Computers & Security Premium Article Archive

This Premium Article Archive offers the last 12 months of articles from Computers & Security. Each summary takes you through to our Science Direct Pay Per View service which will allow you to buy 24 hour access to the article for just $30.

NB. Subscibers to this publication can view these articles for free through the subscriber zone.

Like to subscribe? Click here for details

Computers & Security
Volume 25, Issue 2, March 2006

Layered security design for mobile ad hoc networks

When security of a given network architecture is not properly designed from the beginning, it is difficult to preserve confidentiality, authenticity, integrity and non-repudiation in practical networks. Unlike traditional mobile wireless networks, ad hoc networks rely on individual nodes to keep all the necessary interconnections alive. In this article we investigate the principal security issues for protecting mobile ad hoc networks at the data link and network layers. The security requirements for these two layers are identified and the design criteria for creating secure ad hoc networks using multiple lines of defence against malicious attacks are discussed...

Computers & Security
Volume 25, Issue 2, March 2006

Computer forensics and electronic discovery: The new management challenge

Recent American court decisions and legislation have shown that the failure of an organization to retain electronic documents and to be able to locate the information when needed can cost the organization millions of dollars as well as its reputation. In spite of understanding the need for compliance, very few organizations actually have a good understanding of how to implement a system that will satisfy the requirements for electronic document retention and retrieval for litigation purposes...

Computers & Security
Volume 25, Issue 2, March 2006

The metamorphosis of malware writers

Bill Gates' time is up. At the end of January 2004, at the Davos forum, he said that within two years, spam would be a thing of the past. In reality, the problem is as rampant as ever. On its own, that would be merely irritating, but for the past three years or so, developments in the relationships between spammers and malware writers have followed a worrying trend. Security experts agree that the two are colluding for profit, meaning that the motives and modus operandi of malware writers have been changing...

Computers & Security
Volume 25, Issue 1, February 2006

Cryptanalysis of two password-based authentication schemes using smart cards

Recently, Juang [2004. Comput Secur (23)] and Yoon et al. [2005. Comput Secur (24)] proposed password-based authentication schemes using smart cards. Juang's scheme further allows for key agreement. In this paper, we present attacks on both schemes.

Computers & Security
Volume 25, Issue 1, February 2006

The challenges of understanding and using security: A survey of end users

Many applications contain security features that are available for end-users to select and configure, as well as the potential to place users in situations where they must take security-related decisions. However, the manner in which these aspects are implemented and presented can often serve to complicate the process, such that users cannot actually use the security that they desire, or which may be expected of them. This paper presents the results of a survey of over 340 end-users in order to determine their understanding of the security features within Windows XP and three popular applications (Internet Explorer, Outlook Express, and Word). The study reveals some significant areas of difficulty, with many standard security features presenting apparent usability challenges for large proportions of the respondents.

Computers & Security
Volume 25, Issue 1, February 2006

Security views - Malware update

Computers & Security
Volume 24, Issue 8, November 2005

Timing is everything

Social engineering attacks are well-known to prey on human weaknesses. Besides these weaknesses, humans insist on eating, sleeping, and partaking in non-work activities. On a global scale, work schedules combined with IT policies leave large windows of vulnerability – but how large? We examine calendar data through the year 2010 and locate the longest vulnerability windows which could be exploited by well-timed attacks by malicious software. The same data can be analyzed to solve a related problem: determining the best times to release software patches.

Computers & Security
Volume 24, Issue 8, November 2005

Security Views

Computers & Security
Volume 24, Issue 6, September 2005

The human factor in security
The amount and sophistication of technology that exist in the information security arena never cease to amaze me. Consider, for example, firewall technology. To the best of my knowledge, only one firewall product was available 15 years ago. In contrast, I cannot begin to count all the firewalls that are currently available. If lack of financial resources is a problem, an abundance of public domain firewalls is available. Intrusion detection technology is another good example, as is technology that provides strong authentication. New tools that improve security in some
manner are also constantly being developed...

Computers & Security
Volume 24, Issue 5, August 2005

Security Views

Computers & Security
Volume 24, Issue 4, June 2005

A survey and trends on Internet worms
With the explosive growth and increasing complexity of network applications, the threats of Internet worms against network security are more and more serious. This paper presents the concepts and research situations of Internet worms, their function component, and their execution mechanism. It also addresses the scanning strategies, propagation models, and the critical techniques of Internet worm prevention. Finally, the remaining problems and emerging trends in this area are also outlined.

Computers & Security
Volume 24, Issue 4, June 2005

Secure information systems development – a survey and comparison
Nowadays, security solutions are mainly focused on providing security defences (such as firewalls, routers, configuration server, password and encryption) instead of solving one of the main reasons of security problems that refers to an appropriate information systems design. Fortunately, there have been developed new methodologies incorporating security into their development processes. This paper makes a comparison of eleven secure systems design methodologies. The analysed methodologies fulfil criteria partially and in this paper, we make it clear that security aspects cannot be completely specified by these methodologies since they have a series of limitations that we have to take into account. At the same time, each one of these methodologies comprises very important aspects concerning security that can be used as a basis for new methodologies or extensions that may be developed.

