The Third International Conference on Availability

Preparing to load PDF file. please wait...

0 of 0
100%
The Third International Conference on Availability

Transcript Of The Third International Conference on Availability

The Third International Conference on Availability, Reliability and Security (ARES 2008)
Barcelona, Spain 4-7 March 2008
Pages 1-760

IEEE Catalog Number: CFP0839A-PRT

ISBN:

978-1-4244-3049-9

TABLE OF CONTENTS
KEYNOTES
Security and Privacy Challenges in Location Based Service Environments..................................................1
Vijayalakshmi Atluri
Infrastructure support for Authorization, Access Control and Privilege Management...............................4
Gunther Pernul
The ASCAA Principles for Next-Generation Role-Based Access Control .....................................................5
Ravi Sandhu, Venkata Bhamidipati
ARES FULL PAPER SESSIONS
SESSION 1: APPLICATIONS
Securing Telehealth Applications in a Web-Based e-Health Portal..............................................................11
Qian Liu, Shuo Lu, Yuan Hong, Lingyu Wang, Rachida Dssouli
Multi-Level Reputation-Based Greylisting .....................................................................................................18
Andreas G.K. Janecek, Wilfried N. Gansterer, K. Ashwin Kumar
Hardening XDS-Based Architectures..............................................................................................................26
Kim Wuyts, Riccardo Scandariato, Geert Claeys, Wouter Joosen
SESSION 2: MISCELLANEOUS
Finding Evidence of Antedating in Digital Investigations .............................................................................34
Svein Yngvar Willassen
FEDC: Control Flow Error Detection and Correction for Embedded Systems without Program Interruption .......................................................................................................................................41
Navid Farazmand, Mahdi Fazeli, Seyyed Ghasem Miremadi
Economic and Security Aspects of Applying a Threshold Scheme in e-Health ...........................................47
Bernhard Riedl, Veronika Grascher, Mathias Kolb, Thomas Neubauer
Evaluation of Anomaly Based Character Distribution Models in the Detection of SQL Injection Attacks ...............................................................................................................................................55
Mehdi Kiani, Andrew Clark, George Mohay
On the Possibility of Small, Service-Free Disk Based Storage Systems........................................................64
Jehan-François Pâris, Thomas J.E. Schwarz
Efficient High Availability Commit Processing..............................................................................................72
Heine Kolltveit, Svein-Olaf Hvasshovd
SESSION 3: MODELS
Soundness Conditions for Message Encoding Abstractions in Formal Security Protocol Models ................................................................................................................................................................80
Alfredo Pironti, Riccardo Sisto

Towards Formal Specification of Abstract Security Properties ...................................................................88
Antonio Maña, Gimena Pujol
A Behavioral Model of Ideologically-motivated “Snowball” Attacks...........................................................96
Natalia Stakhanova, Oleg Stakhanov, Ali Ghorbani
Property Specification and Static Verification of UML Models .................................................................104
Igor Siveroni, Andrea Zisman, George Spanoudakis
SESSION 4: DATABASE
Towards Comprehensive Requirement Analysis for Data Warehouses: Considering Security Requirements....................................................................................................................................112
Emilio Soler, Veronika Stefanov, Jose-Norberto Mazon, Juan Trujillo, Eduardo Fernandez-Madina, Mario Piattini
A New Scheme for Distributed Density Estimation based Privacy-Preserving Clustering ......................120
Chunhua Su, Feng Bao, Jianying Zhou, Tsuyoshi Takagi, Kouichi Sakurai
A Database Replication Protocol Where Multicast Writesets Are Always Committed............................128
Jose Ramon Juarez-Rodriguez, J.E. Armendariz-Iñigo, J.R. Gonzalez de Mendivil, F.D. Muñoz-Escoi
SESSION 5: MOBILE
Matching Policies with Security Claims of Mobile Applications ................................................................136
Nataliia Bielova, Marco Dalla Torre, Nicola Dragoni, Ida Siahaan
PSecGCM: Process for the Development of Secure Grid Computing based Systems with Mobile Devices.................................................................................................................................................144
David G. Rosado, Eduardo Fernandez-Medina, Javier López, Mario Piattini
WATCHMAN: An Overlay Distributed AAA Architecture for Mobile Ad hoc Networks......................152
Amir R. Khakpour, Maryline Laurent-Maknavicius, Hakima Chaouchi
SESSION 6: RBAC AND RECOMMENDER
Hierarchical Domains for Decentralized Administration of Spatially-Aware RBAC Systems ............................................................................................................................................................. 161
Maria Luisa Damiani, Claudio Silvestri, Elisa Bertino
Experimental Demonstration of a Hybrid Privacy-Preserving Recommender System ............................169
Esma Aimeur, Gilles Brassard, Jose M. Fernandez, Flavien Serge Mani Onana, Zbigniew Rakowski
Fast Qualitative Reasoning about Actions for Computing Anticipatory Systems.....................................179
Natsumi Kitajima, Yuichi Goto, Jingde Cheng
SESSION 7: RISK MANAGEMENT
Enhancing Business Impact Analysis and Risk Assessment Applying a Risk-Aware Business Process Modeling and Simulation Methodology ...........................................................................187
Simon Tjoa, Stefan Jakoubi, Gerald Quirchmayr
Defining Secure Business Processes with Respect to Multiple Objectives..................................................195
Thomas Neubauer, Johannes Heurix
Analysis and Component-based Realization of Security Requirements.....................................................203
Denis Hatebur, Maritta Heisel, Holger Schmidt

