Medium 9781601323279

Security and Management

Views: 2562
Ratings: (0)

The SAM 2014 conference is being held jointly (same location and dates) with a number of other research conferences (WORLDCOMP). SAM'14 is one of the conferences organized within the 2014 World Congress in Computer Science, Computer Engineering, and Applied Computing (WORLDCOMP'14). WORLDCOMP 2014 will be composed of research presentations, keynote lectures, invited presentations, tutorials, panel discussions, and poster presentations.

List price: $79.95

Your Price: $63.96

You Save: 20%

Remix
Remove
 

85 Slices

Format Buy Remix

Session - Security Education

PDF

 

Cybersecurity Awareness in Organizations: a case study of University of Venda

PDF

Int'l Conf. Security and Management | SAM'14 |

3

Cybersecurity Awareness in Organizations: a case study of University of Venda

Isong Bassey1 , Murendeni Randiman 2 , Kudakwashe Madzima3

Department of Computer Science & Inform. Systems, University of Venda

Thohoyandou, South Africa

{1 bassey.isong,3 kudakwashe.madzima}@univen.ac.za

2 mrandima2010@gmail.com

Abstract— The swift growth of global interconnectivity, especially the Internet has been valuable and has created positive impacts in today’s e-world. This has been witnessed in all spheres of lives. In particular, organizations today are using Internet alongside computers, software, social networks, phones and emails to share data and access information to which University of Venda (UNIVEN) is not an exception. The Internet today provides a common platform through which anyone can virtually take part in globalization. While these innumerable benefits are essential, this well-known interconnectivity poses a myriad of significant security risks and challenges. This has made cybersecurity one of the most critical concerns of the information age in several organizations today. Though, organizations have invested much in security measures to protect their information, employee and computers, the situation is seen skyrocketing worldwide, instead of declining. This shows that being secure is not only a function of advanced security technologies or tools but rather people’s knowledge about security within an organization.

 

The UWF Cyber Battle Lab: A Hands-On Computer Lab for Teaching and Research in Cyber Security

PDF

Int'l Conf. Security and Management | SAM'14 |

11

The UWF Cyber Battle Lab: A Hands-On Computer Lab for Teaching and Research in Cyber Security

Chris Terry, Angelo Castellano, Jonathan Harrod, John Luke, and Thomas Reichherzer

Department of Computer Science, University of West Florida, Pensacola, FL, USA

Abstract - With a dramatic increase in cyber threats over the last decade, government and industry alike have recognized the pressing need to combat the ever growing cyber attacks on networks and systems. Educational institutions play an important role in researching technology that improve resiliency of systems as well as growing a workforce that understands cyber security challenges and can study and combat cyber attacks. The Computer Science Department at the University of West Florida (UWF) has built a Cyber Battle

Laboratory to support undergraduate and graduate education, faculty research and public/private partnerships.

Faculty and students can freely experiment with methods of attacks, detection and prevention in a controlled and isolated environment without affecting the campus network or the

 

Bite-sized Learning of Technical Aspects of Privacy

PDF

Int'l Conf. Security and Management | SAM'14 |

17

Bite-sized Learning of Technical Aspects of Privacy

S. Peltsverger and G. Zheng

Information Technology Department, School of Computing and Software Engineering,

Southern Polytechnic State University, Marietta, GA 30060 USA

Abstract -- Research has shown that bite-sized learning cater better to students with short attention spans and help instructors and students to stay focused on the course objectives. To address the difficulty of teaching technical implementation of privacy, the authors designed an assessment for one of the privacy learning modules. The assessment contains the analysis of the subject and implementation of the results using Google’s tool Oppia. The paper reports the experiences of using the tool by both students and instructors and how the use of Oppia increased student understanding of the topic and their ability to think critically and creatively.

1. Introduction

Many of the current courses address privacy as a legal and a policy issue and do not cover technical details, as technical implementation of privacy is more difficult to teach and learn without supporting environments. The authors had identified this deficiency and proposed a coherent and consistent curriculum framework on teaching privacy and used this framework as a guide to design and develop privacy learning modules with technical details. The purpose of these technical learning modules is to demonstrate what happens

 

Privacy Incongruity: An analysis of a survey of mobile end-users

PDF

�����

�������� 7 �

����� �� &������

�� �!�� 89:

����� ���(

$ ������ ��

� ������ ��� ������� ��

����� �������� � �

���

;: !��� ��(�� � ����!�� +<-# 4

���� ��� 4

���� �

���

� �!��

�� �� ����� �

������ ����

� �!��� ����!��� �

������� �!��

�!� �����

����� �!�� ���� �

�( ��� � ����

� +=-# ����!��� ����

���

�� � �

�� �������� �

���

� �� ����� �

����

��! ���!

