The proceedings contain 14 papers. The topics discussed include: aligning usability and security: a usability study of polaris;an empirical study of natural language parsing of privacy policy rules using the SPARCLE p...
详细信息
ISBN:
(纸本)1595934480
The proceedings contain 14 papers. The topics discussed include: aligning usability and security: a usability study of polaris;an empirical study of natural language parsing of privacy policy rules using the SPARCLE policy workbench;intentional access management: making access control usable for end-users;passpet: Convenient password management and phishing protection;password management strategies for online accounts;a comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords;human selection of mnemonic phrase-based passwords;decision strategies and susceptibility to phishing;the methodology and an application to fight against unicode attacks;web wallet: preventing phishing attacks by revealing user intentions;privacy and security threat analysis of the federal employee Personal Identity Verification (PIV) program;protecting domestic power-line communications;and power strips, prophylactics, and privacy, Oh my!.
Pervasive and on-demand computing are now a reality, mainly in the scientific area, and the computational Grid concept is gaining popularity as a scalable way to deliver access to a wide range of distributed computing...
详细信息
ISBN:
(纸本)3540346406
Pervasive and on-demand computing are now a reality, mainly in the scientific area, and the computational Grid concept is gaining popularity as a scalable way to deliver access to a wide range of distributed computing and data resources. But, as Grids move from an experimental phase to real production and their deployment in the Internet significantly increases, controlling the security of a Grid application becomes imperative. The most significant Grid security issue is that the different sites composing the Grid will generally be managed by different organizations each with their own security mechanisms and policies. This makes any communication security arrangement on the entities participating to the Grid generally more difficult than if they were on the same local area network. In this paper, we show how the security and privacy services offered by scalable on-demand layer-2 MPLS VPN services can be applied in large-scale Grid scenarios and propose a novel network resource abstraction for discovery and setup of on-demand layer-2 Virtual Private Networks. It has been implemented in a Grid Information Service prototype which was successfully tested on a dedicated testbed infrastructure.
Recent work [27, 15] introduced a novel peer-to-peer application that leverages content sharing and aggregation among the peers to diagnose misconfigurations on a desktop PC. This application poses interesting challen...
详细信息
ISBN:
(纸本)1595932267
Recent work [27, 15] introduced a novel peer-to-peer application that leverages content sharing and aggregation among the peers to diagnose misconfigurations on a desktop PC. This application poses interesting challenges in preserving privacy of user configuration data and in maintaining integrity of troubleshooting results. In this paper, we provide a much more rigorous cryptographic and yet practical solution for preserving privacy, and we investigate and analyze solutions for ensuring integrity. Copyright 2005 acm.
Information Discovery and Analysis Systems (IDAS) are designed to correlate multiple sources of data and use data mining techniques to identify potential significant events. application domains for IDAS are numerous a...
详细信息
Information Discovery and Analysis Systems (IDAS) are designed to correlate multiple sources of data and use data mining techniques to identify potential significant events. application domains for IDAS are numerous and include the emerging area of homeland security. Developing test cases for an IDAS requires background data sets into which hypothetical future scenarios can be overlaid. The IDAS can then be measured in terms of false positive and false negative error rates. Obtaining the test data sets can be an obstacle due to both privacy issues and also the time and cost associated with collecting a diverse set of data sources. In this paper, we give an overview of the design and architecture of an IDAS data Set Generator (IDSG) that enables a fast and comprehensive test of an IDAS. The IDSG generates data using statistical and rule-based algorithms and also semantic graphs that represent interdependencies between attributes. A credit card transaction application is used to illustrate the approach. Copyright 2005 acm.
We expose privacy issues related to Radio Frequency Identification (RFID) in libraries, describe current deployments, and suggest novel architectures for library RFID. Libraries are a fast growing application of RFID;...
详细信息
We expose privacy issues related to Radio Frequency Identification (RFID) in libraries, describe current deployments, and suggest novel architectures for library RFID. Libraries are a fast growing application of RFID;the technology promises to relieve repetitive strain injury, speed patron self-checkout, and make possible comprehensive inventory. Unlike supply-chain RFID, library RFID requires item-level tagging, thereby raising immediate patron privacy issues. Current conventional wisdom suggests that privacy risks are negligible unless an adversary has access to library databases. We show this is not the case. In addition, we identify private authentication as a key technical issue: how can a reader and tag that share a secret efficiently authenticate each other without revealing their identities to an adversary? Previous solutions to this problem require reader work linear in the number of tags. We give a general scheme for building private authentication with work logarithmic in the number of tags, given a scheme with linear work as a sub-protocol. This scheme may be of independent interest beyond RFID applications. We also give a simple scheme that provides security against a passive eavesdropper using XOR alone, without pseudo-random functions or other heavy crypto operations. Copyright 2004 acm.
data base management is in a state of ferment due to the emergence within the past few years of many new requirements. Amongst these requirements are the need to make application programs and terminal activities much ...
ISBN:
(纸本)9781450379199
data base management is in a state of ferment due to the emergence within the past few years of many new requirements. Amongst these requirements are the need to make application programs and terminal activities much more independent of the internal representation of data in storage, and the need to support:1. many different kinds of end users at terminals (some interactions being of unpredictable scope and complexity);2. greatly enhanced datasecurity and privacy;3. increased dynamic sharing of data (including concurrent update and enquiry);4. networks of mutually remote data bases (including very high level data sublanguages for low bandwidth communication of requests).
暂无评论