Computers & Security
Volume 24, Issue 3, May 2005

Matching key recovery mechanisms to business requirements
This paper addresses the business needs for key recovery as a countermeasure to the threat of losing potentially valuable information. Several requirements essential for a sound key recovery mechanism are described, and the applicability of two main classes of existing key recovery schemes to a corporate environment is examined. Different requirements are identified for key recovery mechanisms for communicated and archived data, and a further study is made of the applicability of existing mechanisms to these two cases.

Computers & Security
Volume 24, Issue 3, May 2005

Information systems security policies: a contextual perspective
The protection of information systems is a major problem faced by organisations. The application of a security policy is considered essential for managing the security of information systems. Implementing a successful security policy in an organisation, however, is not a straightforward task and depends on many factors. This paper explores the processes of formulating, implementing and adopting a security policy in two different organisations. A theoretical framework based on the theory of contextualism is proposed and applied in the analysis of these cases. The contextual perspective employed in this paper illuminates the dynamic nature of the application of security policies and brings forth contextual factors that affect their successful adoption.

Computers & Security
Volume 24, Issue 2, March 2005

Security views: Malware Update

Computers & Security
Volume 24, Issue 2, March 2005

The economic approach of information security

This article introduces to the reader the sceptic of the economic evaluation of a security framework. We identify that there must be an economic evaluation of security investment, in order to avoid cost and risks of a security breach. We vindicate why the security economic plan must encompass our choices to provide security solutions. Furthermore, what are the measurements that are employed to provide the confidence of security to an acceptable level.

Computers & Security
Volume 24, Issue 2, March 2005

Keyjacking: the surprising insecurity of client-side SSL

In theory, PKI can provide a flexible and strong way to authenticate users in distributed information systems. In practice, much is being invested in realizing this vision via client-side SSL and various client keystores. However, whether this works depends on whether what the machines do with the private keys matches what the humans think they do: whether a server operator can conclude from an SSL request authenticated with a user's private key that the user was aware of and approved that request. Exploring this vision, we demonstrate via a series of experiments that this assumption does not hold with standard desktop tools, even if the browser user does all the right things. A fundamental rethinking of the trust, usage, and storage model might result in more effective tools for achieving the PKI vision.

Computers & Security
Volume 24, Issue 2, March 2005

Analysis of end user security behaviors

Many information security specialists believe that promoting good end user behaviors and constraining bad end user behaviors provide one important method for making information security effective within organizations. Because of the important of end user security-related behaviors, having a systematic viewpoint on the different kinds of behavior that end users enact could provide helpful benefits for managers, auditors, information technologists, and others with an interest in assessing and/or influencing end user behavior. In the present article, we describe our efforts to work with subject matter experts to develop a taxonomy of end user security-related behaviors, test the consistency of that taxonomy, and use behaviors from that taxonomy to conduct a U.S. survey of an important set of end user behaviors. We interviewed 110 individuals who possessed knowledge of end user security-related behaviors, conducted a behavior rating exercise with 49 information technology subject matter experts, and ran a U.S. survey of 1167 end users to obtain self-reports of their password-related behaviors. Results suggested that six categories of end user security-related behaviors appeared to fit well on a two-dimensional map where one dimension captured the level of technical knowledge needed to enact the behavior and another dimension captured the intentionality of the behavior (including malicious, neutral, and benevolent intentions). Our U.S. survey of non-malicious, low technical knowledge behaviors related to password creation and sharing showed that password “hygiene” was generally poor but varied substantially across different organization types (e.g., military organizations versus telecommunications companies). Further, we documented evidence that good password hygiene was related to training, awareness, monitoring, and motivation.

Computers & Security
Volume 23, Issue 5, July 2004

Search engines and privacy

Search engines have become a fundamental tool to access the vast amounts of information available in the World Wide Web in an optimized fashion. As they become ever more powerful, there has been concern on what this could mean for privacy issues, considering the accessibility to personal information in electronic format. This article addresses the nature of these concerns, attempting to clarify the issues at stake in a balanced view considering the position of all parties involved in the problem.

Computers & Security
Volume 23, Issue 5, July 2004

An English auction scheme in the online transaction environment

Internet technology in the recent years has progressed with great strides, and has transcended physical boundaries to achieve a global community. It has been an efficient tool in the development of modern communication, electronic commerce, and various living applications. Under an Internet environment, a reliable and high-performing English auction scheme is presented in the research involving three parties, namely the Registration Manager, Auction Manager, and Bidder. The Registration Manager identifies and authenticates the bidder. The Auction Manager issues the bidding rights and maintains order during the auction. The proposed scheme has the following features: anonymity, traceability, no framing, unforgeability, non-repudiation, fairness, public verifiability, unlinkability among different auction rounds, linkability in a round of auction, efficiency of bidding, one-time registration, and easy revocation. Given the Internet environment, significant importance is attached to time costs in transmitting bidding data. Hence, the bulletin board method is used to enable both the registration and auction managers to declare the necessary parameters. Furthermore, the elliptic curve cryptosystem, owing to its low computational amount and small key size, is applied to the scheme. Consequently, the auction-manager server load can be effectively reduced, while simultaneously significantly increasing bidding efficiency.

