Abstract: As technology such as the Internet, computers and mobile devices become ubiquitous throughout society, the need to ensure our information remains secure is imperative. Unfortunately, it has long been understood that good security cannot be achieved through technical means alone and a solid understanding of the issues and how to protect yourself is required from users. Whilst many initiatives, programs and strategies have been proposed to improve the level of information security awareness, most have been directed at organizations, with a few national programs focused upon home users. Given people's use of technology is primarily focused upon those two areas: the workplace and home, this paper seeks to understand the knowledge and practice relationship between these environments. Through the survey that was developed, it was identified that the majority of the learning about information security occurred in the workplace, where clear motivations, such as legislation and regulation, existed. It was also found that user’s were more than willing to engage with such awareness raising initiatives. From a comparison of practice between work and home environments, it was found that this knowledge and practice obtained at the workplace was transferred to the home environment. Given this positive transferability of knowledge and the willingness to learn about how to remain secure, an opportunity exists to move away from specific organizational awareness programs and to move towards awareness raising strategies that, whilst deployed in the organization, will develop an all-round individual security culture for users independent of the environment within which they are operating.

Abstract: The quality of the feature selection algorithm is one of the most important factors that affects the effectiveness of an intrusion detection system (IDS). Achieving reduction of the number of relevant traffic features without negative effect on classification accuracy is a goal that greatly improves the overall effectiveness of the IDS. Obtaining a good feature set automatically without involving expert knowledge is a complex task. In this paper, we propose an automatic feature selection procedure based on the filter method used in machine learning. In particular, we focus on Correlation Feature Selection (CFS). By transforming the CFS optimization problem into a polynomial mixed 0−1 fractional programming problem and by introducing additional variables in the problem transformed in such a way, we obtain a new mixed 0 − 1 linear programming problem with a number of constraints and variables that is linear in the number of full set features. The mixed 0−1 linear programming problem can then be solved by means of branch-and-bound algorithm. Our feature selection algorithm was compared experimentally with the best-first-CFS and the genetic-algorithm-CFS methods regarding the feature selection capabilities. The classification accuracy obtained after the feature selection by means of the C4.5 and the BayesNet machines over the KDD CUP'99 IDS benchmarking data set was also tested. Experiments show that our proposed method outperforms the best first and genetic algorithm search strategies by removing much more redundant features and still keeping the classification accuracies or even getting better performances.

Abstract: Social Networking Sites (SNS), such as Facebook and LinkedIn, have become the established place for keeping contact with old friends and meeting new acquaintances. As a result, a user leaves a big trail of personal information about him and his friends on the SNS, sometimes even without being aware of it. This information can lead to privacy drifts such as damaging his reputation and credibility, security risks (for instance identity theft) and profiling risks. In this paper, we first highlight some privacy issues raised by the growing development of SNS and identify clearly three privacy risks. While it may seem a priori that privacy and SNS are two antagonist concepts, we also identified some privacy criteria that SNS could fulfill in order to be more respectful of the privacy of their users. Finally, we introduce the concept of a Privacy-enhanced Social Networking Site (PSNS) and we describe Privacy Watch, our first implementation of a PSNS.

Abstract: Most organizations underestimate the demand for digital evidence [1]. Often, when evidence is required to prove fraudulent transactions, not enough or trustworthy evidence is available to link the attacker to the incident. It isessential for organizations to prepare themselves for digital Forensic (DF) investigations and ensure that entireorganizational operating environment is prepared for example for an investigation (criminal or internal) or acompliance tests. The accepted literature on DF readinessconcentrates mainly on evidence identification, handling andstorage, first line incident response and training requirements [2]. It does not consider the proactiveapplication of DF tools to enhance the corporate governancestructures (specifically Information Technology (IT) governance). Pro-active DF (ProDF) as defined in this paperwill enable an organization to take the initiative byimplementing adequate measures to become DF ready,demonstrate due diligence for good corporate Governance,specifically IT Governance and provide a mechanism toassess and improve IT Governance frameworks. The purpose of this paper is to define, identify goals, steps, anddeliverables of ProDF, identify dimensions of DF, and propose a theoretical DF management framework to guidethe implementation of ProDF in an organization.

