Open Research Problems in Network Security: IFIP WG 11.4 International Workshop, iNetSec 2010, Sofia, Bulgaria, March 5-6, 2010, Revised Selected Papers

This book constitutes the refereed post-conference proceedings of the IFIP WG 11.4 International Workshop, iNetSec 2010, held in Sofia, Bulgaria, in March 2010. The 14 revised full papers presented together with an invited talk were carefully reviewed and selected during two rounds of refereeing. The papers are organized in topical sections on scheduling, adversaries, protecting resources, secure processes, and security for clouds.

[1]  Nick Feamster,et al.  Understanding the network-level behavior of spammers , 2006, SIGCOMM.

[2]  Sandra Steinbrecher,et al.  Jason: A Scalable Reputation System for the Semantic Web , 2009, SEC.

[3]  Cong Wang,et al.  Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[4]  Ken Masica,et al.  Recommended Practices Guide for Securing ZigBee Wireless Networks in Process Control System Environments: Draft , 2007 .

[5]  Frank Gens,et al.  Cloud Computing Benefits, risks and recommendations for information security , 2010 .

[6]  James P. Peerenboom,et al.  Identifying, understanding, and analyzing critical infrastructure interdependencies , 2001 .

[7]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[8]  Joke Kort,et al.  eAdoption and the knowledge economy, issues, applications, case studies , 2004 .

[9]  Makoto Yokoo,et al.  Adopt: asynchronous distributed constraint optimization with quality guarantees , 2005, Artif. Intell..

[10]  David Meyer,et al.  The Generalized TTL Security Mechanism (GTSM) , 2004, RFC.

[11]  Joseph Kee-yin Ng,et al.  Extensions to BGP to Support Secure Origin BGP , 2004 .

[12]  Diego Gambetta Trust : making and breaking cooperative relations , 1992 .

[13]  Donggang Liu,et al.  Location Privacy in Sensor Networks Against a Global Eavesdropper , 2007, 2007 IEEE International Conference on Network Protocols.

[14]  Lynda L. McGhie,et al.  THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT , 2004 .

[15]  Yuval Elovici,et al.  Unknown malcode detection via text categorization and the imbalance problem , 2008, 2008 IEEE International Conference on Intelligence and Security Informatics.

[16]  Lik Mui,et al.  Computational models of trust and reputation: agents, evolutionary games, and social networks , 2002 .

[17]  Philip Turner,et al.  Digital provenance - interpretation, verification and corroboration , 2005, Digit. Investig..

[18]  J. David Irwin,et al.  Using Identity-Based Privacy-Protected Access Control Filter (IPACF) to against denial of service attacks and protect user privacy , 2007, SpringSim '07.

[19]  Yuval Elovici,et al.  Unknown Malicious Code Detection – Practical Issues , 2008 .

[20]  Chris Reed The admissibility and authentication of computer evidence - a confusion of issues , 1990, Comput. Law Secur. Rev..

[21]  Liang Zhang,et al.  Organizational memory: reducing source-sink distance , 1997, Proceedings of the Thirtieth Hawaii International Conference on System Sciences.

[22]  Michael A. Caloyannides Forensics Is So "Yesterday" , 2009, IEEE Security & Privacy.

[23]  Yuval Elovici,et al.  Applying Machine Learning Techniques for Detection of Malicious Code in Network Traffic , 2007, KI.

[24]  Reputation-based Systems: a security analysis , 2007 .

[25]  Mark Solon,et al.  Preparing evidence for court , 2004, Digit. Investig..

[26]  Jin Ho Choi,et al.  Process selection for Business Process Management in a mobile telecommunications company , 2009, Int. J. Inf. Technol. Manag..

[27]  Sandra Steinbrecher,et al.  Privacy and Liveliness for Reputation Systems , 2009, EuroPKI.

[28]  Stephen T. Kent,et al.  Design and analysis of the Secure Border Gateway Protocol (S-BGP) , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[29]  Robert Moskovitch,et al.  Acquisition of Malicious Code Using Active Learning , 2008 .

[30]  Lucas Bergkamp EU Data Protection Policy: The Privacy Fallacy: Adverse Effects of Europe's Data Protection Policy in an Information-Driven Economy , 2002, Comput. Law Secur. Rev..