Computers & Security
Volume 23, Issue 5, July 2004

On risk: perception and direction
Andrew Stewart

The idea of risk permeates the information security field. We use terms like "risk management", "risk assessment", "risk model" and "risk analysis" every day, and those topics are themselves the subject of countless papers and articles in security journals and magazines.

But has the concept of risk become so ingrained within our profession that we have become over confident about how much we really understand it? In this paper I discuss how difficult it is to truly understand risk. I describe why we need to fundamentally reassess many of our current activities that involve trying to calculate and manipulate risk. I also make several proposals for how we can collectively treat risk in a more pragmatic and realistic way.

Computers & Security
Volume 23, Issue 5, July 2004

Keystroke dynamics identity verification—its problems and practical solutions
Enzhe Yu, and Sungzoon Cho

Password is the most widely used identity verification method in computer security domain. However, because of its simplicity, it is vulnerable to imposter attacks. Use of keystroke dynamics can result in a more secure verification system. Recently, Cho et al. (J Organ Comput Electron Commerce 10 (2000) 295) proposed autoassociative neural network approach, which used only the user's typing patterns, yet reporting a low error rate: 1.0% false rejection rate (FRR) and 0% false acceptance rate (FAR). However, the previous research had some limitations: (1) it took too long to train the model; (2) data were preprocessed subjectively by a human; and (3) a large data set was required. In this article, we propose the corresponding solutions for these limitations with an SVM novelty detector, GA–SVM wrapper feature subset selection, and an ensemble creation based on feature selection, respectively. Experimental results show that the proposed methods are promising, and that the keystroke dynamics is a viable and practical way to add more security to identity verification.

Computers & Security
Volume 23, Issue 5, July 2004

Security views
E. Schultz

Computers & Security
Volume 23, Issue 4, June 2004

From policies to culture
Rossouw von Solms and Basie von Solms

Management normally sets company vision, rules and regulations through policies. These policies should provide guidance to employees and partners as to how they should act and behave to be in line with management's wishes. These policies need to be structured and organized effectively to cater for business and technological dynamics and advances. Having defined a series of company policies does not ensure that all employees will necessarily obey these policies. Ideally these policies must manifest in some company culture to ensure appropriate behaviour. This can only be achieved through a proper education process. This paper addresses exactly the process of integrating policies, education and culture.

Computers & Security
Volume 23, Issue 4, June 2004

Formal support for certificate management policies
Victoria Ungureanu

Traditionally, creation and revocation of certificates are governed by policies that are carried manually, off-line, by trusted agents. This approach to certificate management is appropriate for many current applications, where these policies cannot be verified automatically (e.g. require verification of non-digital credentials). But it is expensive, time consuming and error-prone for the growing class of applications where certificate management policies can be formalized and carried out automatically. We argue that, in these cases, creation and revocation of certificates could be viewed as any other on-line service available in a system. Access to these particular service instances could be regulated much in the same manner as file access or resource allocation.

Computers & Security
Volume 23, Issue 4, June 2004

Rico: a security proxy for mobile code
Yougang Song and Brett D. Fleisch

Security technology suitable for the burgeoning embedded system market has not been widespread. Untrusted code downloaded from the Internet poses numerous security risks due to the possible presence of viruses or other malicious entities. System administrators typically administer one or more administrative domains making policy management for mobile code a challenge because of the diverse security rules that must be adhered to. In this paper, we introduce Rico, a binary rewriting, security policy and code management system that sits between clients and servers. The system interposes itself between a client that downloads mobile code and the target server to provide the system administrator a means to secure untrusted code by rewriting it. The system supports the following features: (1) A security policy editor that simplifies policy writing with frame wizards, syntax reminders and error checking. (2) Third-party policy incorporation enabling reuse of security policies created by trusted third parties. (3) Policy composition, the capability of combining multiple security policies into one logical policy that can be applied to a mobile program. (4) Efficient security management supported by a graphical user interface and a self-training database.

Computers & Security
Volume 23, Issue 3, May 2004

Towards information security behavioural compliance
Cheryl Vroom and Rossouw von Solms

Auditing has always played an important role in the business environment. With the introduction of information technology and the resulting security challenges that organizations face daily, it has become essential to ensure the security of the organization's information and other valuable assets. However, one aspect that auditing does not cover effectively is that of the behaviour of the employee, which is so crucial to any organization's security.

The objective of this paper is to explore the potential problems concerning the attempt to audit the behaviour of the employee. It will be demonstrated that it is extremely difficult to audit human behaviour and so an alternative method to behavioural auditing needs to be found, where policing the employee is not necessary, but instead a softer, more informal approach is used to change the culture to a more information security conscious one.