SESSION 8: NETWORKS
A Framework for Detecting Anomalies in VoIP Networks .........................................................................212
Yacine Bouzida, Christophe Mangin
Rapid Detection of Constant-Packet-Rate Flows .........................................................................................220
Kuan-Ta Chen, Jing-Kai Lou
Performance Analysis of Anonymous Communication Channels Provided by Tor .................................229
Andriy Panchenko, Lexi Pimenidis, Johannes Renner
Fast Algorithms for Consistency-Based Diagnosis of Firewall Rule Sets...................................................237
Sergio Pozo Hidalgo, Rafael Ceballos, Rafael Martínez Gasca
Privacy/Analysis Tradeoffs in Sharing Anonymized Packet Traces: Single-Field Case...........................245
William Yurcik, Clay Woolam, Greg Hellings, Latifur Khan, Bhavani Thuraisingham
A Distributed Defense Framework for Flooding-Based DDoS Attacks......................................................253
Yonghua You, Mohammad Zulkernine, Anwar Haque
Pure MPLS Technology..................................................................................................................................261
Liwen He, Paul Botham
Symmetric Active/Active Replication for Dependent Services....................................................................268
Christian Engelmann, Stephen L. Scott, Chokchai Leangsuksun, Xubin He
SESSION 9: SOFTWARE
Statically Checking Confidentiality of Shared Memory Programs with Dynamic Labels .......................276
Marcus Völp
A Cause-Based Approach to Preventing Software Vulnerabilities.............................................................284
David Byers, Nahid Shahmehri
Integrating a Security Plug-in with the OpenUP/Basic Development Process ..........................................292
Shanai Ardi, Nahid Shahmehri
A Novel Testbed for Detection of Malicious Software Functionality..........................................................300
Jostein Jensen
Type and Effect Annotations for Safe Memory Access in C .......................................................................310
Syrine Tlili, Mourad Debbabi
SESSION 10: IDS AND MODELS
Adaptabilty of a GP Based IDS on Wireless Networks................................................................................318
Adetokunbo Makanju, Nur Zincir-Heywood, Evangelos Milios
An Intrusion-Tolerant Mechanism for Intrusion Detection Systems .........................................................327
Liwei Kuang, Mohammad Zulkernine
Fuzzy Private Matching (Extended Abstract) ..............................................................................................335
Lukasz Chmielewski, Jaap-Henk Hoepman
SESSION 11: TRUST, SECURITY AND ECONOMICS
Navigating in Webs of Trust: Finding Short Trust Chains in Unstructured Networks without Global Knowledge .............................................................................................................................343
Jens-Uwe Bußer, Steffen Fries, Martin Otto, Peter Hartmann