Abstract: The use of Internet based communication technologies has become more prevalent in recent years. Technologies such as Skype provide a highly secure and decentralised method of communication. These technologies may also leave little evidence on static media causing conventional digital forensic processes to be ineffective. This research looks at exploiting physical memory to recover evidence from Internet based communication technologies where conventional methods cannot. The paper first proposes a set of generic target artefacts that defines information that may be targeted for recovery and the meaning that can be inferred from this. A controlled test was then undertaken where Skype was executed and the memory from the target machine collected. The analysis showed that it is feasible to recover the target data as applied to Skype, which would not be otherwise available. As this is the first set of tests of a series, the future direction is also discussed.

Abstract: Misuse cases and attack trees have been suggested for security requirements elicitation and threat modeling in software projects. Their use is believed to increase security awareness throughout the software development life cycle. Experiments have identified strengths and weaknesses of both model types. In this paper we present how misuse cases and attack trees can be linked to get a high-level view of the threats towards a system through misuse case diagrams and a more detailed view on each threat through attack trees. Further, we introduce links to security activity descriptions in the form of UML activity graphs. These can be used to describe mitigating security activities for each identified threat. The linking of different models makes most sense when security modeling is supported by tools, and we present the concept of a security repository that is being built to store models and relations such as those presented in this paper.

Abstract: We propose a novel model-driven application-level encryption solution to protect the privacy and confidentiality of health data in response to the growing public concern about the privacy of health data. Domain experts specify sensitive data which are to be protected by encryption in the application’s domain model. Security experts specify the cryptographic parameters used for the encryption in a security configuration. Both specifications are highly flexible to support different granularities of data to be encrypted and appropriate security levels. Based on the domain model, our code generator for Model-Driven Software Development generates code and configuration artifacts to control the encryption and decryption logic in the application and perform database schema modifications. Our encryption infrastructure outside the database (hence, application-level encryption) utilizes the security configuration to perform encryption and decryption.The generator relieves application developers from a significant amount of migration work required by application-level encryption. Hence, our approach combines the flexibility, security and independence from database vendors of application-level encryption and the transparency of database-level encryption. Our model-driven application-level encryption has been integrated into our eHealth Framework, a comprehensive platform for the development of electronic health care solutions. Our approach can be applied to other domains as well.

Abstract: Internet users today often have usernames and passwords at multiple web sites. To simplify things, many sites support some form of federated identity management, such as OpenID, that enables users to have a single account that allows them to log on to many different sites by authenticating to a single identity provider. Most identity providers perform authentication using a username and password. Should these credentials be compromised, e.g. captured by a key logger or malware on an untrusted computer, all the user’s accounts become compromised. Therefore a more secure authentication method is desirable. We have implemented 2-clickAuth, an optical challenge-response solution where a web camera and a camera phone are used for authentication. Two-dimensional barcodes are used for the communication between phone and computer, which allows 2-clickAuth to transfer relatively large amounts of data in a short period of time. 2-clickAuth is considerably more secure than passwords while still being easy to use and easy to distribute to users. This makes 2-clickAuth a viable alternative to passwords in systems where enhanced security is desired, but availability, ease-of-use, and cost cannot be compromised. We have implemented an identity provider in the OpenID federated identity management system that uses 2-clickAuth for authentication, making 2-clickAuth available to all users of sites that support OpenID, including Facebook, Sourceforge and MySpace.

Abstract: Virtualization technology in the form of server consolidation makes running of hot-standby replicas on one system possible, while software rejuvenation provides proactive recovery of failure. Both technologies have been used to make systems more dependable. However, the deployment of rejuvenation in virtualized systems had been limited only to virtual machines (VMs) or only to virtual machine monitors (VMMs), requiring changes to applications too. We propose a new rejuvenation technique for high available virtualized systems that is applied at both VM and VMM levels and yet it does not require any modifications to applications. Our proposition leverages the encapsulation of an application into a VM using this new combinatory rejuvenation technique that uses a time-based policy for VMM and a prediction-based policy for VMs. To demonstrate how much it can improve system availability, the stochastic reward net-based models of a typical virtualized consolidated server in cases of using a prediction-based policy, using a time-based policy, and using the proposed rejuvenation technique are presented and compared. We show that our method has higher system availability and lower downtime cost.