Computers & Security
Volume 23, Issue 3, May 2004

The effect of intrusion detection management methods on the return on investment
Charles Iheagwara

This paper examines how implementation methods, management methods, and Intrusion Detection System (IDS) policy affect Return on Investment (ROI). The paper will seek to demonstrate the value associated with a well thought out implementation and effective lifecycle management of IDS technology and will culminate in a case study with a number crunching exercise to calculate the ROI for an IDS deployment by a hypothetical financial company named UTVE, Inc. on risk.

The paper also discusses general IDS types and expands on the impact that the logical location of a company's critical networked assets could have on the risk equations. To this end, the Cascading Threat Multiplier (CTM) is introduced to expand on the Single Loss Expectancy (SLE) equation. Also, implementation and management costs based on various support profiles and commonly accepted risk equations are reviewed. Finally, a formula for calculating ROI for security, otherwise commonly known as Return on Security Investment (ROSI) is devised.

Computers & Security
Volume 23, Issue 2, March 2004

Incident response teams need to change
Dr Eugene Schultz

Every week I receive an email message from one of the many security incident response teams currently in existence informing me how many unauthorized vulnerability scans have targeted particular ports during the previous week. I never take the time to look at the content of any of the messages. After all, a large part of my job involves intrusion detection, something that already makes me aware of the current trends in port scanning. Additionally, if I need to, I can quickly go to the SANS Internet Storm Center site and locate much more detailed (and in all likelihood more accurate) data about scans as well as an abundance of other Internet security-related data and information. The U.S. government is paying what is certainly no small amount of money every year for response teams such as the one that dutifully sends me port scan data to duplicate what is already being done. The same is also true of many other governments in other countries. And the port scan data I mentioned serve as only one of many examples of this kind of redundancy and waste.

Computers & Security
Volume 23, Issue 2, March 2004

Non-PKI methods for public key distribution
Mohammad Peyravian , Allen Roginsky and Nevenko Zunic

The X.509 certification authority-based (CA) public key infrastructure (PKI) is a widely accepted PKI standard which defines data formats and procedures related to the distribution of public keys via public key certificates that are digitally signed by CAs. However, X.509 requires a huge and expensive infrastructure with complex operations. This overhead may be tolerable in some cases, but it is highly desirable to find other solutions. The objective of this paper is to present alternative simpler solutions to the X.509 PKI to save storage, bandwidth and to reduce the complexity of the operations. We offer three such solutions. They rely on the existence of passwords that are known to both users and service providers.

Computers & Security
Volume 23, Issue 2, March 2004

An analysis of the tools used for the generation and prevention of spam
Allister Cournane and Ray Hunt

This paper examines the problems caused by the spamming of e-mail and newsgroup users. Spamming is now considered to be a serious threat to the Internet and is posing a serious threat to both ISP and users' resources. In particular, this paper examines the motivation of, and the tools used to generate, spam. Methods of protection and prevention are then discussed. The paper includes case studies of some spam generation and prevention tools as well as examines evolving spam-related laws.

Computers & Security
Volume 22, Issue 8, December 2003

The availability of source code in relation to timely response to security vulnerabilities
John Reinke and Hossein Saiedian

Once a vulnerability has been found in an application or service that runs on a computer connected to the Internet, fixing that exploit in a timely fashion is of the utmost importance. There are two parts to fixing vulnerability: a party acting on behalf of the application's vendor gives instructions to fix it or makes a patch available that can be downloaded; then someone using that information fixes the computer or application in question. This paper considers the effects of proprietary software versus non-proprietary software in determining the speed with which a security fix is made available, since this can minimize the amount of time that the computer system remains vulnerable.

Computers & Security
Volume 22, Issue 8, December 2003

Understanding users' keystroke patterns for computer access security
Aykut Guven and Ibrahim Sogukpinar

User authentication is a major problem in gaining access rights for computer resources. A recent approach to enhance the computer access rights is the use of biometric properties as the keystroke rhythms of users. Therefore user authentication for computers can be more secure using keystroke rhythms as biometric authentication. Methods like minimum distance, statistical, vector based, neural network type and data mining techniques have been applied in analyzing the keystroke patterns. In this paper, a vector based algorithm for a recent approach has been applied in the identification of keystroke patterns. Keystroke Identification system that is a neuro physical characteristic is studied to realize biometric authentication.

Computers & Security
Volume 23, Issue 2, March 2004

Security engineering and security RoI
Dr John Leach

IT Security has been practised as a dark art for too long. We should treat it as an engineering discipline and reset our expectations about how security systems should be designed and evaluated. All it would take is a fresh approach, the right metrics and a little competent analysis. This is how it might work.

