sandhu,et al.  A usage-based authorization framework for collaborative computing systems , 2006, SACMAT '06.

[21]  Lorrie Faith Cranor,et al.  User interfaces for privacy agents , 2006, TCHI.

[22]  Bruno Crispo,et al.  ESPOON: Enforcing Encrypted Security Policies in Outsourced Environments , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[23]  Xiaohui Liang,et al.  Secure provenance: the essential of bread and butter of data forensics in cloud computing , 2010, ASIACCS '10.

[24]  Wenke Lee,et al.  Secure and Flexible Monitoring of Virtual Machines , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[25]  Christian Schaefer,et al.  Policy Evolution in Distributed Usage Control , 2009, Electron. Notes Theor. Comput. Sci..

[26]  Gail-Joon Ahn,et al.  Patient-centric authorization framework for sharing electronic health records , 2009, SACMAT '09.

[27]  Mark Klein,et al.  How Similar Is It? Towards Personalized Similarity Measures in Ontologies , 2005, Wirtschaftsinformatik.

[28]  Carl Gutwin,et al.  Improving understanding of website privacy policies with fine-grained policy anchors , 2005, WWW '05.

[29]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[30]  Josef Spillner SPACEflight — A versatile live demonstrator and teaching system for advanced service-oriented technologies , 2011, 2011 21st International Crimean Conference "Microwave & Telecommunication Technology".

[31]  Abhi Shelat,et al.  Securing user inputs for the web , 2006, DIM '06.

[32]  Michiharu Kudo PBAC: Provision-based access control model , 2002, International Journal of Information Security.

[33]  Vincent Rijmen,et al.  Green Cryptography: Cleaner Engineering through Recycling , 2009, IEEE Security & Privacy Magazine.

[34]  Peter Sewell,et al.  Cassandra: distributed access control policies with tunable expressiveness , 2004, Proceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. POLICY 2004..

[35]  Xiaozhou Li,et al.  Efficient querying and maintenance of network provenance at internet-scale , 2010, SIGMOD Conference.

[36]  Christopher Krügel,et al.  A solution for the automated detection of clickjacking attacks , 2010, ASIACCS '10.

[37]  Steve Hanna,et al.  A survey of mobile malware in the wild , 2011, SPSM '11.

[38]  Kristin E. Lauter,et al.  Cryptographic Cloud Storage , 2010, Financial Cryptography Workshops.

[39]  Paul Greenfield,et al.  A Decentralised Approach to Electronic Consent and Health Information Access Control , 2005, J. Res. Pract. Inf. Technol..

[40]  V. Vaidehi,et al.  Energy Analysis of RSA and ELGAMAL Algorithms for Wireless Sensor Networks , 2010, CNSA.

[41]  Stefan Schmid,et al.  Cryptree: A Folder Tree Structure for Cryptographic File Systems , 2006, 2006 25th IEEE Symposium on Reliable Distributed Systems (SRDS'06).

[42]  Karl Aberer,et al.  A self-organized, fault-tolerant and scalable replication scheme for cloud storage , 2010, SoCC '10.

[43]  Luc Moreau,et al.  The Open Provenance Model: An Overview , 2008, IPAW.

[44]  Sanjeev Khanna,et al.  Why and Where: A Characterization of Data Provenance , 2001, ICDT.

[45]  Tal Garfinkel,et al.  A Virtual Machine Introspection Based Architecture for Intrusion Detection , 2003, NDSS.

[46]  Paul R. Ashley,et al.  Enterprise Privacy Authorization Language , 2003 .

[47]  Zhanhuai Li,et al.  Study on Cloud Storage System Based on Distributed Storage Systems , 2010, 2010 International Conference on Computational and Information Sciences.

[48]  Herbert Burkert,et al.  Some Preliminary Comments on the DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. , 1996 .

[49]  Thierry P. Berger,et al.  Software Oriented Stream Ciphers Based upon FCSRs in Diversified Mode , 2009, INDOCRYPT.

[50]  Simson L. Garfinkel,et al.  Design principles and patterns for computer systems that are simultaneously secure and usable , 2005 .

[51]  Abhi Shelat,et al.  Privacy and identity management for everyone , 2005, DIM '05.

[52]  Roch Guérin,et al.  A Framework for Policy-based Admission Control , 2000, RFC.

[53]  Gregory Neven,et al.  Downstream Usage Control , 2010, 2010 IEEE International Symposium on Policies for Distributed Systems and Networks.

[54]  Wolfgang Effelsberg,et al.  Remotely keyed encryption with Java cards: a secure and efficient method to encrypt multimedia streams , 2000, 2000 IEEE International Conference on Multimedia and Expo. ICME2000. Proceedings. Latest Advances in the Fast Changing World of Multimedia (Cat. No.00TH8532).

