The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Random key graphs form a class of random graphs naturally associated with the random key predistribution scheme of Eschenauer and Gligor. We compute the clustering coefficients of random key graphs, and then compare them with Erdos-Renyi graphs in the many node regime when the expected average degrees are asymptotically equivalent. On the parameter range of practical relevance in wireless sensor networks,...
Random key graphs are random graphs induced by the random key predistribution scheme of Eschenauer and Gligor under the assumption of full visibility. For this class of random graphs we show the existence of a zero-one law for the appearance of triangles, and identify the corresponding critical scaling. This is done by applying the method of first and second moments to the number of triangles in the...
Security views are a flexible and effective mechanism for controlling access to confidential information. Rather than allowing untrusted users to access source data directly, they are instead provided with are restricted view, from which all confidential information has been removed. The program that generates the view effectively embodies a confidentiality policy for the underlying source data. However,...
In this paper, we define and illustrate a new form of attack in the context of software services: the software-based need-to-know (SN2K) attack. SN2K attacks can be carried out by dishonest provider of a software service so that it can maliciously gain access to sensitive information, even if the service does {\em not need to know} such data in order to compute the functionalities offered by it. We...
In this paper we analyze a class of n-person supermodular games that arise in the context of interdependent security analysis. More specifically, we quantify the number and the distribution of Nash equilibria in pure strategies and their impact on the tipping set.
In peer-to-peer (P2P) systems, peers often must interact with unknown or unfamiliar peers without the benefit of trusted third authorities to mediate the interactions. A peer will need reputation mechanisms by self-experiencing and incorporating the knowledge of other peers to decide whether to trust another peer in P2P systems. On the basis of introduction on the trust properties and common problems...
As semantic Web grows, security concerns increase. One concern is controlling accesses to resources in this environment. In order to infer whether the access is allowed or not, different information of different entities including contextual information should be involved. From access control point of view, we divide the entities in semantic Web into three categories: resources (objects), requesters...
Security evaluation according to ISO 15408 (common criteria) is a resource and time demanding activity, as well as being costly. For this reason, only few companies take their products through a common criteria evaluation. To support security evaluation, the European Telecommunications Standards Institute (ETSI) has developed a threat, vulnerability, risk analysis (eTVRA) method for the Telecommunication...
In this position paper we look at the problem of letting the programmer specify what they want to search for. We discuss current approaches and their problems. We propose a semantics-based approach and describe the steps we have taken and the many open questions remaining.
Effective use of the resources in modern collaborative environment suggests their sharing between collaborating organisations and user groups and on-demand provisioning for the specific tasks and projects that may involve distributed resources and users from different administrative and security domains. The proposed in earlier authors' work the general Complex Resource Provisioning (CRP) model provides...
The IP Multimedia Subsystem (IMS) is regarded as one of the most prominent enablers for successful service provisioning across different access network technologies and devices. While new paradigms, e.g. seamless communication, enter the IMS, existing solutions, e.g. for authentication, need to be re-defined, which is one of the major activities within the EUREKA!-funded Mobicome project, involving...
It is difficult to state whether a certain software product is developed securely enough. An evaluation methodology that takes the security assurance methods used during the software development lifecycle into account is one step closer to a solution to this problem. In this paper we discuss our first heuristics for security assurance evaluation that would give guidelines on the trustworthiness of...
An increasingly large number of digital documents, need to be preserved by organizations. Business documents such as various contracts may be of great business value, may only exit in digital form and may need to be preserved for longer periods of times that may span over decades or even centuries. The preservation process should take care of both the integrity and authenticity of digital documents,...
Federation is an identity management model in which various tasks associated with an identity transaction are distributed among the actors involved in the transaction. This model works from the premise that distributing tasks among the actors can achieve usability and privacy advantages for the user, as well as business efficiencies for businesses or applications. Typically, federated identity manifests...
In these uncertain economic times, two key ingredients in short supply are trust and confidence. The concept of trust has been around for many decades (if not centuries) in different disciplines such as business, psychology, and philosophy as well as in technology.
Free riding in peer-to-peer (P2P) networks poses a serious threat to their proper operation. Here, the authors present a variety of approaches developed to overcome this problem. They introduce several unique aspects of P2P networks and discuss free riding's effects on P2P services. They categorize proposed solutions and describe each category's important features and implementation issues together...
Emergence of web services have generated new business models, opportunities and challenges. One of the major challenge faced in effecting utilization of these web services is composition of non functional features such as performance, security and geographical affinity of these services. Existing standards do not address the composition of such non functional features. A formal model based on trace...
Understanding the relationships between requirements is important in order to understand the requirements themselves. Existing requirements management tools mainly use lists, tables, trees, and matrices to visualize requirements and their interrelations. However, all these visualization forms have a limited capability to show multiple relationships of different types. In this paper, we propose to...
Today, personalized services are lucrative for service providers and their customers. With their increasing pervasiveness and interconnection, however, customers show concerns about their privacy. If customers were to refuse the processing of their personal data in general, the economic potential of personalized services could not be realized. We claim that such scepticism is a direct consequence...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.