Computers & Security
Volume 22, Issue 6, August 2003

Security analysis of XML usage and XML parsing
MDr. Andrew Blyth, Dr. Daniel Cunliffe, and Dr. Iain Sutherland

Web-based applications greatly increase the availability of information and the ability of people to access and share information in a collaborative environment. Organisations can only truly make use of this technology to create a competitive advantage if they can trust the technology to distribute and mediate information in a safe and secure manner. The Web was not designed with security in mind and the use of XML as a vehicle for marking up information and mediating information flows does not directly support the imposition of a security architecture to manage the security of collaborative information sharing and dissemination. The adoption of XML as the vehicle for electronic commerce has created an environment where XML is now a core technology to most organisations, yet most organisations are relying on off-the-shelf solutions to parsing and manipulating it. In this paper we will examine how XML and XML parsers can be attacked and used to modify, and enter false or misleading, information relating to an electronic transaction. The attack scenarios will be divided into five categories: DTD, Document Corruption, single-node, multi-node and back-end systems. For each attack type we will explore how the attack is perpetrated and what, if any, countermeasures exist to mitigate the attacks.

Computers & Security
Volume 22, Issue 6, August 2003

RBAC models – concepts and trends
Elisa Bertino

A key function in any information security infrastructure is represented by access control which concerns the ways according to which users can access resources in a computer systems. Access control is one of the most pervasive security mechanisms in use today and is present in almost all systems, from operating systems to database management systems. Access control is usually based on access permits, also called authorizations, specifying which subjects can access which objects for performing which actions. Access control, however, imposes great administrative and architectural challenges and also requires careful design. In particular, a relevant problem, especially when dealing with large systems, is represented by the complexity of access control administration. Access control administration deals with assigning and revoking authorizations.

Computers & Security
Volume 22, Issue 6, August 2003

Efficient proxy multisignature schemes based on the elliptic curve cryptosystem
MTzer-Shyong Chena, Yu-Fang Chung, and Gwo-Shiuan Huang

For improving proxy-signature research, Sun [5] attempted to resolve problems related to defective security in the scheme of Yi [3]. However, both Yi and Sun's schemes involve a significant number of exponential operations to verify the proxy signature. Accordingly, an improvement is proposed here to change the exponential operations into elliptic curve multiplicative ones. As proposed by both Koblitz [6 and 7] and Miller [8] in 1985, the elliptic curve is used in developing the cryptosystems. The elliptic curve cryptosystem can achieve a level of security equal to that of RSA or DSA but has a lower computational overhead and a smaller key size than both of these. Therefore, it is used in Sun's schemes to improve their efficiency.

Computers & Security
Volume 22, Issue 6, August 2003

Security middleware for enhancing interoperability of Public Key Infrastructure
MKwok-Yan Lam, Siu-Leung Chung, Ming Gu, and Jia-Guang Sun

This paper describes a security middleware for enhancing the interoperability of public key infrastructure (PKI). Security is a key concern in e-commerce and is especially critical in cross-enterprise transactions. Public key cryptography is widely accepted as an important mechanism for addressing the security needs of e-commerce transactions because of its ability to implement non-repudiation. The deployment of public key cryptography is facilitated by the provision of PKI which assures the integrity of cryptographic keys. Nevertheless, industry experiences have shown that the task of implementing PKI-based e-commerce applications is challenging. Prior studies have identified interoperability as a major issue that hinders the adoption of PKI in spite of its effectiveness in implementing strong security mechanisms and protocols. In this paper, we discuss the interoperability issue of PKI applications. This research is part of our effort in designing security infrastructure for e-commerce systems. A middleware architecture was designed to enhance interoperability of PKI applications. The security middleware aims to promote cross-enterprise cross-border e-commerce transactions. The proposed mechanism is proven to be practical in real deployment environment.

Computers & Security
Volume 22, Issue 5, July 2003

Utilising fuzzy logic and trend analysis for effective intrusion detection
Martin Botha and Rossouw von Solms

Computer security, and intrusion detection in particular, has become increasingly important in today's business environment, to ensure safe and trusted commerce between business partners as well as effective organizational functioning. Various approaches to intrusion detection are currently being utilized, but unfortunately in practice these approaches are relatively ineffective and inefficient. New means and ways that will minimize these shortcomings must, therefore, continuously be researched and defined. This paper will propose a proactive and dynamic approach, based on trend analysis and fuzzy logic that could be utilized to minimize and control intrusion in an organization's computer system.

Computers & Security
Volume 22, Issue 4, May 2003

Methods for preventing unauthorized software distribution
Mohammad Peyravian, Allen Roginsky and Nevenko Zunic

In this paper we present algorithms for protecting software from unauthorized installation. We assume that the user buys software on a disk or downloads it from the Internet –– although our methods are not limited to protecting software under these circumstances. We consider two kinds of adversaries. One kind of attacker is a sophisticated hacker who can monitor a line and can read and intercept any information flowing unprotected over the Internet. These attackers are also skillful programmers who can analyze the software, locate any data of interest to them and also write and execute any programs, even the most complicated ones. Another kind of attacker is an average attacker who can copy and use personal or business software.