�!���

����� ��� ���� ��� ������� �

������ ��� > ����

��#

� ���������� ������� �� ������

� ���$ �

���� �

�� ���$ �� �

�������$ ����������

� ��� �

� ���� �

����

� ���

� �������

��� �� +8-# 4����� �������! !�� �!

�� !

� ������� �� ����

� ���

�� ����������� ����$����� �� � �

���

� �� �

� ��� �� �!�

����$��� ��� ����� +?-� +;-� �� ���� �� ��

����

� �!� $��� ���

����� +,9-# 3������ �� � �

��� ��� �� ���� �

��

� �!� � ������ �

����$����

�� ����

��� �!��(��$ ���

�!� $������ �� ����

� ���� � �� ������� �

�!� ����

��! �� +,,-# � ������ ������� ��

������ ��������

���� ���������

� �

����� ��$�������$

���������� � ���(

� �������

�� ������$ ���! ������� �������

 

Session - Special Track on Wireless Networks Security + Modeling of Information Security

PDF

 

Security Considerations in WSN-Based SmartGrids

PDF

Int'l Conf. Security and Management | SAM'14 |

29

Security Considerations in WSN-Based Smart

Grids

1

2

Hanen Idoudi , Mustafa Saed

1

National School of Computer Science, University of Manouba, Tunisia

1

hanen.idoudi@ensi.rnu.tn

2

Electrical and Computer Engineering, University of Detroit Mercy, USA

2 saedma@udmercy.edu

Abstract—Wireless Sensor Networks (WSNs), which are composed of battery powered devices, are attracting a tremendous attention owing to their wide range of applications. Recently, their use in the smart grid to respond to several communication needs was stressed. A Smart Grid is an innovative paradigm to enhance the power grid system with communication capabilities in order to perform several tasks of monitoring and surveillance. Despite their advantages, there are several challenges facing WSN applications in the Smart Grid. Security is one of the most critical challenges. In this paper, the application of WSNs in smart grid is reviewed, and the security issues accompanying their use are discussed.

 

Security of Online Social Networks

PDF

Int'l Conf. Security and Management | SAM'14 |

35

Security of Online Social Networks

Rihab Ben Aicha1 and Hanen Idoudi2

National School of Computer Science, University of Manouba, Tunisia

1

ben.aicha.rihab@gmail.com, 2hanen.idoudi@ensi.rnu.tn

Abstract—Online Social Networks are among the most used

Internet services. Nonetheless, their increasing popularity is facing a tremendous increase in security breaches that threaten these applications. Being a huge data warehouse for personal and very private information, ensuring privacy is the most important challenge for OSN.

In this paper, we present some security aspects and some privacy issues for Online Social Networks. We review some important vulnerabilities and threats. Then, we show security analysis results of some popular OSN.

Keywords—OSN; web application security; privacy; Web

Vulnerability scanners.

I.

INTRODUCTION

Over the last few years, a surprising number of web applications that are vulnerable to hackers was increasing permanently and proportionally to the number of the Internet users. This could be a result of minimal attention given to security risks while developing and deploying web applications. Online Social Networks (OSN) in particular were one of the hackers’ favourite targets. In fact, OSNs were dedicated to help people stay in touch by reconnecting with friends from way-back-when, establish new relationships with others and exchange knowledge with them as well as share posts publicly [1]. To join an OSN you will have to create an account and provide a massive amount of personal information that will be stored in their servers and never be removed which could threaten your private life.

 

Security Concepts and Issues in Intra-Inter Vehicle Communication Network

PDF

Int'l Conf. Security and Management | SAM'14 |

41

Security Concepts and Issues in Intra-Inter Vehicle Communication Network

Mustafa Saed, Scott Bone, John Robb

Hyundai-Kia America Technical Center, Inc.