[55]  Heon Young Yeom,et al.  Provenance security guarantee from origin up to now in the e-Science environment , 2011, J. Syst. Archit..

[56]  Relatore,et al.  Analyzing Causes of Privacy Mismatches in Service Oriented Architecture , 2010 .

[57]  Bülent Tavli,et al.  The impact of one-time energy costs on network lifetime in wireless sensor networks , 2009, IEEE Communications Letters.

[58]  Paul T. Groth,et al.  Security Issues in a SOA-Based Provenance System , 2006, IPAW.

[59]  Christopher Krügel,et al.  A survey on automated dynamic malware-analysis techniques and tools , 2012, CSUR.

[60]  Ian D. Watson,et al.  An Introduction to Case-Based Reasoning , 1995, UK Workshop on Case-Based Reasoning.

[61]  Stéphane Badel,et al.  ARMADILLO: A Multi-purpose Cryptographic Primitive Dedicated to Hardware , 2010, CHES.

[62]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[63]  Michael Scott,et al.  On the application of pairing based cryptography to wireless sensor networks , 2009, WiSec '09.

[64]  William Millan,et al.  Constructing Secure Hash Functions by Enhancing Merkle-Damgård Construction , 2006, ACISP.

[65]  Frank Gens,et al.  Cloud Computing Benefits, risks and recommendations for information security , 2010 .

[66]  Laurent Bussard,et al.  Privacy for Service Oriented Architectures , 2011, Privacy and Identity Management for Life.

[67]  Herbert Bos,et al.  Argos: an emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation , 2006, EuroSys.

[68]  C. Andersson,et al.  Trust in PRIME , 2005, Proceedings of the Fifth IEEE International Symposium on Signal Processing and Information Technology, 2005..

[69]  Blair Dillaway,et al.  Abductive Authorization Credential Gathering , 2009, 2009 IEEE International Symposium on Policies for Distributed Systems and Networks.

[70]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[71]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[72]  Stefan A. Brands,et al.  Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy , 2000 .

[73]  Yogesh L. Simmhan,et al.  The Open Provenance Model core specification (v1.1) , 2011, Future Gener. Comput. Syst..

[74]  Ronny Seiger,et al.  SecCSIE: A Secure Cloud Storage Integrator for Enterprises , 2011, 2011 IEEE 13th Conference on Commerce and Enterprise Computing.

[75]  Naranker Dulay,et al.  Consent-Based Workflows for Healthcare Management , 2008, 2008 IEEE Workshop on Policies for Distributed Systems and Networks.

[76]  Tal Garfinkel,et al.  Understanding data lifetime via whole system simulation , 2004 .

[77]  Colin Potts,et al.  Privacy practices of Internet users: Self-reports versus observed behavior , 2005, Int. J. Hum. Comput. Stud..

[78]  Henri Gilbert The Security of "One-Block-to-Many" Modes of Operation , 2003, FSE.

[79]  John P. Steinberger,et al.  Constructing Cryptographic Hash Functions from Fixed-Key Blockciphers , 2008, CRYPTO.

[80]  Sabrina De Capitani di Vimercati,et al.  A privacy-aware access control system , 2008, J. Comput. Secur..

[81]  Sanjeev Khanna,et al.  Data Provenance: Some Basic Issues , 2000, FSTTCS.

[82]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[83]  Z. Meral Özsoyoglu,et al.  Distance-based indexing for high-dimensional metric spaces , 1997, SIGMOD '97.

[84]  John P. Steinberger,et al.  Security/Efficiency Tradeoffs for Permutation-Based Hashing , 2008, EUROCRYPT.

[85]  Kevin T. Phelps,et al.  Coding Theory and Cryptography : The Essentials , 2022 .

[86]  Laurent Bussard,et al.  A Practical Generic Privacy Language , 2010, ICISS.

[87]  Oliver Günther,et al.  Privacy in e-commerce: stated preferences vs. actual behavior , 2005, CACM.

[88]  Anja Lehmann,et al.  A Modular Design for Hash Functions: Towards Making the Mix-Compress-Mix Approach Practical , 2009, ASIACRYPT.

[89]  John Sören Pettersson,et al.  Making PRIME usable , 2005, SOUPS '05.

[90]  Luc Moreau,et al.  Securing Provenance-Based Audits , 2010, IPAW.

[91]  Martín Abadi,et al.  Unified Declarative Platform for Secure Netwoked Information Systems , 2009, 2009 IEEE 25th International Conference on Data Engineering.