Computers & Security
Volume 22, Issue 3, April 2003

A contest to evaluate IT security services management
By Rolf Moulton and Robert S. Coles

This article discusses a project that used a multi-team competition to define, test and validate the added value and costs of a premium level of `managed security services'. The services were intended for a limited number of servers used to store and process extremely sensitive information on a large IT infrastructure. They were defined by a specialist third party managed security services (MSS) provider. They included recommended server configuration and intrusion detection software, as well as monitoring services.

The project contest was structured to benchmark the risks and controls related to the existing level of service, and to then determine the added value, effectiveness, and cost alternatives for an increased level of service. The company's infrastructure group and a MSS provider were to be defenders of specific servers for a sensitive application. Prior to the contest, the protected application servers were hardened by each defender. The servers and the application were then attacked by an independent third party professional hacker team.

The overall conclusion was that the study approach provided a good way to evaluate information risks, control requirements, and the cost(s) of alternative solutions to meet those requirements by using a combination of company resources and an external supplier(s). It also provided a very effective means to stimulate staff interest and obtain senior management attention and support.

Computers & Security
Volume 22, Issue 2, February 2003

Dealing with contextual vulnerabilities in code: distinguishing between solutions and pseudosolutions
By Jesper M. Johansson and E. Eugene Schultz

Vulnerabilities in objects in various operating systems or add-ons continue to surface at a rapid rate, posing a unique security problem, one with which vendors appear to be struggling. Patching a vulnerability discovered in a default system binary, such as the highly publicized sendmail debug vulnerability (this vulnerability has been discussed extensively in the literature and was even exploited in the infamous Internet Worm [1]), is relatively easy. The vendor often simply issues a new version of the binary to replace the vulnerable one. The interface for all applications that invoke this binary remains the same. However, with componentized code, such as in modern object-oriented systems, things do not work quite as smoothly. For example, how should vulnerabilities be patched if an object is vulnerable to attack only if it is used in a certain context, or if only one function out of many is vulnerable? Patching the vulnerability is simple if a function can be replaced. If the vulnerability is contextual and the function has legitimate uses in other areas, however, replacing the function altogether may be inappropriate. What kinds of alternative remedies are appropriate? This paper presents several different approaches to dealing with this difficult problem, and analyzes the strengths and weaknesses of each. Of all the solutions considered, removing code altogether and adding warnings at run time are the least viable. Allowing code to run only if the execution context is correct, permitting only certain callers to execute code, barring certain callers from executing code, and using access control lists to govern access to objects and methods are more reasonable approaches, although each also has limitations.

Computers & Security
Volume 22, Issue 1, January 2003

A password authentication scheme with secure password updating
By Chun-Li Lin and Tzonelih Hwang

Recently, Hwang and Yeh proposed an improvement on the Peyravian-Zunic password scheme. The Hwang-Yeh scheme comprises a password authentication protocol, a password change protocol, and can also provide key distribution. Though the Hwang-Yeh scheme repaired several security problems of the Peyravian-Zunic scheme, it has several security problems: the password change protocol in the Hwang-Yeh scheme is vulnerable to a denial of service attack; and it does not provide the forward secrecy property in session key distribution. Furthermore, we shall fix the Hwang-Yeh scheme to avoid these problems.

Computers & Security
Volume 21, August 2002

Differentially secure multicasting and its implementation methods
By S. Holeman, G. Manimaran, J. Davis and A. Chakrabarti

Though the areas of secure multicast group architecture, key distribution and sender authentication are under scrutiny, one topic that has not been explored is how to integrate these with multi-level security. Multi-level security is the ability to distinguish subjects according to classification levels, which determines to what degree they can access confidential objects. In the case of groups, this means that some members can exchange messages at a higher sensitivity level than others. The Bell-La Padula model [BL76] outlines the rules of these multi-level accesses. In multicast groups that employ multi-level security, some of these rules are not desirable so a modified set of rules is developed in this paper and is termed differential security.

Also, this paper proposes three methods to set up a differentially secure multicast group: (i) Naïve approach, (ii) multiple tree differential security (DiffSec) approach, and (iii) single DiffSec tree approach. In order to evaluate the performances (in terms of the number of links used per packet transmitted) of these approaches, extensive simulation experiments were conducted by varying the network connectivity and group size for both uniform and non-uniform membership distribution across security levels. Our studies show that the multiple tree and single DiffSec tree approaches perform much better than the Naïve approach. While the multiple tree approach could be implemented using current technology, this scheme consumes many times more addresses and network resources than the single DiffSec tree approach. From our studies, we conclude that the single DiffSec tree is a viable option for supporting multi-level security as it maximizes the resource utilization and is also scalable.

Computers & Security
Volume 21, August 2002

Individual Authentication in Multiparty Communications
By F. Bergadano, D. Cavagnino and B. Crispo

In this paper we introduce a new authentication scheme to achieve individual authentication in group communications. The scheme is particularly efficient and suitable for applications where users require to transmit stream of data of undefined length through noisy channels. Our scheme is in fact, robust against loss of packets during the transmission. We present the scheme called chained stream authentication (CSA) and then we prove that the scheme is conditionally secure. We then describe two variations of CSA, one interactive to use when multicast is available and a timed version suitable for broadcast communications. We conclude by describing our implementation of the timed version that is integrated and fully compatible with RAT.