Abstract: Many software security vulnerabilities only reveal themselves under certain conditions, i.e., particular configurations of the software together with its particular run-time environment. One approach to detecting these vulnerabilities is fuzz testing, which feeds a range of randomly modified inputs to a software application while monitoring it for failures. However, typical fuzz testing makes no guarantees regarding the syntactic and semantic validity of the input, or of how much of the input space will be explored. To address these problems, in this paper we present a new testing methodology called configuration fuzzing. Configuration fuzzing is a technique whereby the configuration of the running application is randomly modified at certain execution points, in order to check for vulnerabilities that only arise in certain conditions. As the application runs in the deployment environment, this testing technique continuously fuzzes the configuration and checks "security invariants" that, if violated, indicate a vulnerability; however, the fuzzing is performed in a duplicated copy of the original process, so that it does not affect the state of the running application. In addition to discussing the approach and describing a prototype framework for implementation, we also present the results of a case study to demonstrate the approach's efficiency.

Abstract: Despite advances in software modularity, security, and reliability,offline patching remains the predominant form of updating or protecting commodity software. Unfortunately, the mechanics of hot patching (the process of upgrading a program while it executes) remain understudied, even though such a capability offers practical benefits for both consumer and mission-critical systems. A reliable hot patching procedure would serve particularly well by reducing the downtime necessary for critical functionality or security upgrades. Yet, hot patching also carries the risk -- real or perceived -- of leaving the system in an inconsistent state, which leads many owners to forego its benefits as too risky. In this paper, we propose a novel method for hot patching ELF binaries that supports (a) synchronized global data and code updates and (b)reasoning about the results of applying the hot patch. We propose a format, which we call a Patch Object, for encoding patches as a special type of ELF relocatable object file. Our tool, Katana, automatically creates these patch objects as a by-product of the standard source build process. Katana also allows an end-user to apply the Patch Objects to a running process. In essence, our method can be viewed as an extension of the Application Binary Interface (ABI), and we argue for its inclusion in future ABI standards.

Abstract: Increasingly, organizations collaborate with other organizations in value webs with various arrangements, such as outsourcing, partnering, joint ventures, or subcontracting. As the Jericho Forum (an industry consortium of the Open Group) observed, in all these forms of collaboration, the boundaries between organizations become permeable and, as a consequence, insiders and outsiders can no longer be neatly separated using the notion of a perimeter. Such organizational arrangements have security implications because individuals from the value web are neither outsiders nor completely insiders. To address this phenomenon this paper proposes a third set of individuals, called External Insiders. External insiders add challenges to the already known insider threat problem because, unlike outsiders, external insiders have granted access and are trusted; and, unlike traditional insiders, external insiders are not subjected to as many internal controls enforced by the organization for which they are external insiders. In fact, external insiders are part of two or more organizational control structures, and business-to-business contracts are often insufficiently detailed to establish security requirements at the level of granularity needed to counter the threat they pose.

Abstract: We have applied the generalized and universal distance measure NCD--Normalized Compression Distance--to the problem of determining the types of file fragments via example. A corpus of files that can be redistributed to other researchers in the field was developed and the NCD algorithm using k-nearest-neighbor as a classification algorithm was applied to a random selection of file fragments. The experiment covered circa 2000 fragments from 17 different file types. While the overall accuracy of the n-valued classification only improved the prior probability of the class from approximately 6% to circa 50% overall, the classifier reached accuracies of 85%--100% for the most successful file types.

Abstract: The information economy, among other elements, heavily depends on cybersecurity. On the other hand, cybersecurity depends mainly on technology, on management procedures, on organizational structures, on law and on human competencies, to quote only some aspects of ICT security. To effectively sustain a coherent approach of cybersecurity, a national strategy, enforceable at a national level and compatible at the international level, should exist. This paper analyses some characteristics and issues related to the deployment of a national cybersecurity strategy in an interconnected world. It also points out the necessity of operational organizational structures and the importance of a cybersecurity culture to support a national cybersecurity strategy.

Abstract: This paper presents a continuous authentication system based on user behavior analysis that makes use of environmental context information, users’ behavior analysis and Neuro-Fuzzy Logic. This system must be able to acquire information in context, making them into a computational environment. This information is the basis of user behavior. The System, based on the evidences of the behavior, establishes if it can trust the user or not. According to the user behavior, levels of trust are released, to access the application software. Weights are attributed in the fuzzyfication process, according to the rules that were previously established for the parameters which help to establish the evidences of behavioral trust, in its different degrees. The neuro-fuzzy logic allows that the user behavioral database be continuously updated, interacting with the fuzzyfication mechanism, so as to keep trust levels updated according to the user behavior, in a more accurate and faithful way.