[92]  Galen C. Hunt,et al.  Detours: binary interception of Win32 functions , 1999 .

[93]  Agnar Aamodt,et al.  Case-Based Reasoning: Foundational Issues, Methodological Variations, and System Approaches , 1994, AI Commun..

[94]  François-Xavier Standaert,et al.  On the Energy Cost of Communication and Cryptography in Wireless Sensor Networks , 2008, 2008 IEEE International Conference on Wireless and Mobile Computing, Networking and Communications.

[95]  Wenke Lee,et al.  Ether: malware analysis via hardware virtualization extensions , 2008, CCS.

[96]  Christopher Krügel,et al.  PiOS: Detecting Privacy Leaks in iOS Applications , 2011, NDSS.

[97]  Sudha Ram,et al.  Understanding the Semantics of Data Provenance to Support Active Conceptual Modeling , 2006, Active Conceptual Modeling of Learning.

[98]  Yael Tauman Kalai,et al.  Improved Online/Offline Signature Schemes , 2001, CRYPTO.

[99]  Andrew D. Gordon,et al.  SecPAL: Design and semantics of a decentralized authorization language , 2010, J. Comput. Secur..

[100]  Joos Vandewalle,et al.  Hash Functions Based on Block Ciphers: A Synthetic Approach , 1993, CRYPTO.

[101]  Karin Bernsmed,et al.  Learning Privacy Preferences , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[102]  Marianne Winslett,et al.  The Case of the Fake Picasso: Preventing History Forgery with Secure Provenance , 2009, FAST.

[103]  David Brumley,et al.  AEG: Automatic Exploit Generation , 2011, NDSS.

[104]  Wouter Joosen,et al.  Integrating Patient Consent in e-Health Access Control , 2011, Int. J. Secur. Softw. Eng..

[105]  Heng Yin,et al.  Dynamic Spyware Analysis , 2007, USENIX Annual Technical Conference.

[106]  John P. Steinberger,et al.  Message Authentication Codes from Unpredictable Block Ciphers , 2009, CRYPTO.

[107]  Amit Vasudevan,et al.  SPiKE: engineering malware analysis tools using unobtrusive binary-instrumentation , 2006, ACSC.

[108]  Margo I. Seltzer,et al.  Provenance for the Cloud , 2010, FAST.

[109]  Margo I. Seltzer,et al.  Securing Provenance , 2008, HotSec.

[110]  Marianne Winslett,et al.  Preventing history forgery with secure provenance , 2009, TOS.

[111]  Swarat Chaudhuri,et al.  A Study of Android Application Security , 2011, USENIX Security Symposium.

[112]  Sabrina De Capitani di Vimercati,et al.  Minimizing Disclosure of Private Information in Credential-based Interactions: A Graph-based Approach , 2010, 2010 IEEE Second International Conference on Social Computing.

[113]  Raghav Kaushik,et al.  Efficient exact set-similarity joins , 2006, VLDB.

[114]  Griet Verhenneman,et al.  Consent, an instrument for patient empowerment? , 2010 .

[115]  Xin Wang MPEG-21 Rights Expression Language: Enabling Interoperable Digital Rights Management , 2004, IEEE Multim..

[116]  José María Sierra,et al.  An Energy-Efficient Symmetric Cryptography Based Authentication Scheme for Wireless Sensor Networks , 2010, WISTP.

[117]  Margo I. Seltzer,et al.  Provenance as first class cloud data , 2010, OPSR.

[118]  David England,et al.  Designing interaction for the cloud , 2011, CHI EA '11.

[119]  Sanjeev Khanna,et al.  On provenance and privacy , 2010, ICDT '11.

[120]  Naranker Dulay,et al.  Shared and Searchable Encrypted Data for Untrusted Servers , 2008, DBSec.

[121]  Amit Vasudevan,et al.  Stealth breakpoints , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[122]  Berk Sunar,et al.  Cryptography on a Speck of Dust , 2007, Computer.

[123]  Amit Vasudevan,et al.  Cobra: fine-grained malware analysis using stealth localized-executions , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[124]  Giovanni Vigna,et al.  Detecting malicious JavaScript code in Mozilla , 2005, 10th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS'05).

[125]  P. Johnson-Laird,et al.  Mental Models: Towards a Cognitive Science of Language, Inference, and Consciousness , 1985 .

[126]  Roger Clarke,et al.  Viewpoint Paper: e-Consent: The Design And Implementation of Consumer Consent Mechanisms in an Electronic Environment , 2004, J. Am. Medical Informatics Assoc..

[127]  Sawan Kumar,et al.  Ensuring data storage security in Cloud Computing , 2009, 2009 17th International Workshop on Quality of Service.