Trust Modelling in E-Commerce through Fuzzy Cognitive Maps..............................................................352
Christian Schläger, Günther Pernul
Boosting Markov Reward Models for Probabilistic Security Evaluation by Characterizing Behaviors of Attacker and Defender .............................................................................................................360
Zonghua Zhang, Farid Nait-Abdesselam, Pin-Han Ho
ARES SHORT PAPER SESSIONS
SESSION 1: APPLICATIONS
CERTILOC: Implementation of a Spatial-Temporal Certification Service Compatible with Several Localization Technologies ........................................................................................................368
José María de Fuentes García-Romero de Tejada, Ana Isabel González-Tablas Ferreres, Arturo Ribagorda Garnacho
Extending Mixed Serialisation Graphs to Replicated Environments .........................................................374
Josep M. Bernabé-Gisbert, Francesc D. Muñoz-Escoí
Towards Secure E-Commerce Based on Virtualization and Attestation Techniques ...............................381
Frederic Stumpf, Claudia Eckert, Shane Balfe
Fuzzy Belief-Based Supervision .....................................................................................................................388
Alexandre Vorobiev, Rudolph Seviora
Ensuring Progress in Amnesiac Replicated Systems....................................................................................395
Rubén de Juan-Marín, Luis Irún-Briz, Francesc D. Muñoz-Escoí
Enhancing Face Recognition with Location Information............................................................................402
R.J. Hulsebosch, P.W.G. Ebben
A Lazy Monitoring Approach for Heartbeat-Style Failure Detectors........................................................409
Benjamin Satzger, Andreas Pietzowski, Wolfgang Trumler, Theo Ungerer
Defending On-Line Web Application Security with User-Behavior Surveillance.....................................415
Yu-Chin Cheng, Chi-Sung Laih, Gu-Hsin Lai, Chia-Mei Chen, Tsuhan Chen
SESSION 2: SERVICES AND TRUST
A Pattern-Driven Security Process for SOA Applications ..........................................................................421
Nelly A. Delessy, Eduardo B. Fernandez
Towards a Dependable Architecture for Highly Available Internet Services............................................427
Pablo Neira Ayuso, Laurent Lefèvre, Denis Barbaron, Rafael M. Gasca
Assessing the Reliability and Cost of Web and Grid Orchestrations .........................................................433
Alan Stewart, Maurice Clint, Terry Harmer, Peter Kilpatrick, Ron Perrott, Joaquim Gabarro
Application-Oriented Trust in Distributed Computing...............................................................................439
Riccardo Scandariato, Yoram Ofek, Paolo Falcarin, Mario Baldi
BlueTrust in a Real World .............................................................................................................................445
Bradley Markides, Marijke Coetzee
SESSION 3: PRIVACY AND SAFETY
Privacy Preserving Shortest Path Computation in Presence of Convex Polygonal Obstacles .................451
Ananda Swarup Das, Jitu Kumar Keshri, Kannan Srinathan, Vaibhav Srivastava

Privacy Protected ELF for Private Computing on Public Platforms .........................................................457
Thomas H. Morris, V.S.S. Nair
haplog: A Hash-Only and Privacy-Preserved Secure Logging Mechanism ...............................................463
Chih-Yin Lin
An Improved Zonal Safety Analysis Method and Its Application on Aircraft CRJ200 ...........................466
Li Xiaolei, Tian Jin, Zhao Tingdi
SESSION 4: NETWORKS
A Model for Specification and Validation of Security Policies in Communication Networks: The Firewall Case .........................................................................................................................472
Ryma Abbassi, Sihem Guemara El Fatmi
SPIT Detection and Prevention Method in VoIP Environment..................................................................478
He Guang-Yu, Wen Ying-You, Zhao Hong
A New Approach to Analysis of Interval Availability..................................................................................484
Ezzat Kirmani, Cynthia S. Hood
SFMD: A Secure Data Forwarding and Malicious Routers Detecting Protocol .......................................489
Xiang-he Yang, Hua-ping Hu, Xin Chen
Fault Effects in FlexRay-Based Networks with Hybrid Topology..............................................................496
Mehdi Dehbashi, Vahid Lari, Seyed Ghassem Miremadi, Mohammad Shokrollah-Shirazi
Secure Wireless Sensor Networks..................................................................................................................502
Xun Yi, Mike Faulkner, Eiji Okamoto
SEIF: Secure and Efficient Intrusion-Fault Tolerant Routing Protocol for Wireless Sensor Networks ..........................................................................................................................................................508
Abdelraouf Ouadjaout, Yacine Challal, Noureddine Lasla, Miloud Bagaa
The Impact of Flooding Attacks on Network-based Services......................................................................514
Meiko Jensen, Nils Gruschka, Norbert Luttenberger
Managing Priorities in Atomic Multicast Protocols.....................................................................................519
Emili Miedes, Francesc D. Muñoz-Escoí
Beacon Frame Spoofing Attack Detection in IEEE 802.11 Networks ........................................................525
Asier Martínez, Urko Zurutuza, Roberto Uribeetxeberria, Miguel Fernández, Jesus Lizarraga, Ainhoa Serna, Iñaki Vélez
An End-to-End Security Solution for SCTP .................................................................................................531
Stefan Lindskog, Anna Brunstrom
SESSION 5: CRYPTO
An Identity-Based Group Key Agreement Protocol from Pairing..............................................................537
Hongji Wang, Gang Yao, Qingshan Jiang
An Authenticated 3-Round Identity-Based Group Key Agreement Protocol............................................543
Gang Yao, Hongji Wang, Qingshan Jiang
High Capacity Steganographic Method Based Upon JPEG........................................................................549
Adel Almohammad, Robert M. Hierons, Gheorghita Ghinea
Cluster-based Group Key Agreement for Wireless Ad hoc Networks .......................................................555
Elisavet Konstantinou