Automotive Company

Superior Township, MI 48198, USA

{msaed, sbone, jrobb}@hatci.com

Abstract—It is demanding to provide secure communication among vehicles in Vehicle to Vehicle (V2V) and Vehicle to

Infrastructure networks (V2I). Vehicles need to authenticate each other and verify the integrity of the shared safety information which is critical. Adversaries can masquerade as real subscribers in V2V/V2I networks and broadcast bogus messages before to destroy the system with such as sending inaccurate safety information to other vehicles. The intent of this paper is to survey the attempts that have been made to tackle vehicle security, and present the security approaches necessary to enforce tough security measures that fully protect the vehicle security architecture.

Keywords—V2V, V2I, CAN Bus, Security Network, Security

 

Negotiation of sensitive resources using different strategies for policy’s protection

PDF

48

Int'l Conf. Security and Management | SAM'14 |

Negotiation of sensitive resources using different strategies for policy’s protection

Diala Abi Haidar

MIS Department, Dar Al Hekma University, Jeddah, Saudi Arabia

Abstract— In recent security architectures, it is possible that the security policy is not evaluated in a centralized way but requires negotiation between the subject who is requesting the access and an access controller. This negotiation is generally based on exchanging credentials between the negotiating parties so that the access controller can decide to accept or deny the access. Such a negotiation presumes that policies or part of policies are exchanged between negotiating entities. In some situations, not only the requested resource but also its corresponding access control policy may be sensitive. This requires that such security policies cannot be revealed before some obfuscation is applied on them. In this paper, we present our approach for the negotiation of sensitive resources, mainly policies, by using different strategies including the obfuscation and revealing strategies. As such, a sensitive security policy is divulgated following a specific revealing strategy and after an obfuscation is done. Such approach ensures that no sensitive information is exchanged before its corresponding requirements are fulfilled.

 

MPEG-21 Based Approach to Secure Digital Contents Using DC Metadata

PDF

56

Int'l Conf. Security and Management | SAM'14 |

MPEG-21 Based Approach to Secure Digital Contents

Using DC Metadata

Samiha Ayed1 , Muhammad Sabir Idrees1 , Nora Cuppens-Boulahia1 and Frédéric Cuppens1

1

Telecom Bretagne, Rennes, France

Abstract— With the proliferation of the use of digital resources, many metadata were created in order to describe as detailed as possible these assets within their different contexts. The Dublin Core set of elements can be considered as the most widely used metadata standard of digital resources. This standard is expressive enough to deal with resource characteristics. However, it is less expressive to manage and take into account security access control to these resources. In this paper, the contribution is twofold. First, we show that the Dublin Core standard can be extended to provide a mapping process to other existing metadata specification languages in order to have a generic representation of electronic resources. Second, we suggest managing access control to these resources based on the MPEG-21 norm. For this purpose, we show how the Dublin Core elements can be used to provide inputs.

 

Session - Information Assurance

PDF

 

Simple Method to Quantify Audit Findings

PDF

Int'l Conf. Security and Management | SAM'14 |

65

Simple Method to Quantify Audit Findings

Gary Lieberman

Caldwell University

Division of Business

Caldwell, NJ, U.S.A. glieberman@caldwell.edu

Abstract – Deciding which security assessment findings are important enough to require immediate attention and which are not is challenging at best. In most cases the security assessment results are weighted and prioritized using impact values retrieved from a national database of vulnerabilities, developed by the federal government with little or no consideration given to the business use of the system being assessed or its risk impact on the business itself. The evaluation of the assessment data and the associated remediation decisions are often left to an IT staff that generally has little or no business acumen. This paper presents a method that analyzes and quantifies both the needs and the degree of sustainable business risk against a vulnerability impact scale. A method that allows for the quantitative determination of which elements in a large set of discovered vulnerabilities across numerous systems are important in the context of the company’s business risk tolerance and which aren’t. This method is designed to allow the handling of large data sets with accuracy and ease.

 

Small to Medium Enterprise Cyber Security Awareness: an initial survey of Western Australian Business

PDF

Int'l Conf. Security and Management | SAM'14 |

71

Small to Medium Enterprise Cyber Security Awareness: an initial survey of Western Australian Business

Craig Valli, Ian Martinus and Mike Johnstone c.valli@ecu.edu.au, i.martinus@ecu.edu.au, m.johnstone@ecu.edu.au

Security Research Institute

Edith Cowan University

Perth, Western Australia, Australia

Abstract

Small to Medium Enterprises (SMEs) represent a large proportion of a nation’s business activity. There are studies and reports reporting the threat to business from cyber security issues resulting in computer hacking that achieve system penetration and information compromise. Very few are focussed on

SMEs. Even fewer are focussed on directly surveying the actual SMEs themselves and attempts to improve

SME outcomes with respect to cyber security.