[31]  Makoto Yokoo,et al.  Algorithms for Distributed Constraint Satisfaction: A Review , 2000, Autonomous Agents and Multi-Agent Systems.

[32]  Ratul Mahajan,et al.  Understanding BGP misconfiguration , 2002, SIGCOMM '02.

[33]  Simon Davies Unprincipled Privacy: Why the Foundations of Data Protection Are Failing us , 2001 .

[34]  Ueli Maurer,et al.  Modelling a Public-Key Infrastructure , 1996, ESORICS.

[35]  Susan Hares,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[36]  Marvin A. Sirbu,et al.  Distributed authentication in Kerberos using public key cryptography , 1997, Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security.

[37]  Sandra Steinbrecher,et al.  Enhancing Multilateral Security in and by Reputation Systems , 2008, FIDIS.

[38]  Patrick D. McDaniel,et al.  Working around BGP: An Incremental Approach to Improving Security and Accuracy in Interdomain Routing , 2003, NDSS.

[39]  Nicholas Hopper,et al.  k-anonymous message transmission , 2003, CCS '03.

[40]  Mihir Bellare,et al.  A Forward-Secure Digital Signature Scheme , 1999, CRYPTO.

[41]  Sebastian Clauß,et al.  Identity management and its support of multilateral security , 2001, Comput. Networks.

[42]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[43]  Yurong Xu,et al.  Providing Anonymity in Wireless Sensor Networks , 2007, IEEE International Conference on Pervasive Services.

[44]  Sajal K. Das,et al.  Privacy preservation in wireless sensor networks: A state-of-the-art survey , 2009, Ad Hoc Networks.

[45]  G. S. V. Radha Krishna Rao,et al.  Web Services Security and E-business , 2006 .

[46]  Elisa Bertino,et al.  Privacy-preserving Digital Identity Management for Cloud Computing , 2009, IEEE Data Eng. Bull..

[47]  E. Friedman,et al.  The Social Cost of Cheap Pseudonyms , 2001 .

[48]  Bart Preneel,et al.  Towards Measuring Anonymity , 2002, Privacy Enhancing Technologies.

[49]  Amanda J. Kearsley Legal admissibility of evidence held in digital form , 1999, Comput. Law Secur. Rev..

[50]  D. Richard Kuhn,et al.  Study of BGP Peering Session Attacks and Their Impacts on Routing Performance , 2006, IEEE Journal on Selected Areas in Communications.

[51]  Raphael C.-W. Phan,et al.  Adversarial Security: Getting to the Root of the Problem , 2010, iNetSec.

[52]  Probert,et al.  A framework for strategic military capabilities in defense transformation , 2006 .

[53]  Sencun Zhu,et al.  Towards event source unobservability with minimum network traffic in sensor networks , 2008, WiSec '08.

[54]  Brian D. Carrier Digital Forensics Works , 2009, IEEE Security & Privacy.

[55]  Constantinos Dovrolis,et al.  Beware of BGP attacks , 2004, CCRV.

[56]  Yuval Elovici,et al.  Unknown malcode detection — A chronological evaluation , 2008, 2008 IEEE International Conference on Intelligence and Security Informatics.

[57]  Marco Voss,et al.  Privacy Preserving Online Reputation Systems , 2004, International Information Security Workshops.

[58]  Eric Ouellet,et al.  Magic Quadrant for Endpoint Protection Platforms , 2013 .

[59]  Thomas F. La Porta,et al.  An Active Global Attack Model for Sensor Source Location Privacy: Analysis and Countermeasures , 2009, SecureComm.

[60]  Adrian Perrig,et al.  Security and Privacy in Sensor Networks , 2003, Computer.

[61]  John Langford,et al.  CAPTCHA: Using Hard AI Problems for Security , 2003, EUROCRYPT.

[62]  Boi Faltings,et al.  Privacy-Preserving Multi-agent Constraint Satisfaction , 2009, 2009 International Conference on Computational Science and Engineering.

[63]  Colin Camerer,et al.  EXPERIMENTAL TESTS OF A SEQUENTIAL EQUILIBRIUM REPUTATION MODEL , 1988 .

[64]  Chanathip Namprempre,et al.  Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm , 2000, Journal of Cryptology.

[65]  Mohammad Heidari Malicious codes in depth Taxonomy of malicious Code , 2004 .

[66]  V. Buskens,et al.  Embedded trust: Control and learning , 2002 .

