Skip to main content

2011 | Buch

Secure and Trust Computing, Data Management, and Applications

STA 2011 Workshops: IWCS 2011 and STAVE 2011, Loutraki, Greece, June 28-30, 2011. Proceedings

herausgegeben von: Changhoon Lee, Jean-Marc Seigneur, James J. Park, Roland R. Wagner

Verlag: Springer Berlin Heidelberg

Buchreihe : Communications in Computer and Information Science

insite
SUCHEN

Über dieses Buch

This book constitutes the refereed proceedings of two workshops held in conjunction with the 8th FIRA International Conference on Secure and Trust Computing, Data Management, and Applications, STA 2011, in Crete, Greece, in June 2011. STA 2011 is the first conference after the merger of the successful SSDU, UbiSec, and TRUST symposium series previously held from 2006 until 2010 in various locations. The 14 full papers of the IWCS 2011 and 10 papers of the STAVE 2011 workshop were carefully reviewed and individually selected from the lectures given at each workshop. The International Workshop on Convergence Security in Pervasive Environments, IWCS 2011, addresses the various theories and practical applications of convergence security in pervasive environments. The International Workshop on Security & Trust for Applications in Virtualized Environments, STAVE 2011, shows how current virtualization increases the sharing of compute, network and I/O resources with multiple users and applications in order to drive higher utilization rates, what replaces the traditional physical isolation boundaries with virtual ones.

