Showing papers in "Computers & Security in 2011"

TL;DR: In this article, the Routine Activity Theory can be applied to mitigate cyber threats by reducing the opportunities for cyber crime to occur, making cyber crime more difficult to commit and by increasing the risks of detection and punishment associated with committing cyber crime.

TL;DR: This paper proposes a hierarchical attribute- based encryption scheme (HABE) by combining a hierarchical identity-based encryption (HIBE) system and a ciphertext-policy attribute-based encrypted system (CP-ABE), and proposes a scalable revocation scheme by applying proxy re-encryption (PRE) and lazy re-Encryption (LRE) to the HABE scheme, so as to efficiently revoke access rights from users.

TL;DR: In this paper, a review of data preprocessing techniques used by anomaly-based network intrusion detection systems (NIDS), concentrating on which aspects of the network traffic are analyzed, and what feature construction and selection methods have been used.

TL;DR: The reasons that led to the application of SI in intrusion detection are explored, and SI methods that have been used for constructing IDS are presented, and a detailed comparison of several SI-based IDS in terms of efficiency is made.

TL;DR: Significant differences were found between the two methods, with the two-factor version being perceived as offering higher levels of security than the single-factor authentication version; however, this gain was offset by significantly lower perceptions of usability, and lower ratings for convenience and ease of use for theTwo-Factor version.

TL;DR: Experimental results show that the analysis performed by HMMPayl is particularly effective against the most frequent attacks toward Web applications (such as XSS and SQL-Injection), and achieves a higher detection rate respect to previously proposed approaches it has been compared with.

TL;DR: An experimental social network is created using synthetic data which is used to test the efficacy of the semantic reasoning based approaches suggested, as well as addressing the existing security and privacy concerns related to online social networks.

TL;DR: This survey revealed more than 1300 publications dealing with the application of sociological role theory in the context of Information Security up to now, with a categorization of the complete underlying set of publications into different classes.

TL;DR: This research attempts to understand the phenomenon of increased internal computer abuses by applying causal reasoning theory to explain employees' causal-search process following the implementation of information security measures.

TL;DR: This work proposes a new method based on the Support Vector Machine (SVM) learning satisfying industrial conditions (i.e., few samples per user are needed during the enrollment phase to create its template), which outperforms the other methods in an industrial context.

TL;DR: The findings of the study show that a range of computing stakeholders have genuine concerns about the frequency of information security breaches and malware incursions, the need for e-security awareness and education, the roles played by law and law enforcement, and the installation of current security software and systems.

TL;DR: A unified access control scheme is proposed that supports patient-centric selective sharing of virtual composite EHRs using different levels of granularity, accommodating data aggregation and privacy protection requirements.

TL;DR: This paper evaluates and compares the most prominent IDS architectures for MANETs and presents a set of design features and principles that have to be addressed and satisfied in future research of designing and implementing IDSs for MANets.

TL;DR: A method for deriving static system call sequences is presented, and two automatic feature-selection methods based on n-grams are proposed, which have higher accuracy and a lower false positive rate than the dynamic detection approach.

TL;DR: This paper attempts to quantify the cost of attacking self-modified code by defining a taxonomy for it and systematically categorising an adversary's capabilities.

TL;DR: The feasibility of characterizing the vulnerability discovery process in the two major HTTP servers, Apache and IIS, is quantitatively examined using both time and effort-based vulnerability discovery models, using data spanning more than a decade.

TL;DR: The article compiles thirteen control patterns, which are particularly suited to help information systems satisfy the simplifying assumptions, and makes information systems easier to audit and IT architects can use them to build systems that meet audit requirements by design.

TL;DR: PARBAC is defined, which extends the classic ARBAC97 model to support parameters, it is proved that user-role reachability analysis for PARbAC is undecidable when parameters may range over infinite types, and it is presented a semi-decision procedure for reachabilityAnalysis of PARBAC.

TL;DR: Trends in FTC enforcement actions that are institutionalizing security knowledge are revealed as evidenced by 39 security requirements that mitigate 110 legal security vulnerabilities.

TL;DR: A comparison of empirical and simulated behavior in this microworld shows that the approach is already able to accurately predict important aspects of user behavior toward security interfaces, but also identifies future work necessary to better cover all relevant aspects guiding this behavior in a real-world setting.

TL;DR: It is found that the quantization and interpolation process can change the fingerprint features significantly without affecting the visual image, and up to 7% bio-cryptographic key bits can be affected due to this rotation transformation.

TL;DR: Experimental results show that the novel detection technique based on profile hidden Markov models (PHMMs) outperforms other techniques when limited training data is available, and conjecture that such positional information would give this approach a significant advantage over HMM-based detection.

TL;DR: A construction framework in which QKD classical post-processing can be custom made, and a comprehensive generic recipe for classicalPost-processing that one can follow to derive a secret key from the measurement outcomes in an actual experiment is built.

TL;DR: Data anonymisation is of increasing importance for allowing sharing individual data among various data requesters for a variety of social network data analysis and mining applications.

TL;DR: This paper presents a new, plausible deniability approach to store sensitive information on a cluster-based filesystem, and derives the theoretical capacity of the covert channel and shows that a capacity of up to 24 bits/cluster can be achieved on a half-empty disk.

TL;DR: An algebra, which consists of three binary and two unary operations, is able to support the specification of a large variety of integration constraints and is presented as a framework that uses the algebra for the fine-grained integration of policies expressed in XACML.

TL;DR: This work investigates how a resourceful masquerader can successfully evade detection while still accomplishing his goals and proposes a more accurate algorithm, called Probabilistic Padding Identification (PPI), based on the Kullback-Leibler divergence, which attempts to identify if a sufficiently anomalous attack is present within an apparently normal behavioural pattern.

TL;DR: The strengthened e-poll protocol and the new differential-privacy preserving function, which strictly speaking only are side contributions of this paper, each appear as important as the new e-commerce privacy paradigm.

TL;DR: A comprehensive statistical analysis of the delay in the updating process of network Intrusion Detection Systems in relation to the vulnerability disclosure time, the updates of vulnerability detection systems (VDS), the software patching releases and the publication of exploits is presented.

TL;DR: This paper provides and proves a theorem stating that a truncation enforcement mechanism considering only the set of possible executions of a specific program is strictly more powerful than a mechanism considering all the executions over an alphabet of actions.