SESSION 6: CRYPTO AND HEALTH
A Statistical Algorithm for Linguistic Steganography Detection Based on Distribution of Words ...............................................................................................................................................................563
Chen Zhi-li, Huang Liu-sheng, Yu Zhen-shan, Li Ling-jun, Yang Wei
RTQG: Real-Time Quorum-based Gossip Protocol for Unreliable Networks ..........................................569
Bo Zhang, Kai Han, Binoy Ravindran, E.D. Jensen
A Secure and Scalable Infrastructure for Inter-Organizational Data Exchange and eGovernment Applications .............................................................................................................................577
Jan Willemson, Arne Ansper
A Security Model and its Application to a Distributed Decision Support System for Healthcare........................................................................................................................................................583
Liang Xiao, Javier Vicente, Carlos Sáez, Andrew Peet, Alex Gibb, Paul Lewis, Srinandan Dasmahapatra, Madalina Croitoru, Horacio González-Vélez, Magí Lluch i Ariet, David Dupplaw
SESSION 7: MODELS AND NETWORKS
Run-time Information Flow Monitoring based on Dynamic Dependence Graphs....................................591
Salvador Cavadini, Diego Cheda
Automated Process Classi cation Framework using SELinux Security Context.....................................597
Pravin Shinde, Priyanka Sharma, Srinivas Guntupalli
Using Composition Policies to Manage Authentication and Authorization Patterns and Services.............................................................................................................................................................602
Judith E.Y. Rossebø, Rolv Bræk
Providing Fault Tolerance in Wireless Backhaul Network Design with Path Restoration ......................609
Naruemon Wattanapongsakorn, Chalermpol Charnsripinyo, Pakorn Leesutthipornchai
SESSION 8: IDS
Histogram Matrix: Log File Visualization for Anomaly Detection ............................................................615
Adrian Frei, Marc Rennhard
Context-based Profiling for Anomaly Intrusion Detection with Diagnosis................................................623
Benferhat Salem, Tabia Karim
A Revised Taxonomy of Data Collection Mechanisms with a Focus on Intrusion Detection ...................629
Ulf Larson, Erland Jonsson, Stefan Lindskog
IDRS: Combining File-level Intrusion Detection with Block-level Data Recovery based on iSCSI.................................................................................................................................................................635
Youhui Zhang, Hongyi Wang, Yu Gu, Dongsheng Wang
Intrusion Detection for Wormhole Attacks in Ad hoc Networks: A Survey and a Proposed Decentralized Scheme .....................................................................................................................................641
Marianne Azer, Sherif El-Kassas, Abdel Wahab Hassan, Magdy El-Soudani
SESSION 9: HARDWARE
NFC Devices: Security and Privacy...............................................................................................................647
Gerald Madlmayr, Josef Langer, Christian Kantner, Josef Scharinger
Analyzing Fault Effects in the 32-bit OpenRISC 1200 Microprocessor.....................................................653
Nima Mehdizadeh, Mohammad Shokrolah-Shirazi, Seyed Ghassem Miremadi