Abstract: A key goal of the Services Oriented Architecture is the composition of independently written and managed services. However, managing access to these services has proven to be a problem. A particularly difficult case involves a service that invokes another service to satisfy an initial request. In a number of cases, implementations are able to achieve either the desired functionality or the required security, but not both at the same time. We say that this service composition suffers from the transitive access problem. We show that the problem arises from a poor choice of access control mechanism, one that uses subject authentication to make access decisions, and that the problem does not occur if we use delegatable authorizations.

Abstract: Electronic voting systems are a perfect example of security-critical computing. One of the critical and complex parts of such systems is the voting process, which is responsible for correctly and securely storing intentions and actions of the voters. Unfortunately, recent studies revealed that various e-voting systems show serious specification, design, and implementation flaws. The application of formal specification and verification can greatly help to better understand the system requirements of e-voting systems by thoroughly specifying and analyzing the underlying assumptions and the security specific properties.This paper presents the specification and verification of the electronic voting process for the Election Systems & Software (ES&S) system. We used the ASTRAL language to specify the voting process of ES&S machines and the critical security requirements for the system. Proof obligations that verify that the specified system meets the critical requirements were automatically generated by the ASTRAL Software Development Environment (SDE). The PVS interactive theorem prover was then used to apply the appropriate proof strategies and discharge the proof obligations.

Abstract: In this paper, we propose a new blind steganalytic method to detect the presence of secret messages embedded in black and white images using the steganographic techniques. We start by extracting several sets of matrix, such as run length matrix, gap length matrix and pixel difference. We also apply characteristic function on these matrices to enhance their discriminative capabilities. Then we calculate the statistics which include mean, variance, kurtosis and skewness to form our feature sets. The presented empirical works demonstrate our proposed method can effectively detect three different types of steganography. This proves the universality of our proposed method as a blind steganalysis. In addition, the experimental results show our proposed method is capable of detecting small amount of the embedded message.

Abstract: Service Level Agreements (SLA) are commonly used to define terms and conditions of service provisioning. WS-Agreement1 is an SLA specification that addresses the need of both producers and consumers of services to specify and negotiate terms and conditions of access to these services. This specification has gained wide acceptance in both the Grid computing and Web Services communities. WS-Agreement includes support for both negotiating and specifying penalties that arise from violation of these terms and conditions. It does not, however, include support for monitoring these agreements to determine if any such violations have occurred and, if so, determining which parties are responsible.This paper proposes a framework and design for secure and reliable monitoring of WS-Agreement specified SLAs. Modifications to WS-Agreement are necessary for effective monitoring. These modifications are outlined, along with an implementation of the framework in the AgentScape middle- ware system.

Abstract: One of the central areas in network intrusion detection is how to build effective systems that are able to distinguish normal from intrusive traffic. In this paper we explore the use of Genetic Programming (GP) for such a purpose. Although GP has already been studied for this task, the inner features of network intrusion detection have been systematically ignored. To avoid the blind use of GP shown in previous research, we guide the search by means of a fitness function based on recent advances on IDS evaluation. For the experimental work we use a well-known dataset (i.e. KDD-99) that has become a standard to compare research although its drawbacks. Results clearly show that an intelligent use of GP achieves systems that are comparable (and even better in realistic conditions) to top state-of-the-art proposals in terms of effectiveness, improving them in efficiency and simplicity.

Abstract: Application based intrusion detection involves analysis of network packet payload data. Recently statistical methods for analyzing the payload are being used. Since behavior of every application is not same a different model is necessary for each application. Studies have revealed that higher order n-grams are good for capturing the network profile. In this paper we introduce a concept of layered version of n-gram for payload based anomaly network intrusion detection. Each layer works as an independent anomaly detection system. A packet is declared as normal after passing through all the layers. A packet is declared as anomalous if at any layer it is declared as anomalous and we stop further processing the packet. We create a set of bins and equally distribute the distinct n-grams to each bin. Each such n-gram is a 2 tulle where the first element is byte values of the n-gram and second is the frequency of gram in the entire training data. We assign an anomaly score to each bin based on the frequency of the individual gram in the bin and is termed as coverage of the bin.We evaluate the proposed scheme on normal traffic of DARLA 99 dataset mixed with a set of attacks. Experimental results shows the efficacy of the method with a false alarm rate as low as 0.001\%.