Inhaltsverzeichnis

Frontmatter
Analysis of the Similarities in Malicious DNS Domain Names
Abstract
This paper presents results of studies on similarities in the construction of malicious DNS domain names. Based on sets of malicious domain names (or URLs, where only mnemonic host names are taken into account) a prototype tool searches for formulated similarities in the construction of malicious domains. A key research task was to find features of similarity which could be useful in the detection of malicious behavior. Research results can be used as an additional characteristic of existing heuristic methods for determining the malicious character of domains or websites. They could also be used as a hint for specialists to take a closer look at domains which are similar to other malicious domains.
Krzysztof Lasota, Adam Kozakiewicz
Time Validity in Role-Based Trust Management Inference System
Abstract
The topic of this paper is RT T , a language from the family of Role-based Trust management (RT) languages, which is used for representing security policies and credentials in distributed large scale access control systems. A credential provides information about the privileges of users and the security policies issued by one or more trusted authorities. RT languages combine trust management and Role Based Access Control features. RT T provides manifold roles to express threshold and separation of duties policies. A manifold role defines sets of entities whose cooperation satisfies the manifold role. The goal of this paper is introduction of time validity constraints to show how that can make RT T language more realistic. The core part of the paper describes a sound and complete inference system, in which credentials can be derived from an initial set of credentials using a set of inference rules.
Anna Felkner, Adam Kozakiewicz
Vaudenay’s Privacy Model in the Universal Composability Framework: A Case Study
Abstract
At ASIACCS’09, Bringer et al. introduced different Zero-Knowledge (ZK) identification protocols which respect privacy. To do so, they give a generic technique to increase the privacy of existing ZK schemes. As an application, they transform the Girault-Poupard-Stern (GPS) scheme to get new protocols. Their proofs rely on the privacy model of Vaudenay. We here want to examine the validity of their results in the more general framework of the Universal Composability (UC). This is relevant considering that Contactless Devices (CLDs) seem to be the first target for implementing these protocols. More precisely, we here transpose Vaudenay’s privacy model in the UC framework, and we show how to modify the Randomized Hashed GPS scheme in order to obtain a secure protocol in the UC framework.
Hervé Chabanne, Céline Chevalier
Mining Frequent Items in OLAP
Abstract
On-line analytical (OLAP) is a data summarization and aggregation tool that helps simplify data analyzing where containing in the data warehouse. However, OLAP is some different with data mining tools, which discover the implicit patterns and interesting knowledge in large amount of databases. In this study, we propose to translate the frequent pattern tree structure into the 3-D multidimensional data structure. The frequent pattern tree is used for generating compact set of frequent patterns, so the 3-D multidimensional data structure, which is converted by FP-tree is only storage the frequent patterns. And then import the multidimensional data structure into the OLAP tool to discover the interesting knowledge. The efficiency is in three aspects: (1) because the frequent pattern tree is mining the complete set of frequent patterns that helps only analyzing the meaningful patterns in data warehouse. (2) It integrates OLAP with data mining and mining knowledge in multidimensional databases.
Ling Jin, Ji Yeon Lim, Iee Joon Kim, Kyung Soo Cho, Seung Kwan Kim, Ung Mo Kim
Trust Building and Management for Online File Storage Service
Abstract
This paper introduces a series of methodologies not only to evaluate, monitor and predict the performance of Online File Storage Service but also to advance robustness of trust management system. Firstly, the approaches of evaluating attributes of Online File Storage Service are proposed. Afterwards, in order to reduce vulnerability of the basic trust model, a novel detection mechanism named Baseline Sampling is proposed. Finally, a simulation is designed to assess the vulnerability of the basic model and evaluate the efficiency of the detection technique. Results indicate that with the assistance of Baseline Sampling the deviation of trust value caused by malicious behavior is controlled in a reasonable range.
Huiying Duan
Digital Trails Discovering of a GPS Embedded Smart Phone - Take Nokia N78 Running Symbian S60 Ver 3.2 for Example
Abstract
As mobile computing devices becomes pervasive, more and more civilians deposit precious information in mobile phones than desk top PCs especially for Global Logistics Management operators, who heavily depend on Global Position System in order to effectively and efficiently fulfill just-in-time delivery. In this paper, an embedded Global Position System smart phone was applied to travel along the roads trying to disclose the associate digital evidences concerning the locations that the current user had actually been or wish to go via data mining technology. From digital forensics point of view, digital evidences essentially play a critical and decisive role in some cybercriminal or cyber terrorism cases although the diversities of mobile phones and the corresponding operating systems. The paper provides the generic guides and methodologies for the law enforcement agencies or the digital forensics specialists to ponder when they deal with the similar cases.
Hai-Cheng Chu, Li-Wei Wu, Hsiang-Ming Yu, Jong Hyuk Park
Opinion Mining in MapReduce Framework