[67]  Marius-Calin Silaghi,et al.  Asynchronous Search with Aggregations , 2000, AAAI/IAAI.

[68]  Patrick D. McDaniel,et al.  A Survey of BGP Security Issues and Solutions , 2010, Proceedings of the IEEE.

[69]  Mina Guirguis,et al.  Stealthy IP Prefix Hijacking: Don't Bite Off More Than You Can Chew , 2009, GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference.

[70]  Wade Trappe,et al.  Source-location privacy in energy-constrained sensor network routing , 2004, SASN '04.

[71]  Chrysanthos Dellarocas,et al.  The Digitization of Word-of-Mouth: Promise and Challenges of Online Feedback Mechanisms , 2003, Manag. Sci..

[72]  Tim Mather,et al.  Cloud Security and Privacy - An Enterprise Perspective on Risks and Compliance , 2009, Theory in practice.

[73]  George Reese,et al.  Cloud Application Architectures - Building Applications and Infrastructure in the Cloud , 2009 .

[74]  Shouhuai Xu,et al.  Key-Insulated Public Key Cryptosystems , 2002, EUROCRYPT.

[75]  Edmund G. Archuleta,et al.  National Infrastructure Advisory Council's Final Report and Recommendations on the Insider Threat to Critical Infrastructures , 2008 .

[76]  Chrysanthos Dellarocas,et al.  Immunizing online reputation reporting systems against unfair ratings and discriminatory behavior , 2000, EC '00.

[77]  Andy Heffernan,et al.  Protection of BGP Sessions via the TCP MD5 Signature Option , 1998, RFC.

[78]  Fillia Makedon,et al.  Source location privacy against laptop-class attacks in sensor networks , 2008, SecureComm.

[79]  Sencun Zhu,et al.  Towards Statistically Strong Source Anonymity for Sensor Networks , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[80]  Ramesh Govindan,et al.  BGP Route Flap Damping , 1998, RFC.

[81]  Klara Nahrstedt,et al.  Using Data Aggregation to Prevent Traffic Analysis in Wireless Sensor Networks , 2006, DCOSS.

[82]  Srivaths Ravi,et al.  A study of the energy consumption characteristics of cryptographic algorithms and security protocols , 2006, IEEE Transactions on Mobile Computing.

[83]  Matthew Franz,et al.  BGP Vulnerability Testing: Separating Fact from FUD v1.1 , 2004 .

[84]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[85]  John W. Rittinghouse,et al.  Cloud Computing: Implementation, Management, and Security , 2009 .

[86]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[87]  Dawn M. Cappelli,et al.  Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors , 2005 .

[88]  Arturo Ribagorda,et al.  Remotely Telling Humans and Computers Apart: An Unsolved Problem , 2009, iNetSeC.

[89]  Liang Zhang,et al.  Protecting Receiver-Location Privacy in Wireless Sensor Networks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[90]  Sandra Steinbrecher,et al.  Multilateral Secure Cross-Community Reputation Systems for Internet Communities , 2008, TrustBus.

[91]  Matthew K. Franklin,et al.  Intrusion-Resilient Public-Key Encryption , 2003, CT-RSA.

[92]  Jean-Yves Le Boudec,et al.  Nodes bearing grudges: towards routing security, fairness, and robustness in mobile ad hoc networks , 2002, Proceedings 10th Euromicro Workshop on Parallel, Distributed and Network-based Processing.

[93]  Amir Herzberg,et al.  The proactive security toolkit and applications , 1999, CCS '99.

[94]  Robert E. Litan Balancing Costs and Benefits of New Privacy Mandates , 1999 .

[95]  Matthew C. Elder,et al.  Recent worms: a survey and trends , 2003, WORM '03.

[96]  Bruce J. Nikkel Improving evidence acquisition from live network sources , 2006, Digit. Investig..

[97]  Weisong Shi,et al.  Preserving source location privacy in monitoring-based wireless sensor networks , 2006, Proceedings 20th IEEE International Parallel & Distributed Processing Symposium.

[98]  Mukesh Singhal,et al.  Security in wireless sensor networks , 2008, Wirel. Commun. Mob. Comput..

[99]  Gary Hinson Information Security Management Metrics: A Definitive Guide to Effective Security Monitoring and Measurement , 2011 .