Emerging Challenges for Security, Privacy and Trust

1. Front Matter

   PDF

2. Identification and Authentication I

   1. Flexible and Transparent User Authentication for Mobile Devices

      • Nathan Clarke, Sevasti Karatzouni, Steven Furnell

      Pages 1-12

   2. Combining Authentication, Reputation and Classification to Make Phishing Unprofitable

      • Amir Herzberg

      Pages 13-24

   3. Audio CAPTCHA for SIP-Based VoIP

      • Yannis Soupionis, George Tountas, Dimitris Gritzalis

      Pages 25-38

3. Threats and Attacks

   1. Roving Bugnet: Distributed Surveillance Threat and Mitigation

      • Ryan Farley, Xinyuan Wang

      Pages 39-50

   2. On Robust Covert Channels Inside DNS

      • Lucas Nussbaum, Pierre Neyron, Olivier Richard

      Pages 51-62

   3. Discovering Application-Level Insider Attacks Using Symbolic Execution

      • Karthik Pattabiraman, Nithin Nakka, Zbigniew Kalbarczyk, Ravishankar Iyer

      Pages 63-75

4. Identification and Authentication II

   1. Custom JPEG Quantization for Improved Iris Recognition Accuracy

      • Gerald Stefan Kostmajer, Herbert Stögner, Andreas Uhl

      Pages 76-86

   2. On the IPP Properties of Reed-Solomon Codes

      • Marcel Fernandez, Josep Cotrina, Miguel Soriano, Neus Domingo

      Pages 87-97

   3. A Generic Authentication LoA Derivation Model

      • Li Yao, Ning Zhang

      Pages 98-108

5. Applications of Cryptography and Information Hiding

   1. Media-Break Resistant eSignatures in eGovernment: An Austrian Experience

      • Herbert Leitold, Reinhard Posch, Thomas Rössler

      Pages 109-118

   2. How to Bootstrap Security for Ad-Hoc Network: Revisited

      • Wook Shin, Carl A. Gunter, Shinsaku Kiyomoto, Kazuhide Fukushima, Toshiaki Tanaka

      Pages 119-131

   3. Steganalysis of Hydan

      • Jorge Blasco, Julio C. Hernandez-Castro, Juan M. E. Tapiador, Arturo Ribagorda, Miguel A. Orellana-Quiros

      Pages 132-142

6. Trusted Computing

   1. On the Impossibility of Detecting Virtual Machine Monitors

      • Shay Gueron, Jean-Pierre Seifert

      Pages 143-151

   2. Implementation of a Trusted Ticket System

      • Andreas Leicher, Nicolai Kuntze, Andreas U. Schmidt

      Pages 152-163

7. Security Policies

   1. A Policy Based Approach for the Management of Web Browser Resources to Prevent Anonymity Attacks in Tor

      • Guillermo Navarro-Arribas, Joaquin Garcia-Alfaro

      Pages 164-175

   2. A Policy Language for Modelling Recommendations

      • Anas Abou El Kalam, Philippe Balbiani

      Pages 176-189

8. Validation, Verification, Evaluation

   1. On the Security Validation of Integrated Security Solutions

      • Andreas Fuchs, Sigrid Gürgens, Carsten Rudolph

      Pages 190-201

   2. Verification of Security Policy Enforcement in Enterprise Systems

      • Puneet Gupta, Scott D. Stoller

      Pages 202-213

   3. Optimization of the Controlled Evaluation of Closed Relational Queries

      • Joachim Biskup, Jan-Hendrik Lochner, Sebastian Sonntag

      Pages 214-225

It was an honor and a privilege to chair the 24th IFIP International Information Se- rity Conference (SEC 2009), a 24-year-old event that has become a tradition for - formation security professionals around the world. SEC 2009 was organized by the Technical Committee 11 (TC-11) of IFIP, and took place in Pafos, Cyprus, during May 18–20, 2009. It is an indication of good fortune for a Chair to serve a conference that takes place in a country with the natural beauty of Cyprus, an island where the hospitality and frie- liness of the people have been going together, hand-in-hand, with its long history. This volume contains the papers selected for presentation at SEC 2009. In response to the call for papers, 176 papers were submitted to the conference. All of them were evaluated on the basis of their novelty and technical quality, and reviewed by at least two members of the conference Program Committee. Of the papers submitted, 39 were selected for presentation at the conference; the acceptance rate was as low as 22%, thus making the conference a highly competitive forum. It is the commitment of several people that makes international conferences pos- ble. That also holds true for SEC 2009. The list of people who volunteered their time and energy to help is really long.

• Trusted Computing
• ad-hoc networks
• botnet protocols
• cryptanalysis
• data security
• egovernment
• encryption
• esignatures
• information
• intrusion detection
• iris recognition
• mobile networking
• privacy
• steganalysis
• voip

• Information Security and Infrastructure Protection Research Group, Dept. of Informatics, Athens University of Economics and Business, Athens, Greece

  Dimitris Gritzalis

• Computer Science Department, E.T.S.I. Informatica, University of Malaga, Malaga, Spain

  Javier Lopez

Policies and ethics