Critical Information Infrastructures Security

1. Front Matter

   PDF

2. Session 1: R&D Agenda

   1. Towards a European Research Agenda for CIIP: Results from the CI2RCO Project

      • Uwe Bendisch, Sandro Bologna, Gwendal Le Grand, Eric Luiijf

      Pages 1-12

   2. ICT Vulnerabilities of the Power Grid: Towards a Road Map for Future Research

      • Alberto Stefanini, Gerard Doorman, Nouredine Hadjsaid

      Pages 13-24

3. Session 2: Communication Risk and Assurance I

   1. An Analysis of Cyclical Interdependencies in Critical Infrastructures

      • Nils Kalstad Svendsen, Stephen D. Wolthusen

      Pages 25-36

   2. A Framework for 3D Geospatial Buffering of Events of Interest in Critical Infrastructures

      • Nils Kalstad Svendsen, Stephen D. Wolthusen

      Pages 37-48

   3. Designing Information System Risk Management Framework Based on the Past Major Failures in the Japanese Financial Industry

      • Kenji Watanabe, Takashi Moriyasu

      Pages 49-57

   4. Advanced Reaction Using Risk Assessment in Intrusion Detection Systems

      • Wael Kanoun, Nora Cuppens-Boulahia, Frédéric Cuppens, Fabien Autrel

      Pages 58-70

4. Session 3: Communication Risk and Assurance II

   1. Managing Critical Infrastructures through Virtual Network Communities

      • Fabrizio Baiardi, Gaspare Sala, Daniele Sgandurra

      Pages 71-82

   2. The Structure of the Sense of Security, Anshin

      • Yuko Murayama, Natsuko Hikage, Yasuhiro Fujihara, Carl Hauser

      Pages 83-93

   3. Securing Agents against Malicious Host in an Intrusion Detection System

      • Rafael Páez, Joan Tomàs-Buliart, Jordi Forné, Miguel Soriano

      Pages 94-105

5. Session 4: Code of Practice and Metrics

   1. UML Diagrams Supporting Domain Specification Inside the CRUTIAL Project

      • Davide Cerotti, Daniele Codetta-Raiteri, Susanna Donatelli, Claudio Brasca, Giovanna Dondossola, Fabrizio Garrone

      Pages 106-123

   2. Expert System CRIPS: Support of Situation Assessment and Decision Making

      • Hermann Dellwing, Walter Schmitz

      Pages 124-134

   3. Using Dependent CORAS Diagrams to Analyse Mutual Dependency

      • Gyrd Brændeland, Heidi E. I. Dahl, Iselin Engan, Ketil Stølen

      Pages 135-148

   4. A Methodology to Estimate Input-Output Inoperability Model Parameters

      • Roberto Setola, Stefano De Porcellinis

      Pages 149-160

6. Session 5: Information Sharing and Exchange

   1. Efficient Access Control for Secure XML Query Processing in Data Streams

      • Dong Chan An, Seog Park

      Pages 161-172

   2. An Approach to Trust Management Challenges for Critical Infrastructures

      • Ioanna Dionysiou, Deborah Frincke, David Bakken, Carl Hauser

      Pages 173-184

7. Session 6: Continuity of Services and Resiliency

   1. Detecting DNS Amplification Attacks

      • Georgios Kambourakis, Tassos Moschos, Dimitris Geneiatakis, Stefanos Gritzalis

      Pages 185-196

   2. LoRDAS: A Low-Rate DoS Attack against Application Servers

      • Gabriel Maciá-Fernández, Jesús E. Díaz-Verdejo, Pedro García-Teodoro, Francisco de Toro-Negro

      Pages 197-209

   3. Intra Autonomous System Overlay Dedicated to Communication Resilience

      • Simon Delamare, Gwendal Le Grand

      Pages 210-222

   4. A Proposal for the Definition of Operational Plans to Provide Dependability and Security

      • Daniel J. Martínez-Manzano, Manuel Gil-Pérez, Gabriel López-Millán, Antonio F. Gómez-Skarmeta

      Pages 223-234

This volume contains the post-proceedings of the Second International Workshop on Critical Information Infrastructure Security (CRITIS 2007), that was held during October 3–5, 2007 in Benalmadena-Costa (Malaga), Spain, and was hosted by the University of Malaga, Computer Science Department. In response to the 2007 call for papers, 75 papers were submitted. Each paper was reviewed by three members of the Program Committee, on the basis of significance, novelty, technical quality and critical infrastructures relevance of the work reported therein. At the end of the reviewing process, only 29 papers were selected for pres- tation. Revisions were not checked and the authors bear full responsibility for the content of their papers. CRITIS 2007 was very fortunate to have four exceptional invited speakers: Adrian Gheorghe (Old Dominion University, USA), Paulo Veríssimo (Universidade de L- boa, Portugal), Donald Dudenhoeffer (Idaho National Labs, USA), and Jacques Bus (European Commission, INFSO Unit "Security"). The four provided a high added value to the quality of the conference with very significant talks on different and int- esting aspects of Critical Information Infrastructures. In 2007, CRITIS demonstrated its outstanding quality in this research area by - cluding ITCIP, which definitively reinforced the workshop. Additionally, the solid involvement of the IEEE community on CIP was a key factor for the success of the event. Moreover, CRITIS received sponsorship from Telecom Italia, JRC of the European Commission, IRRIIS, IFIP, and IABG, to whom we are greatly indebted.

• access control
• ad hoc networks
• attack modeling
• critical information systems
• critical infrastrucures
• data security
• denial of service
• dependability
• emergency management
• fingerprinting
• grid security
• identity theft
• impact analysis
• information technology
• security
• algorithm analysis and problem complexity

• Department of Computer Science, University of Malaga, Málaga, Spain

  Javier Lopez

• Hochschule Technik und Architektur Luzern (HTA), Luzern, Switzerland

  Bernhard M. Hämmerli

Policies and ethics