Security and Privacy - Silver Linings in the Cloud

1. Front Matter

   PDF

2. Kristian Beckman Award Awardee Keynote

   1. The 5 Waves of Information Security – From Kristian Beckman to the Present

      • S. H. (Basie) von Solms

      Pages 1-8

3. Security Management

   1. A Business Continuity Management Simulator

      • William J. Caelli, Lam-For Kwok, Dennis Longley

      Pages 9-18

   2. Mining Business-Relevant RBAC States through Decomposition

      • Alessandro Colantonio, Roberto Di Pietro, Alberto Ocello, Nino Vincenzo Verde

      Pages 19-30

   3. Group Dynamics in a Security Risk Management Team Context: A Teaching Case Study

      • Rostyslav Barabanov, Stewart Kowalski

      Pages 31-42

4. Security Management & Governance

   1. Using Actor Network Theory to Understand Information Security Management

      • Karin Hedström, Gurpreet Dhillon, Fredrik Karlsson

      Pages 43-54

   2. Information Security Governance: When Compliance Becomes More Important than Security

      • Terence C. C. Tan, Anthonie B. Ruighaver, Atif Ahmad

      Pages 55-67

5. Network Security & Authentication

   1. Understanding Domain Registration Abuses

      • Scott E. Coull, Andrew M. White, Ting-Fang Yen, Fabian Monrose, Michael K. Reiter

      Pages 68-79

   2. Who on Earth Is “Mr. Cypher”: Automated Friend Injection Attacks on Social Networking Sites

      • Markus Huber, Martin Mulazzani, Edgar Weippl

      Pages 80-89

   3. Authentic Refinement of Semantically Enhanced Policies in Pervasive Systems

      • Julian Schütte, Nicolai Kuntze, Andreas Fuchs, Atta Badii

      Pages 90-102

   4. Qualified Mobile Server Signature

      • Clemens Orthacker, Martin Centner, Christian Kittl

      Pages 103-111

6. Intrusion Detection, Trust Management, and Models

   1. Fraud Detection in ERP Systems Using Scenario Matching

      • Asadul Khandoker Islam, Malcom Corney, George Mohay, Andrew Clark, Shane Bracher, Tobias Raub et al.

      Pages 112-123

   2. Use of IP Addresses for High Rate Flooding Attack Detection

      • Ejaz Ahmed, George Mohay, Alan Tickle, Sajal Bhatia

      Pages 124-135

   3. Augmenting Reputation-Based Trust Metrics with Rumor-Like Dissemination of Reputation Information

      • Sascha Hauke, Martin Pyka, Markus Borschbach, Dominik Heider

      Pages 136-147

   4. Ex-SDF: An Extended Service Dependency Framework for Intrusion Impact Assessment

      • Nizar Kheir, Nora Cuppens-Boulahia, Frédéric Cuppens, Hervé Debar

      Pages 148-160

7. Software Security and Assurance

   1. A Dynamic and Ubiquitous Smart Card Security Assurance and Validation Mechanism

      • Raja Naeem Akram, Konstantinos Markantonakis, Keith Mayes

      Pages 161-172

   2. On-the-fly Inlining of Dynamic Security Monitors

      • Jonas Magazinius, Alejandro Russo, Andrei Sabelfeld

      Pages 173-186

   3. A Metric-Based Scheme for Evaluating Tamper Resistant Software Systems

      • Gideon Myles, Hongxia Jin

      Pages 187-202

   4. Evaluation of the Offensive Approach in Information Security Education

      • Martin Mink, Rainer Greifeneder

      Pages 203-214

8. Panel

   1. Research Methodologies in Information Security Research: The Road Ahead

      • Johan F. van Niekerk, Rossouw von Solms

      Pages 215-216

These proceedings contain the papers of IFIP/SEC 2010. It was a special honour and privilege to chair the Program Committee and prepare the proceedings for this conf- ence, which is the 25th in a series of well-established international conferences on security and privacy organized annually by Technical Committee 11 (TC-11) of IFIP. Moreover, in 2010 it is part of the IFIP World Computer Congress 2010 celebrating both the Golden Jubilee of IFIP (founded in 1960) and the Silver Jubilee of the SEC conference in the exciting city of Brisbane, Australia, during September 20–23. The call for papers went out with the challenging motto of “Security & Privacy  Silver Linings in the Cloud” building a bridge between the long standing issues of security and privacy and the most recent developments in information and commu- cation technology. It attracted 102 submissions. All of them were evaluated on the basis of their significance, novelty, and technical quality by at least five member of the Program Committee. The Program Committee meeting was held electronically over a period of a week. Of the papers submitted, 25 were selected for presentation at the conference; the acceptance rate was therefore as low as 24. 5% making SEC 2010 a highly competitive forum. One of those 25 submissions could unfortunately not be included in the proceedings, as none of its authors registered in time to present the paper at the conference.

• access control
• authentication
• cloud computing
• data security
• intrusion detection
• network security
• network secutiry
• privacy
• security
• security governance
• security management
• software security
• trust management
• algorithm analysis and problem complexity

• T-Mobile Chair of Mobile Business and Multilateral Security, Johann Wolfgang Goethe University Frankfurt, Frankfurt, Germany

  Kai Rannenberg, Christian Weber

• Department of Computing, Macquarie University, Faculty of Science, Sydney, Australia

  Vijay Varadharajan

Policies and ethics