Increasing the Performability of Computer Clusters Using RADIC II......................................................658
Guna Santos, Angelo Duarte, Dolores, Emilio Luque
A Framework for Proactive Fault Tolerance ...............................................................................................664
Geoffroy Vallee, Kulathep Charoenpornwattana, Christian Engelmann, Anand Tikotekar, Chokchai Leangsuksun, Thomas Naughton, Stephen L. Scott
WORKSHOP FARES
SESSION 1: MISCELLANEOUS
Anti-DDoS Virtualized Operating System ....................................................................................................670
Sanjam Garg, Huzur Saran
A Case for High Availability in a Virtualized Environment (HAVEN) .....................................................678
Erin Farr, Richard Harper, Lisa Spainhower, Jimi Xenidis
SESSION 2: ACCESS CONTROL AND ALGORITHMS
A Federated Physical and Logical Access Control Enforcement Model ....................................................686
Stéphane Onno
Fostering the Uptake of Secure Multiparty Computation in E-Commerce ...............................................696
Octavian Catrina, Florian Kerschbaum
Efficient Certificate Path Validation and Its Application in Mobile Payment Protocols .........................704
Rafael Martinez-Peláez, Cristina Satizábal, Francisco Rico-Novella, Jordi Forné
Avoiding Policy-based Deadlocks in Business Processes .............................................................................712
Mathias Kohler, Andreas Schaad
A Secure High-Speed Identification Scheme for RFID Using Bloom Filters .............................................720
Yasunobu Nohara, Sozo Inoue, Hiroto Yasuura
SESSION 3: CRYPTO
New Self Certified Proxy Digital Signature Scheme based on Elliptic Curve Cryptosystem ...................726
Youan Xiao
Privacy-preserving Protocols for Finding the Convex Hulls.......................................................................730
Qi Wang, Yonglong Luo, Liusheng Huang
A Secure RFID Protocol based on Insubvertible Encryption Using Guardian Proxy ..............................736
Kyosuke Osaka, Shuang Chang, Tsuyoshi Takagi, Kenichi Yamazaki, Osamu Takahashi
Cryptographic Properties of Second-Order Memory Elementary Cellular Automata ............................744
Ascension Hernández Encinas, Angel Martín del Rey, J.L. Pérez Iglesias, Gerardo Rodríguez Sánchez, Araceli Queiruga Dios
New Efficient and Authenticated Key Agreement Protocol in Dynamic Peer Group...............................749
Shengke Zeng, Mingxing He, Weidong Luo
SESSION 4: RISK MANAGEMENT
Intensive Programme on Information and Communication Security ........................................................755
Christian Schläger, Ludwig Fuchs, Günther Pernul
Applications for IT-Risk Management – Requirements and Practical Evaluation...................................761
Heinz Lothar Grob, Gereon Strauch, Christian Buddendick