Computers & Security
Volume 21, August 2002

Policy challenges in building dependability in global infrastructures
By Jeffrey Hunker, Dean and H. John Heinz III

Global or continental critical infrastructures including electric power, telecommunications, and the Internet are now the control plane for advanced economies. The occasional failures of these key infrastructures illustrate not only our dependence, but also the unanticipated interdependencies between systems. For example, the 1998 failure of a single telecommunications satellite, Galaxy 4, led to an outage of nearly 90% of all pagers in the United States, while also causing a number of unanticipated failures: many banking and financial services (credit card purchases, automated teller machines) were interrupted, as was communications with doctors and emergency workers.

With awareness of economic and social dependence on these distributed infrastructures has come a growing concern about their reliability and security. Defense against deliberate attack critical infrastructure protection emerged as part of the US national security posture in the mid-1990s with the work of the President's Commission on Critical Infrastructure, and was codified by Presidential Decision Directive 63 in 1998. Other nations are also beginning to develop national strategies for infrastructure protection.

Reliability is more than protection against deliberate attack. An accidental cut of a fiber optic trunk shut down air traffic control along the east coast of the US for a day. A cascading series of events, starting with a tree limb falling, caused much of the western US to lose electricity.

The challenge of improving the reliability of global networked infrastructures presents us with significant analytical and decision-making complexities, with both technical and policy relevant dimensions. This paper using principally examples from the Internet and other distributed IT systems presents two perspectives on these complexities. First is to present critical global infrastructures as complex adaptive systems, which share certain characteristics that policy makers and managers need to account for. Secondly, the balance of the paper outlines five major dimensions of the analytical and decision-making complexity, and presents the research and policy-making agendas that need to be addressed if we are to significantly improve the reliability of global infrastructures.

Neither of these perspectives is purely technical or engineering based. Success in increasing the reliability of global infrastructures will require much more analytically sophisticated research in, among other topics, the issue areas identified here in addition to ongoing technology-based research.

Computers & Security
Volume 21, August 2002

Giga Security
By Jon David

The flow of information, within organizations, between networks, and from single users to other individuals and networks, is commonly at rates that only a few years ago were dreams. Earlier methods for the detection and prevention of malicious activities are anywhere from inefficient to unworkable with transmissions at the giga speeds that are prevalent today. This writing sets forth the problems and threats associated with these new high speed transmissions, and presents methodologies and systems for treating them.

Computers & Security
Volume 21, July 2002

Applying digital rights management systems to privacy rights management
By Steve Kenny and Larry Korba

While there are growing concerns about how to manage citizen privacy, currently there are no established technology solutions that meet the privacy needs required in some cases by legislation. In this paper we examine the prospect of adapting systems developed for Digital Rights Management to meet the challenges of Privacy Rights Management. In particular, the goal of this work is the adaptation of DRM technology to produce a privacy management architecture that reflects the requirements of Directive 95/46/EC for the protection of personal data. This paper first outlines the requirements for management of the personal data within the European Community it then describes the changes that would be required to transform a digital rights management system into a system to manage the handling of personal data. The paper concludes with a thorough discussion of the issues and potential of this approach.

Computers & Security
Volume 21, July 2002

Cyberterrorism?
By Sarah Gordon and Richard Ford

The term cyberterrorism is becoming increasingly common in the popular culture, yet a solid definition of the word seems to be hard to come by. While the phrase is loosely defined, there is a large amount of subjectivity in what exactly constitutes cyberterrorism. In the aftermath of the September 11th attacks, this is somewhat disconcerting. In an attempt to define cyberterrorism more logically, a study is made of definitions and attributes of terrorism and terrorist events. From these attributes a list of attributes for traditional terrorism is developed. This attribute list is then examined in detail with the addition of the computer and the Internet considered for each attribute. Using this methodology, the online world and terrorism is synthesized to produce a broader but more useful assessment of the potential impact of computer-savvy terrorists. Most importantly, the concept of `traditional' cyberterrorism, which features the computer as the target or the tool is determined to be only a limited part of the true risk faced. Finally, the authors discuss the impact this new view of cyberterrorism has on the way in which one should build one's defenses. In particular, the breadth of the issue poses significant questions for those who argue for vertical solutions to what is certainly a horizontal problem. Thus, the validity of special cyberterrorism task forces that are disconnected or loosely connected with other agencies responsible for fighting the general problem of terrorism is questioned, and a broader, more inclusive method suggested.

Computers & Security
Volume 21, July 2002

Managed Security Services new economy relic or wave of the future?
By Brian McKenna

Is IT security ready to go the way of physical security? Should it be done in-house, or should corporates start eating out? Brian McKenna takes some soundings.

