Computer Security - ESORICS 2008

1. Front Matter

   PDF

2. Session 1: Intrusion Detection and Network Vulnerability Analysis

   1. Multiprimary Support for the Availability of Cluster-Based Stateful Firewalls Using FT-FW

      • P. Neira, R. M. Gasca, L. Lefèvre

      Pages 1-17

   2. Identifying Critical Attack Assets in Dependency Attack Graphs

      • Reginald E. Sawilla, Xinming Ou

      Pages 18-34

   3. Online Risk Assessment of Intrusion Scenarios Using D-S Evidence Theory

      • C. P. Mu, X. J. Li, H. K. Huang, S. F. Tian

      Pages 35-48

3. Session 2: Network Security

   1. Strongly-Resilient and Non-interactive Hierarchical Key-Agreement in MANETs

      • Rosario Gennaro, Shai Halevi, Hugo Krawczyk, Tal Rabin, Steffen Reidt, Stephen D. Wolthusen

      Pages 49-65

   2. Efficient Handling of Adversary Attacks in Aggregation Applications

      • Gelareh Taban, Virgil D. Gligor

      Pages 66-81

   3. Symmetric Key Approaches to Securing BGP – A Little Bit Trust Is Enough

      • Bezawada Bruhadeshwar, Sandeep S. Kulkarni, Alex X. Liu

      Pages 82-96

4. Session 3: Smart Cards and Identity Management

   1. Dismantling MIFARE Classic

      • Flavio D. Garcia, Gerhard de Koning Gans, Ruben Muijrers, Peter van Rossum, Roel Verdult, Ronny Wichers Schreur et al.

      Pages 97-114

   2. A Browser-Based Kerberos Authentication Scheme

      • Sebastian Gajek, Tibor Jager, Mark Manulis, Jörg Schwenk

      Pages 115-129

   3. CROO: A Universal Infrastructure and Protocol to Detect Identity Fraud

      • D. Nali, P. C. van Oorschot

      Pages 130-145

5. Session 4: Data and Applications Security

   1. Disclosure Analysis and Control in Statistical Databases

      • Yingjiu Li, Haibing Lu

      Pages 146-160

   2. TRACE: Zero-Down-Time Database Damage Tracking, Quarantine, and Cleansing with Negligible Run-Time Overhead

      • Kun Bai, Meng Yu, Peng Liu

      Pages 161-176

   3. Access Control Friendly Query Verification for Outsourced Data Publishing

      • Hong Chen, Xiaonan Ma, Windsor Hsu, Ninghui Li, Qihua Wang

      Pages 177-191

6. Session 5: Privacy Enhancing Technologies

   1. Sharemind: A Framework for Fast Privacy-Preserving Computations

      • Dan Bogdanov, Sven Laur, Jan Willemson

      Pages 192-206

   2. Modeling Privacy Insurance Contracts and Their Utilization in Risk Management for ICT Firms

      • Athanassios N. Yannacopoulos, Costas Lambrinoudakis, Stefanos Gritzalis, Stylianos Z. Xanthopoulos, Sokratis N. Katsikas

      Pages 207-222

   3. Remote Integrity Check with Dishonest Storage Server

      • Ee-Chien Chang, Jia Xu

      Pages 223-237

7. Session 6: Anonymity and RFID Privacy

   1. A Low-Variance Random-Walk Procedure to Provide Anonymity in Overlay Networks

      • J. P. Muñoz-Gea, J. Malgosa-Sanahuja, P. Manzanares-Lopez, J. C. Sanchez-Aarnoutse, J. Garcia-Haro

      Pages 238-250

   2. RFID Privacy Models Revisited

      • Ching Yu Ng, Willy Susilo, Yi Mu, Rei Safavi-Naini

      Pages 251-266

   3. A New Formal Proof Model for RFID Location Privacy

      • JungHoon Ha, SangJae Moon, Jianying Zhou, JaeCheol Ha

      Pages 267-281

8. Session 7: Access Control and Trust Negotiation

   1. Distributed Authorization by Multiparty Trust Negotiation

      • Charles C. Zhang, Marianne Winslett

      Pages 282-299

These proceedings contain the papers selected for presentation at the 13th European Symposium on Research in Computer Security––ESORICS 2008––held October 6–8, 2008 in Torremolinos (Malaga), Spain, and hosted by the University of Malaga, C- puter Science Department. ESORICS has become the European research event in computer security. The symposium started in 1990 and has been organized on alternate years in different European countries. From 2002 it has taken place yearly. It attracts an international audience from both the academic and industrial communities. In response to the call for papers, 168 papers were submitted to the symposium. These papers were evaluated on the basis of their significance, novelty, and technical quality. Each paper was reviewed by at least three members of the Program Comm- tee. The Program Committee meeting was held electronically, holding intensive d- cussion over a period of two weeks. Finally, 37 papers were selected for presentation at the symposium, giving an acceptance rate of 22%.

• anonymity
• authorization
• cluster
• critical attack
• firewall
• identity
• identity management
• integrity check
• kerberos
• peer-to-peer
• privacy
• protocol analyzer
• risk management
• security
• trust

• Center for Secure Information Systems, George Mason University, Fairfax, USA

  Sushil Jajodia

• Department of Computer Science, University of Malaga, Málaga, Spain

  Javier Lopez

Policies and ethics