Showing papers in "Computers & Security in 2009"

TL;DR: The main challenges to be dealt with for the wide scale deployment of anomaly-based intrusion detectors, with special emphasis on assessment issues are outlined.

TL;DR: The results suggest that simply listing what not to do and penalties associated with a wrong doing in the users' information security policy alone will have a limited impact on effective implementation of security measures.

TL;DR: The proposed ID-based remote mutual authentication with key agreement scheme on ECC does not require public keys for users such that the additional computations for certificates can be reduced and not only provides mutual authentication but also supports a session key agreement between the user and the server.

TL;DR: An information security policy process model is developed based on responses from a sample of certified information security professionals that illustrates a general yet comprehensive policy process in a distinctive form not found in existing professional standards or academic publications.

TL;DR: This work describes and analyzes each of the most important and critical security threats that could be applied in a trust and reputation scheme and proposes some recommendations to face them when developing a new Trust and reputation mechanism.

TL;DR: Security practitioners and management should be aware of the multifarious roles of human and organizational factors and CIS vulnerabilities and that CIS vulnerabilities are not the sole result of a technological problem or programming mistake.

TL;DR: A digital divide exists between information security managers and users in terms of their views on and experience of information security practices, resulting in management approaches that are poorly aligned with the dynamics of the users' working day.

TL;DR: This research illustrates the usability-security trade off, where convenience, quality and usability are sacrificed when increasing layers of security are required.

TL;DR: The evolution of information security; where it came from, where it is today and the direction in which it is moving is investigated, enabling the development of a comprehensive view regarding the current status of the information security landscape.

TL;DR: The effectiveness of time-out constraints, distance bounding and the use of a additional verification techniques for making systems relay-resistant are evaluated and the challenges still facing these mechanisms are explained.

TL;DR: It is found that a KDA system can be effective for mobile devices in terms of authentication accuracy and use of artificial rhythms leads to even better authentication performance.

TL;DR: It is found that mistakes in the information processing stage constitute the most cases of human error-related privacy breach incidents, clearly highlighting the need for effective policies and their enforcement in organizations.

TL;DR: It is concluded that although security aspects receive some attention, the provided means generally suffer from usability issues or limitations that would prevent a user from achieving the same level of protection that they might enjoy in the desktop environment.

TL;DR: A wrapper-based feature selection algorithm aiming at building lightweight intrusion detection system by using modified random mutation hill climbing (RMHC) as search strategy to specify a candidate subset for evaluation and using modified linear Support Vector Machines iterative procedure as wrapper approach to obtain the optimum feature subset.

TL;DR: This work proposes a fully distributed public key certificate management system based on trust graphs and threshold cryptography that permits users to issue public key certificates, and to perform authentication via certificates' chains without any centralized management or trusted authorities.

TL;DR: Since the proposed system derives features from packet headers only, like the previous works based on fuzzy association rules, large-scale attack types are focused, and can greatly improve efficiency from offline detection to real-time online detection.

TL;DR: Noxes is presented, which is, to the best of the knowledge, the first client-side solution to mitigate cross-site scripting attacks and effectively protects against information leakage from the user's environment while requiring minimal user interaction and customization effort.

TL;DR: From the observation that each attack type of significance forms a unique pattern, the PCAV program develops nine signatures and their detection mechanism based on an efficient hashing algorithm and can quickly detect new attacks and enable network administrators to intuitively recognize and respond to the attacks.

TL;DR: A comprehensive survey of existing research into account signatures is provided, an innovative account profiling technology which maintains a statistical representation of normal account usage for rapid recalculation in real-time is presented.

TL;DR: This paper examines flooding attacks against VoIP architectures that employ the Session Initiation Protocol (SIP) as their signaling protocol and introduces a new metric, named session distance, in order to provide an effective protection scheme against flooding attacks.

TL;DR: A framework for real-time alert correlation is proposed which incorporates novel techniques for aggregating alerts into structured patterns and incremental mining of frequent structured patterns, and a new algorithm (FSP_Growth) for mining frequent patterns of alerts considering their structures.

TL;DR: A high-level security architecture that captures required features at each boundary-network-element in the VoIP infrastructure is proposed and mechanisms to efficiently integrate information between distributed security components in the architecture are described.

TL;DR: A requirements management framework is proposed that enables executives, business managers, software developers and auditors to distribute legal obligations across business units and/or personnel with different roles and technical capabilities and improves accountability by integrating traceability throughout the policy and requirements lifecycle.

TL;DR: This article believes that phishing is currently the most severe threat facing web users, and reviews recent usability studies, whose results are rather alarming and put in question the ability of users to avoid phishing sites based on security and identification indicators.

TL;DR: Two new steganographic algorithms are proposed utilizing similar histograms and dissimilar histograms, based on selecting appropriate pixel approaches by focusing on perceptibility and capacity parameters of the cover video, which result in improved temporal and spatial perception levels in the stego-video.

TL;DR: The results indicate that non-deterministic channels may bring more threat than deterministic ones in the same network, and the information leakage via on/off timing channels should gain more intention.

TL;DR: In this article, the authors proposed a novel watermarking scheme for R-tree data structures that does not change the values of the attributes and thus does not affect the size of the data structure.

TL;DR: Petri Net Attack Modeling (PENET) approach has ability to convert and enhance existing attack trees with finer parameters, dynamic constructs, Petri net representation power, and intuitive time-domain analysis.

TL;DR: This paper proposes a group-based RBAC model (GB-RBAC) for secure collaborations which is based on RBAC96 and extended with group concept to capture dynamic users and permissions and applies its model for authorization management in collaborations by introducing the concept of virtual group.

TL;DR: This paper has developed an effective characterization metrics, based on workload characteristics and resource types, in detecting and classifying various web robots including text crawlers, link checkers, and icon crawlers that can be used to classify likely identify of unknown web robots and organizations can develop appropriate measures to deal with them.