Abstract: Over the past years an approved set of security requirements for electronic voting has been established. However, there is no consistent perception of the exact content and scope of these requirements. Therefore, the corner stone for a comprehensive taxonomy refining the security requirements for electronic voting was laid in [1]. In order to verify the validity of this taxonomy, we apply it to the voting schemes Helios 1.0 and 2.0. We provide amendments to the original taxonomy and demonstrate that it successfully distinguishes between different, but related voting schemes, thus supporting its relevance for the study of electronic voting systems.

Abstract: In large network environments multiple intrusion detection sensors are needed to adequately monitor network traffic. However, deploying and managing additional sensors on a large network can be a demanding task, and organizations have to balance their desire for detecting intrusions throughout their network with financial and staffing limitations. This paper investigates how intrusion detection system (IDS) sensors should best be placed on a network when there are several competing evaluation criteria. This is a computationally difficult problem and we show how Multi-Objective Genetic Algorithms provide an excellent means of searching for optimal placements.

Abstract: In this paper we study the information security investment model proposed by Gordon and Loeb. We argue that the original model is missing at least one important restriction concerning monotonicity of the remaining vulnerability viewed as a function of original vulnerability level, and propose adding the respective condition. We present a new family of remaining vulnerability functions satisfying all the conditions and generalizing all the currently known example function families.

Abstract: It is possible to reasonably measure the security quality of individual security patterns. However, more interesting is to ask: Can we show that a system built using security patterns is secure in some sense? We discuss here some issues about evaluating the security of a system built using security patterns. We consider the use of threats and misuse patterns to perform this evaluation.

Abstract: Ad-hoc networks establish communication in improvised environments without requiring any fixed infrastructure. These networks are inherently prone to security attacks, with node mobility being the primary cause in allowing security breaches. Therefore secure routing is a must for such networks. A number of secure routing protocols based on trust have recently been proposed. However, all these protocols use the traditional route discovery model, where a node drops RREQ packet if its own ID is in the source route of the packet, or if it has previously processed the packet. A misbehaving node takes advantage of this vulnerability and forwards the RREQ fast, so that the RREQ received from other nodes are dropped and the path discovered includes itself (the misbehaving node). In this paper, we present a unique trust based method which is not vulnerable to this behavior. In our method, each node broadcasts a RREQ packet if it is received from different neighbors. A secure and efficient route to the destination is calculated as a weighted average of the trust value of the nodes in the route, with respect to its behavior observed by its neighboring nodes and the number of nodes in the route. We evaluate the misbehaving node detection rate and the efficiency of our method along a number of parameters. Results show that our method increases the throughput of the network while discovering a secure route.

Abstract: virology has seen the apparition of successive viral models, all based on Turing-equivalent formalisms. Considering recent malware, these are only partially covered because functional formalisms do not support interactive computations. This article provides a basis for a unified malware model, founded on the Join-Calculus. In terms of expressiveness, the process-based model supports the fundamental notion of self-replication but also interactions, concurrency and non-termination to cover evolved malware. In terms of protection, detection undecidability and prevention by isolation still hold. Additional results are established: calculus fragments where detection is decidable, definition of a non-infection property, potential solutions to restrict propagation.

Abstract: In this paper, we propose a new steganalytic method to detect the message hidden in a black and white image using the steganographic technique developed by Liang, Wang and Zhang. Our detection method estimates the length of hidden message embedded in a binary image. Although the hidden message embedded is visually imperceptible, it changes some image statistic (such as inter-pixels correlation). Based on this observation, we first derive the 512 patterns histogram from the boundary pixels as the distinguishing statistic, then we compute the histogram difference to determine the changes of the 512 patterns histogram induced by the embedding operation. Finally we propose histogram quotient to estimate the length of the embedded message. Experimental results confirm that the proposed method can effectively and reliably detect the length of the embedded message.

Abstract: Understanding and discussing the security aspects of IT systems during their development is challenging for both domain specialists and IT experts - neglecting this aspect leads to communication problems and, eventually, to less secure systems. An important factor for these challenges is the distribution and variety of basic IT security concepts, attacks, and countermeasures, e.g., in the standard literature. In this paper, we propose a generic metamodel for IT security capturing both its major concepts and their relationships to each other. With a focus on attacks, we show how this model is applied to different scenarios in distributed systems, i.e., Peer-to-Peer systems, Service-oriented Architectures, and Mobile ad hoc Networks. This allows for a better understanding of IT security in general and attacks in particular, thus, enabling effective communication between different parties during the development of security-critical IT systems.