Showing papers in "Computers & Security in 2006"

TL;DR: There is considerable work to be undertaken before RFID becomes as pervasive as bar codes although the tempo of change is increasing rapidly.

TL;DR: The general architecture of SCADA networks and the properties of some of the commonly used SCADA communication protocols are described and the general security threats and vulnerabilities in these networks are discussed followed by a survey of the research challenges facingSCADA networks.

TL;DR: The objective of this paper is to report on the development of a prototype model for measuring information security awareness in an international mining company.

TL;DR: This paper characterizing the Fourth Wave - that of Information Security Governance - is characterized.

TL;DR: This paper argues that these two important policy documents should be explicitly and carefully aligned to ensure that the outcomes of strategically important information system initiatives are not compromised by problems with their security.

TL;DR: The study reveals some significant areas of difficulty, with many standard security features presenting apparent usability challenges for large proportions of the respondents, highlighting the need for a more considered approach towards the presentation of security functionality if users are to have a realistic chance of protecting themselves.

TL;DR: A remote user authentication scheme using the properties of bilinear pairings is presented, which prohibits the scenario of many logged in users with the same login-ID, and provides a flexible password change option to the registered users without any assistance from the remote system.

TL;DR: The RT-UNNID system is introduced, capable of intelligent real-time intrusion detection using unsupervised neural networks, and its approach is evaluated using 27 types of attack, and observed 97% precision using ART nets, and 95% Precision using SOM nets.

TL;DR: This paper presents an Information Security Governance model based on the Direct-Control Cycle which, in its simplest form, 'prescribes' and 'checks'.

TL;DR: This paper provides a framework that classifies these approaches to electronic voting and defines a set of metrics under which their properties can be compared and reveals important differences in security properties between the classes.

TL;DR: An overview of current and potential future spam filtering approaches is provided, and a case study of heuristic and Bayesian filtering techniques is presented to demonstrate and evaluate the effectiveness of these popular techniques.

TL;DR: Average H of abnormal traffic usually tends to be significantly smaller than that of normal one at the protected site, which is demonstrated with test data provided by MIT Lincoln Laboratory and explained from a view of Fourier analysis.

TL;DR: A detailed management framework along with a complete structured methodology that contains best practices and recommendations for appropriately handling a security incident is proposed.

TL;DR: It was shown that the commercial and government sectors experience different types of attacks, with differenttypes of impact, stemming from different sources, in relation to the benefits of standardization, reporting, and sharing of cyber incident information.

TL;DR: Two methods, namely, the Hidden Markov Models (HMM) method and the Self Organizing Maps (SOM) method, are presented to profile normal program behavior for anomaly intrusion detection based on computer audit data to show good detection performance and high computational expense.

TL;DR: This paper shows how the mandatory access control (MAC) model can be extended to incorporate the notion of location and how this location information can be used to determine whether a subject has access to a given object.

TL;DR: In the age of real-time accounting andreal-time communication current audit practices, while effective, often provide audit results long after fraud and/or errors have occurred.

TL;DR: Implementation and performance plus load testing show the adaptability of the proposed honeypot-based approach and its effectiveness in reducing the probability of attacks on production computers.

TL;DR: The objective of this paper is to propose an idea called APF (Authentication Processing Framework) as one of the ways to deter the growing concerns of unauthorized readers from accessing the tag (transponder) which could result into the violations of information stored in the tag.

TL;DR: This paper cryptanalyze Yang's protocol and presents the DoS attack, and proposes a Secure Identification and Key agreement protocol with user Anonymity (SIKA) that overcomes the above limitation while achieving security features like identification, authentication, key agreement and user anonymity.

TL;DR: A novel methodology is presented that illustrates how games (such as Chess, Backgammon, Go, etc.) can be used to hide digital contents in Go games, and some of its possible advantages and limitations when compared with other techniques are looked at.

TL;DR: This paper proposes a self-evaluation exercise (based on best practices) for boards of companies to be used to determine whether due care has indeed been applied to protect information resources.

TL;DR: This paper develops a mathematical approach to risk management based on Kaplan-Meier and Nelson-Aalen non-parametric estimators of the probability distributions needed for using the resulting quantitative risk management tools.

TL;DR: A context-aware access control architecture is presented, in order to support fine-grained authorizations for the provision of e-services, based on an end-to-end web services infrastructure that conform to the OPC XML-DA specification.

TL;DR: This work preserves all the advantages of Juang's scheme but also improves its efficiency, and proposes another similar scheme to improve the weakness.

TL;DR: This paper shows how collisions can be obtained in such incremental hash functions that are based on pair block chaining, highlighting that more caution should be taken into its design process.

TL;DR: The principal security issues for protecting mobile ad hoc networks at the data link and network layers are investigated and the design criteria for creating secure ad hoc Networks using multiple lines of defence against malicious attacks are discussed.

TL;DR: A fast and efficient system for analyzing alerts that was able to reduce the numerous redundant alerts 5.5% of the original volume without distorting the meaning through two-phase reduction and reduces the management overhead drastically and makes the analysis and correlation easy.

TL;DR: An attempt to evaluate known security patterns based on how well they follow each principle, how best they encounter with possible problems in building secure software and for which of the threat categories they do take care of is performed.

TL;DR: A quantitative survey method is proposed for evaluating ISO 17799 compliance and it is shown that the survey method gives accurate compliance results in a short time with minimized cost.