Abstract
Presently, many researching fields are crossed and mashed up to each fields, however, some of computer science fields cannot be solved by technique only. Opinion mining sometimes needs a solution from other fields, too. For example, we use a method from psychology to gain information from text about users. Likewise, we suggested a new method of opinion mining which is using MapReduce before, and this method also uses a WordMap which is dictionary-like. WordMap just has information of category and value of word. If we use a novel method of Opinion mining, it could be mining opinion from web more powerful than before. Therefore, for stronger opinion mining, we suggest a framework of Opinion mining in MapReduce.
Kyung Soo Cho, Ji Yeon Lim, Jae Yeol Yoon, Young Hee Kim, Seung Kwan Kim, Ung Mo Kim
Towards an Open Framework for Mobile Digital Identity Management through Strong Authentication Methods
Abstract
Mobile computing becoming a widespread working tool, and a large scale deployed technology, it should be strong enough to meet basic security expectations. Privacy in a mobile environment should be driven by the choice of appropriate identity management mechanisms, that will have a large impact on different aspects of daily life. But people being unable to spend all their time administering their digital identities, the implementation of mobile identity management technologies has become a top priority for involved companies, in order to protect their customers against fraudsters. Today, identity management and strong authentication are converging, since provided solutions encompass user access, signing and verification of users and transactions, through strong authentication. Although, simply using strong authentication will not resolve all mobile digital identity requirements from a security viewpoint; our objective is to propose an extensible protocol based on an independent architectural model that provides a foundation for user-centric identity management.
Brahim En-Nasry, Mohamed Dafir Ech-Cherif El Kettani
Deterministic Data Binding for Dynamic Service Compositions
Abstract
Dynamic web service composition is an important issue that needs to be solved to construct a service-oriented computing environment. Although there have been many researches on service compositions on the server side, this paper focuses on developing client systems that support a dynamic service environment and client side service composition. Moreover, we propose the concept of deterministic data binding from repeated output data to the input parameters of another method. For a given set of data mappings between services, we investigate a binding condition from the current context and discuss the generation of user interface-context popup menus. The proposed method allows users to control data and service composition using a simple and convenient interface. We present a historical tourism service using the proposed approach.
Eunjung Lee, Hyung-Ju Joo, Kyong-Jin Seo
Integration Retrieval of History Data and Sensing Information Using SGLN Code in Extended RFID Application
Abstract
The current logistics system is constructed considering only one environment. For example, if the tag is attached to the item, the user can manage only historical data of the item. However, the user demands various kinds of data such as location data or condition data of item, it is impossible for the existing system to process this kind of data. Due to the various requirements of the user, the logistic environment becoming complicated and various devices will be needed from processing complicated logistics environment. For example, GPS device is used for getting outdoor location information of item and Passive Tag is used for getting indoor location information. Also, sensor node or sensor tag is used for sensing condition of item or surroundings. However, when the user queries the system, the tables of the data created from various devices must be joined. In this time, because of join, the problem of performance can occur. For solving this problem, this paper proposes method that agrees with the representations of join field using SGLN code.
Seungwoo Jeon, Gihong Kim, Bonghee Hong, Joonho Kwon
Real-Time Quantity Inspection Method for Moving Tags in RFID Middleware
Abstract
Huge amount of goods passes to the customers, which are produced in factories or packaged by the box in wholesalers. At this time, if does not inspect the exactly number of products in the box while packaging, high cost is occurred by the incident. That is scarce number of products in the box. This means that cost and time waste increases in the logistics. In order to efficiently inspect the exact number of products in the box, in this paper, a technique is suggested to inspect number of products using RFID system which includes RFID Tags, Reader and Middleware. Furthermore, this paper contains a study on the method to inspect the number of products. It overcomes the weak points of the existing methods.
Goo Kim, Wooseok Ryu, Bonghee Hong, Joonho Kwon
An Improved Active Learning in Unbalanced Data Classification
Abstract
This paper is concerned with the unbalanced classification problem which occurs when there are significantly less number of observations of the target concept. The standard machine learning algorithms yield better prediction performance with balanced datasets. However, in real application, it is quite common to have unbalanced dataset with a certain class of interest having very small size. It will be problematic since the algorithm might predict all the cases into majority classes without loss of overall accuracy. In this paper, we propose an efficient way of selecting informative for active learning which does not necessitate a search through the entire dataset and allows active learning to be applied to very large datasets. Experimental results show that the proposed method decreases the prediction error of minority class significantly with increasing the prediction error or majority class a little bit.
