The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
We propose a metric for determining whether one version of a system is more secure than another with respcct to a fixed set of dimensions. Rather than count bugs at the code level or count vulnerability reports at the system level, we count a system's attack opportunities. We use this count as an indication of the system's “attackability,” likelihood that it will be successfully attacked. We describe...
In this paper, we first show that traditional IDSs cannot reach the minimal cost design from the auditing viewpoints. Then we propose the definition of design architecture of IDSIC (Intrusion Detection System with Identification Capability ). In IDSIC, its architecture consists of a new detection engine that can examine packet headers, which provide a separability of security auditors and hackers...
In this paper, a DDoS defense scheme is proposed to deploy in routers serving as the default gateways of sub-networks. Each router is configured with the set of IP addresses belonging to monitored sub-networks. By monitoring two-way connections between the policed set of IP addresses and the rest of the Intemet, our approach can effectively identify malicious network flows constituting DDoS attacks,...
Software vulnerabilities can be attributed to inherent bugs in the system. Several types of bugs introduce faults for not conforming to system specifications and failures, including crash, hang, and panic. In our work, we exploit security faults due to crash-type failures. It is difficult to reconstruct system failures after a program has crashed. Much research work has been focused on detecting program...
Web application security remains a major roadblock to universal acceptance of the Web for many kinds of online transactions, especially since the recent sharp increase in remotely exploitable vulnerabilities has been attributed to Web application bugs. In software engineering, software testing is an established and well-researched process for improving software quality. Recently, formal verification...
JPEG2000 is an emerging international standard for still image compression and is becoming the solution of choice for many digital imaging fields and applications. Part 8 of the standard, named JPSEC, is concerned with all the security aspects of JPEG2000 image code-streams, with emphasis presently on access control and authentication. An important aspect of JPEG2000 is its “compress once, decompress many ways”...
Vector quantization (VQ) is an efficient lossy image compression approach based on the principle of block coding. In a VQ system, a host image is transformed into a series of indices. In order to improve the compression rate, switchingtree coding (STC) was designed to encode the output codevector indices. In this paper, we propose a novel lossless hiding scheme. When this scheme is used, information...
Peer-to-peer (P2P ) security has received a lot of attention as of late. Most prior work focused almost entirely on issues related to secure communication, such as key management and peer authentication. However, an important pre-requisite for secure communication — secure peer admission — has been neither recognized nor adequately addressed. Only very recently, some initial work began to make inroads...
Wireless Sensor Networks (WSNs) are formed by a set of small devices, called nodes, with limited computing power, storage space, and wireless communication capabilities. Most of these sensor nodes are deployed within a specific area to collect data or monitor a physical phenomenon. Data collected by each sensor node needs to be delivered and integrated to derive the whole picture of sensing phenomenon...
The clarification of protocol goals and of the assumptions made about the environment protocols are intended for is an important but sometimes underestimated step in protocol design and analysis. Implicit assumptions about the environment can profoundly influence our understanding of security and may mislead us when faced with new challenges. Five case studies will support these claims. Research on...
Consider two organizations that wish to privately match data. They want to find common data elements (or perform a join) over two databases without revealing private information. This was the premise of a recent paper by Agrawal, Evfimievski, and Srikant. We show that Agrawal et al. only examined one point in a much larger problem set and we critique their results. We set the problem in a broader...
We take a closer look at some of the limitations of current analysis approaches, and mention some work and open problems related to expanding their scope.
Password-only authenticated key agreement (or PAKA for short) protocols allow communication parties to mutually authenticate with each other and share an authenticated secret key by only using easy-to-remember passwords. In this paper, we present a point-to-point PAKA protocol (or 2-PAKA for short) based on self-certified approach. The proposed 2-PAKA can be easily generalized to a point-to-multipoint...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.