Due to their need to compete and survive, SMEs are now some of the biggest adopters and users of the

Internet and its associated technologies. These technologies include, but are not limited to, social media such as Facebook and Twitter, mobile phones and tablets connected to 3G/4G networks, email, cloud-based applications-often accessing these services on high speed DSL, Cable or Ethernet connections to the Internet [4, 5].

 

Detecting the Vulnerability of Multi-Party Authorization Protocols to Name Matching Attacks

PDF

76

Int'l Conf. Security and Management | SAM'14 |

Detecting the Vulnerability of Multi-Party

Authorization Protocols to Name Matching Attacks

Wenjie Lin (Contact Author)∗ , Guoxing Chen∗ , Ten H. Lai∗ , David Lee†

∗ Ohio

State University, 2015 Neil Ave, Columbus, OH

Labs, 1501 Page Mill Road, Palo Alto, CA

{linw, chenguo, lai}@cse.ohio-state.edu {david.lee10}@hp.com

† HP

Abstract—Software as a Service (SaaS) clouds cooperate to provide services, which often provoke multi-party authorization.

The multi-party authorization suffers the so-called name matching attacks where involved parties misinterpret the other parties in the authorization, thus leading to undesired or even fatal consequences (e.g., an adversary can shop for free or can log into a victim’s Facebook account).

In this paper, we propose a scheme to detect the vulnerability of multi-party authorization protocols that are susceptible to name matching attacks. We implement the detecting scheme and apply it to real world multi-party authorization protocols including Alipay PeerPay, Amazon FPS Marketplace, and PayPal

 

A Dynamic Approach to Risk Calculation for the RAdAC Model

PDF

Int'l Conf. Security and Management | SAM'14 |

83

A Dynamic Approach to Risk Calculation for the

RAdAC Model

Roberto Marinho, Carla Merkle Westphall and Gustavo Roecker Schmitt

Informatics and Statistics Department

Federal University of Santa Catarina

Florianopolis, Brazil

{marinho, carlamw}@inf.ufsc.br

Abstract— This paper aims to provide a model for dynamic risk assessment for the RAdAC model supported by the use of ontologies to perform the calculation of risk. From the mapping of the different variables involved in the calculation of risk into axioms of an ontology, it is possible to dynamically infer the risk of access to specific data based on the available risk factors and their weights.

Keywords—RAdAC; Access

Evaluation; Cloud Computing.

I.

Control;

Ontology;

Risk

INTRODUCTION

Normally, traditional access control models are static, i.e., their rules do not change over user access. Thus, traditional models do not have enough flexibility to support existing dynamic environments in pervasive and ubiquitous computation, computational grids and cloud computing [1], [2].

 

Session - Network Security + Security Management

PDF

 

Malicious Device Inspection in the HAN Smart Grid

PDF

Int'l Conf. Security and Management | SAM'14 |

91

Malicious Device Inspection in the HAN Smart Grid

1

Eric McCary1, Yang Xiao1

Department of Computer Science, The University of Alabama, Tuscaloosa, AL, US

Abstract - Smart grid is an emerging power infrastructure and software solution that integrates the newest communication and information technology. The supporting infrastructure and networks extend and connect through every avenue of the grid. This includes networks resident in the consumer homes. In this paper, we explore extending the accountability established in the home area network (HAN).

We propose several algorithms, which allow for grouping and inspection of the devices in a HAN in order to efficiently discover and pinpoint malicious devices in the HAN. With this, a higher level of fine-grained accountability can be achieved in the smart grid HAN.

Keywords: malicious, accountability, inspection, witness, estimation, smart grid

1

Introduction

The status of the smart grid has progressed from an infrastructure where in depth research in security was scarce, to the end of its infancy, where there has been a notable amount of requirements which make the grid much more secure. Much attention has gone toward smart grid [1-3] and methods which secure the grid from obvious threats [4-6, 26].

 

Load more


Details

Print Book
E-Books
Slices

Format name
PDF
Encrypted
No
Sku
B000000032199
Isbn
9781601323279
File size
15.4 MB
Printing
Allowed
Copying
Allowed
Read aloud
Allowed
Format name
PDF
Encrypted
No
Printing
Allowed
Copying
Allowed
Read aloud
Allowed
Sku
In metadata
Isbn
In metadata
File size
In metadata