Woon Jeung Park
A Study on Aircraft Position Calculation Algorithm in Compliance with the Wind Parameter
Abstract
Aircraft’s position calculation is basic work for Trajectory modeling, conflict detection and air traffic flow management. This paper proposes a novel algorithm based vincenty’s formulas for aircraft position calculation calculation, which is combined with the vincenty’s formulas. We demonstrated through simulations with wind parameter and experimental results show that our aircraft position calculation exhibits much better performance in accuracy.
Dong-Hwa Park, Hyo-Dal Park
For Aviation Security Using Surveillance System
Abstract
As the national airspace system grows increasingly interconnected to partners and customers both within and outside the Rep. of Korea government, the danger of cyber-attacks on the system is increasing. Because of low-cost computer technology and easier access to malware, or malicious software code, it is conceivable for individuals, organized crime groups, terrorists, and nation-states to attack the Rep. of Korea air transportation system infrastructure.[4] An apparatus and a method for processing image information are provided. The apparatus for processing image information includes an image capturing device and an image information server for receiving and storing an image captured by the image capturing device and adds information on the image capturing device and signature information to image data obtained by the image capturing device. Accordingly, the device information and the signature information can be added to the image data obtained by the image capturing device to maintain security of the image data and use the image data as digital proof when a specific event is generated.
Deok Gyu Lee, Jong Wook Han
An Efficient Intrusion Detection Scheme for Wireless Sensor Networks
Abstract
As a hot issue, wireless sensor network have gained widely attention. WSNs in general and in nature are unattended and physically reachable from the outside world, they could be vulnerable to physical attacks in the form of node capture or node destruction. These forms of attacks are hard to protect against and require intelligent prevention methods. It is necessary for WSNs to have security measures in place as to prevent an intruder from inserting compromised nodes in order to decimate or disturb the network performance. In this paper we present an intrusion detection algorithm for wireless sensor networks which does not require prior knowledge of network behavior or a learning period in order to establish this knowledge. We have taken a more practical approach and constructed this algorithm with small to middle-size networks in mind, like home or office networks. The proposed algorithm is also dynamic in nature as to cope with new and unknown attack types. This algorithm is intended to protect the network and ensure reliable and accurate aggregated sensor readings. Theoretical simulation results in three different scenarios indicate that compromised nodes can be detected with high accuracy and low false alarm probability.
Chunming Rong, Skjalg Eggen, Hongbing Cheng
Policy Based Management for Security in Cloud Computing
Abstract
Cloud computing is one of the biggest trends in information technology, with individuals, companies and even governments moving towards their use to save costs and increase flexibility. Cloud infrastructures are typically based on virtualised environments, to allow physical infrastructure to be shared by multiple end users. These infrastructures can be very large and complex, with many end users, making their configuration difficult, error-prone and time-consuming. At the same time, the fact that diverse end users share the same physical infrastructure raises security concerns, and can lead to a significant impact from misconfiguration or being slow to react to attacks. In this paper, we focus on the use of Policy Based Management techniques to manage cloud infrastructure, identifying the requirements, surveying the state-of-the-art, identifying the challenges and proposing potential solutions.
Adrian Waller, Ian Sandy, Eamonn Power, Efthimia Aivaloglou, Charalampos Skianis, Antonio Muñoz, Antonio Maña
Management of Integrity-Enforced Virtual Applications
Abstract
The security of virtualization platforms can be improved by applying trusted computing mechanisms such as enforcing the integrity of the hypervisor. In this paper we build on a recently proposed platform that extends this trust on to applications and services. We describe a process that covers the fully integrity-enforcing life-cycle of a trusted virtual application. Our architecture allows applications the safe transition between trusted states, even in case of updates of the hypervisor. We also detail the technical realization in our prototype implementation.
Michael Gissing, Ronald Toegl, Martin Pirker
Enhancing Accountability in the Cloud via Sticky Policies
Abstract
This paper introduces and discusses a data management solution to provide accountability within the cloud as well as addressing privacy issues. The central idea is as follows. Customers allow cloud (service) providers to have access to specific data based on agreed policies and by forcing interactions with interchangeable independent third parties called Trust Authorities. The access to data can be as fine-grained as necessary, based on policy definitions, underlying encryption mechanisms (supporting the stickiness of policies to the data) and a related key management approach that allows (sets of) data attribute(s) to be encrypted specifically based on the policy. Access to data is mediated by a Trust Authority that checks for compliance to policies in order to release decryption keys. By these means users can be provided with finegrained control over access and usage of their data within the cloud, even in public cloud models.