Computers & Security
Volume 21, June 2002

University systems security logging: who is doing it and how far can they go?
By Virginia E. Rezmierski Ph.D., Marshall R. Seese Jr. and Nathaniel St. Clair II

The importance of providing a secure environment for individual and corporate data, research, and communications has grown to critical proportions as more of the mission and business of colleges and universities is carried out over networked information infrastructures. System administrators must implement new, more extensive processes to protect data, to identify and eliminate vulnerabilities, and to find and manage abuses of the systems they manage. They have responded by increasing the network and major systems logging and monitoring efforts and want to do more. But how far can they go before their logging for the sake of security becomes surveillance and a violation of student record privacy under the Family Educational Rights and Privacy Act (FERPA)? What systems are they logging? How are they managing logs? What training have they had to support their work in the areas of security and data management? What processes are in place to manage log data from unauthorized access?

In 2001, researchers at the University of Michigan, funded by the National Science Foundation, explored these questions. The results of this study raise important questions for security professionals and systems developers. This paper provides information about the sample's system administrators, designated as logging experts on campuses, about their training in security and information protection. It discusses the types of logging that administrators are doing and the data it yields. The paper raises issues about how far administrators can go before they violate student record privacy law and makes recommendations for needed actions.

Computers & Security
Volume 21, June 2002

Principles and requirements for a secure e-voting system
By Dimitris A. Gritzalis

Electronic voting (e-voting) is considered a means to further enhance and strengthen the democratic processes in modern information societies. E-voting should first comply with the existing legal and regulatory framework. Moreover, e-voting should be technically implemented in such a way that ensures adequate user requirements. As a result, the aim of this paper is twofold. Firstly, to identify the set of generic constitutional requirements, which should be met when designing an e-voting system for general elections. This set will lead to the specific (design) principles of a legally acceptable e-voting system. Second, to identify, using the Rational Unified Process, the requirements of an adequately secure e-voting system. These requirements stem from the design principles identified previously. The paper concludes that an e-voting capability should, for the time being, be considered only as a complementary means to the traditional election processes. This is mainly due to the digital divide, to the inherent distrust in the e-voting procedure, as well as to the inadequacy of the existing technological means to meet certain requirements.

Computers & Security
Volume 21, June 2002

A framework for understanding and predicting insider attacks
By E. Eugene Schultz

In this paper an insider attack is considered to be deliberate misuse by those who are authorized to use computers and networks. Applying this definition in real-life settings to determine whether or not an attack was caused by an insider is often, however, anything but straightforward. We know very little about insider attacks, and misconceptions concerning insider attacks abound. The belief that "most attacks come from inside" is held by many information security professionals, for example, even though empirical statistics and firewall logs indicate otherwise. This paper presents a framework based on previous studies and models of insider behavior as well as first-hand experience in dealing with insider attacks. This framework defines relevant types of insider attack-related behaviors and symptoms"indicators" that include deliberate markers, meaningful errors, preparatory behaviors, correlated usage patterns, verbal behavior and personality traits. From these sets of indicators, clues can be pieced together to predict and detect an attack. The presence of numerous small clues necessitates the use of quantitative methods; multiple regression equations appear to be a particularly promising approach for quantifying prediction.

Computers & Security
Volume 21, May 2002

Steganographic Method for Secure Communications
By Der-Chyuan Lou and Jiang-Lung Liu

Cryptographic methods secure an important message by encrypting it to an unrecognized form of data which may arouse the interest of cryptanalysis for part of the recipients. Steganographic methods hide the encrypted message in cover carriers so that it cannot be seen while it is transmitted on public communication channels such as computer network. Many steganogrphic methods embed a large amount of the secret information in the first k LSBs of the pixels of the cover images. Because of the imperfect sensibility of the human visual system, the existence of the embedded secret information can be imperceptible. Unfortunately, the hidden secret information may be discovered by the common-cover-carrier attack if it has not been appropriately disposed. In this paper, an LSB-based steganographic method is proposed to resolve this problem. By using variable-size insertion and redundant Gaussion noise adding, the stego-images created with the proposed method can survive both the human visual system and the common-cover-carrier attack. Moreover, many cryptographic protocols are involved in the proposed method to resolve the problems of security and key management that may be encountered in other steganogrpahic methods. The proposed method is hence suitable for secure communications.

Computers & Security
Volume 21, May 2002

Trusted ...or... trustworthy: the search for a new paradigm for computer and network security
By Professor William J. Caelli FACS, FTICA, MIEEE

On the occasion of the presentation of the Kristian Beckman Award for 2002 it is appropriate to pause and reflect on the state of computer and associated data network security at the start of the new millennium; appropriately in a country that itself pioneered the use of encryption some thousands of years ago. This paper sets out a number of major questions and challenges which include:

• Just what is meant by `trusted' or `trustworthy' systems after 20 years of experience, or more likely, lack of business level experience, with the `trusted computer system' criteria anyway?
• Does anyone really care about the adoption of international standards for computer system security evaluation by IT product and system manufacturers and suppliers (IS 15408) and, if so, how does it all relate to business risk management anyway (IS 17799)?
• With the explosion of adoption of the microcomputer and