Security Analysis of Role-based Separation of Duty with Workflows........................................................768
Rattikorn Hewett, Phongphun Kijsanayothin, Aashay Thipse
SESSION 5: DATABASES AND MODELS
Detecting Suspicious Relational Database Queries ......................................................................................774
Stefan Böttcher, Rita Hartel, Matthias Kirschner
Assessing the Value of Enterprise Identity Management (EIdM) – Towards a Generic Evaluation Approach ......................................................................................................................................782
Denis Royer
An Ontological Approach to Secure MANET Management .......................................................................790
Mark E. Orwat, Timothy E. Levin, Cynthia E. Irvine
SESSION 6: MODELS
Reliability Analysis using Graphical Duration Models................................................................................798
Roland Donat, Laurent Bouillaut, Patrice Aknin, Philippe Leray
From Omega to ◊P in the Crash-Recovery Failure Model with Unknown Membership .........................804
Mikel Larrea, Cristian Martín
Policy-based Group Organizational Structure Management using an Ontological Approach..........................................................................................................................................................810
Mario Anzures-García, Luz A. Sánchez-Gálvez
A Systematic Review and Comparison of Security Ontologies ...................................................................816
Carlos Blanco, Joaquin Lasheras, Rafael Valencia-García, Eduardo Fernández-Medina, Ambrosio Toval, Mario Piattini
Context Ontology for Secure Interoperability..............................................................................................824
Céline Coma, Nora Cuppens-Boulahia, Frédéric Cuppens, Ana-Rosa Cavalli
SESSION 7: PASSWORDS AND SERVICES
On the Security of VSH in Password Schemes .............................................................................................831
Kimmo Halunen, Pauli Rikula, Juha Röning
Sustaining Web Services High-Availability Using Communities................................................................837
Zakaria Maamar, Quan Z. Sheng, Djamal Benslimane
Distributed Information Retrieval Service for Ubiquitous Services...........................................................845
Takeshi Tsuchiya, Marc Lihan, Hirokazu Yoshinaga, Keiichi Koyanagi
SESSION 8: SOFTWARE
A Lightweight Security Analyzer inside GCC..............................................................................................854
Davide Pozza, Riccardo Sisto
Dynamic Maintenance of Software Systems at Runtime .............................................................................862
Habib Seifzadeh, Mostafa Kermani, Mohsen Sadighi
Software Security; A Vulnerability Activity Revisit ....................................................................................869
Mohammad Ali Hadavi, Hossein Shirazi, Hasan Mokhtari Sangchi, Vahid Saber Hamishagi

SESSION 9: TRUST
Making Multi-Dimensional Trust Decisions on Inter-Enterprise Collaborations.....................................876
Sini Ruohomaa, Lea Kutvonen
A Survey on Trust and Reputation Schemes in Ad Hoc Networks.............................................................884
Marianne A. Azer, Sherif M. El-Kassas, Abdel Wahab F. Hassan, Magdy S. El-Soudani
WORKSHOP WPA
Privacy-Preserving Recommendation Systems for Consumer Healthcare Services .................................890
Stefan Katzenbeisser, Milan Petkovic
Detecting Bots Based on Keylogging Activities.............................................................................................897
Yousof Al-Hammadi, Uwe Aickelin
A Comprehensive Approach for Context-dependent Privacy Management..............................................904
Elke Franz, Christin Groba, Thomas Springer, Mike Bergmann
Traceable Quantitative Risk Assessment Applied to Investment Decision for Local Backups ............................................................................................................................................................912
Steffen Weiss, Martin Wahl, Michael Tielemann, Klaus Meyer-Wegener
Quantitative Assessment of Enterprise Security System .............................................................................922
Ruth Breu, Frank Innerhofer-Oberperfler, Artsiom Yautsiukhin
Clustering Oriented Architectures in Medical Sensor Environments........................................................930
Eleni Klaoudatou, Elisavet Konstantinou, Georgios Kambourakis, Stefanos Gritzalis
An Initial Model and a Discussion of Access Control in Patient Controlled Health Records ..................936
Lillian Røstad
Secure Team-Based EPR Access Acquisition in Wireless Networks ..........................................................944
Sigurd Eskeland, Vladimir Oleshchuk
VEA-bility Security Metric: A Network Security Analysis Tool ................................................................951
Melanie Tupper, A. Nur Zincir-Heywood
Towards an Architecture for Balancing Privacy and Traceability in Ubiquitous Computing Environments ..............................................................................................................................959
Stefan G. Weber, Andreas Heinemann, Max Mühlhäuser
WORKSHOP PSAI
GOST-28147 Encryption Implementation on Graphics Processing Units .................................................966
Victor Korobitsin, Sergey Ilyin
Intelligent Video Surveillance Networks: Data Protection Challenges ......................................................974
Fanny Coudert, Jos Dumortier
Intrusion Detection with Data Correlation Relation Graph........................................................................981
Amin Hassanzadeh, Babak Sadeghian
A Critique of k-Anonymity and Some of Its Enhancements .......................................................................989
Josep Domingo-Ferrer, Vicenç Torra
Cluster-Specific Information Loss Measures in Data Privacy: A Review..................................................993
Vicenc Torra, Susana Ladra
Hierarchical Trust Architecture in a Mobile Ad-Hoc Network Using Ant Algorithms............................999
Cristina Satizábal, Jordi Forné, Rafael Martínez-Peláez, Franciso Rico-Novella
SecurityDetectionAvailabilityModelFrancesc