Siani Pearson, Marco Casassa Mont, Gina Kounga
Enhancement of Critical Financial Infrastructure Protection Using Trust Management
Abstract
Providing protection to the financial infrastructure in the face of faults and malevolent attacks is vital to the stability, availability, and continuity of key financial markets and businesses worldwide. Traditional protection approaches have focused on protecting individual financial institutions (FIs) while ignoring the threats arising from cross-domain interactions as well as those originating from other critical infrastructures. With the growing complexity of inter-organisational boundaries and their increasing interdependence, such isolated approaches are no longer adequate. However, sharing information between FIs relating to critical events and the reliance on others’ quality of service attributes such as security requires varying levels of trust between them depending on the requirements of each individual FI and the sensitivity of exchanged information. This paper describes a trust management system developed to allow the evaluation, monitoring, and management of trustworthiness levels of FIs exchanging critical events and information. Trustworthiness levels are used to assure FIs of the reliability of each other and to filter events and data being processed. The system introduces a novel reusable architecture that allows flexibility and extensibility of trust metrics and trust algorithms.
Hisain Elshaafi, Jimmy McGibney, Barry Mulcahy, Dmitri Botvich
Towards Natural-Language Understanding and Automated Enforcement of Privacy Rules and Regulations in the Cloud: Survey and Bibliography
Abstract
In this paper we survey existing work on automatically processing legal, regulatory and other policy texts for the extraction and representation of privacy knowledge and rules. Our objective is to link and apply some of these techniques to policy enforcement and compliance, to provide a core means of achieving and maintaining customer privacy in an enterprise context, particularly where data is stored and processed in cloud data centres. We sketch our thoughts on how this might be done given the many different, but so far strictly distinct from one another, approaches to natural-language analysis of legal and other prescriptive texts, approaches to knowledge extraction, semantic representation, and automated enforcement of privacy rules.
Nick Papanikolaou, Siani Pearson, Marco Casassa Mont
Secure Workstation for Special Applications
Abstract
The paper presents the recently started project which aims to develop a secure environment for processing of restricted information. The solution being developed by the consortium employs virtualization to allow data from different security domains to be processed on the same physical machine. The system can host Windows and Linux systems as secured guest operating systems. The proposed implementation offers advanced user authentication techniques and cryptographic protection. The project is expected to reach technology demonstrator phase in late 2012.
Adam Kozakiewicz, Anna Felkner, Janusz Furtak, Zbigniew Zieliński, Marek Brudka, Marek Małowidzki
Dynamic Security Monitoring and Accounting for Virtualized Environments
Abstract
In this paper we present the design of an architecture for dynamic security monitoring and enforcement, based on software protection scheme, for client software running in Virtualized Environments. Monitoring mechanisms check a set of policy-defined conditions at runtime to detect threats or anomalous behaviour. Enforcement will be achieved using secure software execution methods that comply with the policies defined. The architecture presented allows for context adaptation of the policies defined using the language defined in PASSIVE. The automatic runtime enforcement of these policies is crucial to achieve real security in virtualized platforms.
Antonio Muñoz, Rajesh Harjani, Antonio Maña, Rodrigo Díaz
Cryptography Goes to the Cloud
Abstract
In this paper we identify some areas where cryptography can help a rapid adoption of cloud computing. Although secure storage has already captured the attention of many cloud providers, offering a higher level of protection for their customer’s data, we think that more advanced techniques such as searchable encryption and secure outsourced computation will become popular in the near future, opening the doors of the Cloud to customers with higher security requirements.
Isaac Agudo, David Nuñez, Gabriele Giammatteo, Panagiotis Rizomiliotis, Costas Lambrinoudakis
Identity Management Challenges for Intercloud Applications
Abstract
Intercloud notion is gaining a lot of attention lately from both enterprise and academia, not only because of its benefits and expected results but also due to the challenges that it introduces regarding interoperability and standardisation. Identity management services are one of the main candidates to be outsourced into the Intercloud, since they are one of the most common services needed by companies and organisations. This paper addresses emerging identity management challenges that arise in intercloud formations, such as naming, identification, interoperability, identity life cycle management and single sign-on.
David Núñez, Isaac Agudo, Prokopios Drogkaris, Stefanos Gritzalis
Backmatter
Metadaten
Titel
Secure and Trust Computing, Data Management, and Applications
herausgegeben von
Changhoon Lee
Jean-Marc Seigneur
James J. Park
Roland R. Wagner
Copyright-Jahr
2011
Verlag
Springer Berlin Heidelberg
Electronic ISBN
978-3-642-22365-5
Print ISBN
978-3-642-22364-8
DOI
https://doi.org/10.1007/978-3-642-22365-5