The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
There is a strong legal and ethical imperative for organisations to protect consumer information privacy. In this paper we present a method called privacy taxonomy-based attack tree analysis (PTATA). PTATA involves the combination of privacy violation taxonomies and attack trees. It assists organisations in protecting information privacy by providing a means to analyze weaknesses in their protective...
In this paper we present a protocol for unlinkable communication, i.e. where an attacker cannot map the sender and receiver node of a communication. Existing anonymity protocols either do not guarantee unlinkability (e.g. Tor and Mix networks), or produce huge overhead -- the dining cryptographers network causes quadratic number of messages. Our protocol needs only a linear number of messages while...
A large amount of versatile services are emerging as home networks and devices are opened for different manufacturers and service developers. With this complexity comes a need to make these services more personalized and secure. However, at the same time, the home network should be easy to manage for non-expert users. In this paper, we propose OpenHouse, a TLS based distributed security architecture...
We introduce multiple-control fuzzy vaults allowing generalized threshold, compartmented and multilevel access structure. The presented schemes enable many useful applications employing multiple users and/or multiple locking sets. Introducing the original single control fuzzy vault of Juels and Sudan we identify several similarities and differences between their vault and secret sharing schemes which...
In this paper, we propose an approach for systematic security hardening of software based on aspect-oriented programming and Gimple language. We also present the first steps towards a formal specification for Gimple weaving together with the implementation methodology of the proposed weaving semantics. The primary contribution of this approach is providing the software architects with the capabilities...
Handheld devices in a pervasive computing environment are prone to security as well as privacy violations, while discovering, sharing and accessing services and contents. Trust models are devised to fight against such violations and breaches. Although initial trust assignment is an important issue in evolving overall trust, a little amount of work has been done in this field so far. In pervasive smart...
Event logs or log files form an essential part of any network management and administration setup. While log files are invaluable to a network administrator, the vast amount of data they sometimes contain can be overwhelming and can sometimes hinder rather than facilitate the tasks of a network administrator. For this reason several event clustering algorithms for log files have been proposed, one...
Mimicry attacks have been the focus of detector research where the objective of the attacker is to generate an attack that evades detection while achieving the attackerpsilas goals. If such an attack can be found, it implies that the target detector is vulnerable against mimicry attacks. In this work, we emphasize that there are two components of a buffer overflow attack: the preamble and the exploit...
The unfair rating problem exists when a buying agent models the trustworthiness of selling agents by also relying on ratings of the sellers from other buyers. Different probabilistic approaches have been proposed to cope with this issue. In this paper, we first summarize these approaches and provide a detailed categorization of them. This includes our own "personalized" approach for addressing...
Knowledge discovery systems extract knowledge from data that can be used for making prediction about incomplete data items. Utility is a measure of the usefulness of the discovered knowledge and satisfaction of the user with that knowledge. We motivate and address the question of usefulness of sanitized data using the notion of utility in data mining systems. For this we measure the success of patterns...
This paper presents a secure and lightweight protocol for reliable data transfer through moderate bandwidth covert channels. Though data transfer through covert channels is not unprecedented, existing covert channels have been restricted to covert transmission of only small amounts of data. This paper demonstrates that it is possible to transmit large amounts of data covertly with sophisticated support...
We give protocols for the secure and private outsourcing of linear algebra computations, that enable a client to securely outsource expensive algebraic computations (like the multiplication of huge matrices) to two remote servers, such that the servers learn nothing about the customer's private input or the result of the computation,and any attempted corruption of the answer by the servers is detected...
Intrusive Web advertising such as pop-ups and animated layer ads, which distract the user from reading or navigating through the main content of Web pages, is being perceived as annoying by an increasing number of users. As a response to the growing amount of extraneous content on today's Web and due to the lack of regulations imposed on abusive advertisers the author discusses the pros and cons of...
Financial services institutions (FSIs) around the globe know they must proactively work toward protecting customer data and thwarting emerging security threats. Deloitte Touche Tohmatsu (DTT), an international firm that provides audit, consulting, and financial advisory services has used its networks and reach to investigate security and privacy issues in FSIs around the world. DTTpsilas first survey...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.