BibSonomyburst/tag/securityBibSonomy RSS feed for /tag/security2012-02-15T09:12:28+01:00http://www.bibsonomy.org/bibtex/23371f8f31928848aaa011689b2c506b4/filfil2011-12-27T11:44:18+01:00givealink myown security social web <span class="authorEditorList"><a href="/author/Nikolov">Dimitar Nikolov</a>, and <a href="/author/Menczer">Filippo Menczer</a> </span><em>The Death of The Internet, </em><em>Wiley, </em>(<em>2012</em>)Tue Dec 27 11:44:18 CET 2011The Death of The InternetSocial Spam2012givealink myown security social web http://www.bibsonomy.org/bibtex/28fc25324b7bb1727e7f0ea160813d554/filfil2011-12-27T11:44:18+01:00givealink myown security social web <span class="authorEditorList"><a href="/author/Goncalves">B. Goncalves</a>, <a href="/author/Conover">M. Conover</a>, and <a href="/author/Menczer">F. Menczer</a> </span><em>The Death of The Internet, </em><em>Wiley, </em>(<em>2012</em>)Tue Dec 27 11:44:18 CET 2011The Death of The InternetAbuse of social media and political manipulation2012givealink myown security social web http://www.bibsonomy.org/bibtex/286b86f88d7943aefc486662c5a4cf3d0/jenszieglerjensziegler2011-12-22T12:35:19+01:00Implementation JZiegler Security WP3 WP4 <span class="authorEditorList"><a href="/author/Subashini">S. Subashini</a>, and <a href="/author/Kavitha">V. Kavitha</a> </span><em>Journal of Network and Computer Applications</em> <em>34(1):1 - 11</em> (<em>2011</em>)Thu Dec 22 12:35:19 CET 2011Journal of Network and Computer Applications11 - 11A survey on security issues in service delivery models of cloud computing342011Implementation JZiegler Security WP3 WP4 Cloud computing is a way to increase the capacity or add capabilities dynamically without investing in new infrastructure, training new personnel, or licensing new software. It extends Information Technology’s (IT) existing capabilities. In the last few years, cloud computing has grown from being a promising business concept to one of the fast growing segments of the IT industry. But as more and more information on individuals and companies are placed in the cloud, concerns are beginning to grow about just how safe an environment it is. Despite of all the hype surrounding the cloud, enterprise customers are still reluctant to deploy their business in the cloud. Security is one of the major issues which reduces the growth of cloud computing and complications with data privacy and data protection continue to plague the market. The advent of an advanced model should not negotiate with the required functionalities and capabilities present in the current model. A new model targeting at improving features of an existing model must not risk or threaten other important features of the current model. The architecture of cloud poses such a threat to the security of the existing technologies when deployed in a cloud environment. Cloud service users need to be vigilant in understanding the risks of data breaches in this new environment. In this paper, a survey of the different security risks that pose a threat to the cloud is presented. This paper is a survey more specific to the different security issues that has emanated due to the nature of the service delivery models of a cloud computing system.http://www.bibsonomy.org/bibtex/226ae735b4beab4039559ab3091aa30ee/maxirichtermaxirichter2011-12-22T10:42:06+01:00hacking javascript nodejs security server webdevelopment xss <span class="authorEditorList"><a href="/author/Sullivan">Bryan Sullivan</a> </span> (<em>2011</em>)Thu Dec 22 10:42:06 CET 2011Server-Side JavaScript Injection2011hacking javascript nodejs security server webdevelopment xss http://www.bibsonomy.org/bibtex/2b404870258f20f64b0142818b42c158b/neoatnhngneoatnhng2011-12-08T18:49:21+01:00metrics models security <span class="authorEditorList"><a href="/author/Wang">Andy Ju An Wang</a> </span><em>Proceedings of the 43rd annual Southeast regional conference - Volume 2, </em><em>page 178--184. </em><em>New York, NY, USA, </em><em>ACM, </em>(<em>2005</em>)Thu Dec 08 18:49:21 CET 2011New York, NY, USAProceedings of the 43rd annual Southeast regional conference - Volume 2178--184ACM-SE 43Information security models and metrics2005metrics models security Security assessment is largely ad hoc today due to its inherent complexity. The existing methods are typically experimental in nature highly dependent of the assessor's experience, and the security metrics are usually qualitative. We propose to address the dual problems of experimental analysis and qualitative metrics by developing two complementary approaches for security assessment: (1) analytical modeling, and (2) metrics-based assessment. To avoid experimental evaluation, we put forward a formal model that permits the accurate and scientific analysis of different security attributes and security flaws. To avoid qualitative metrics leading to ambiguous conclusions, we put forward a collection of mathematical formulas based on which quantitative metrics can be derived. The vulnerability analysis model responses to the need for a theoretical foundation for modeling information security, and security metrics are the cornerstone of risk analysis and security management. In addition to the security analysis approach, we discuss security testing methods as well. A Relative Complete Coverage (RCC) principle is proposed along with an example of applying the RCC principle. The innovative ideas proposed in this paper include a hierarchical multi-level modeling approach to modeling vulnerability using model composition and refinement techniques, a data-centric, quantitative metrics mechanism, and multidimensional assessment capturing both process and product elements in a formalized framework.http://www.bibsonomy.org/bibtex/258d639691fab1a241655007189978444/domidomi2011-12-02T10:44:22+01:00Air-to-Air Air-to-Surface Anzeige Bedienkonzept Biomechatronik Defence Diplomarbeit EADS EF-2000 Einstellbereiche Eurofighter European_Aeronautic_Defence_and_Space_Company Flugphasen Flugzeuge Großflächendisplay HMI Maschinenbau Mechatronik Mensch-Maschine-Schnittstelle Military_Air_Systems Navigation OpenGL OpenInventor PanDis Panoramic_Display Security Synthetic-Vision Synthetic_Vision TU_Ilmenau Touchscreen VAPS_XT Voreinstellung berührungsempfindliche hochagil human-machine_interface künstliche_Außenansicht own variable_Eigenschaften <span class="authorEditorList"><a href="/author/Domhardt">Michael Domhardt</a> </span><em>Fakultät für Maschinenbau, </em><em>Technische Universität Ilmenau, </em><em>Diplomarbeit, </em>(<em>2008</em>)Fri Dec 02 10:44:22 CET 2011Technische Universität IlmenauEntwicklung eines Bedienkonzeptes für Synthetic-Vision Darstellungen in hochagilen FlugzeugenDiplomarbeit2008Air-to-Air Air-to-Surface Anzeige Bedienkonzept Biomechatronik Defence Diplomarbeit EADS EF-2000 Einstellbereiche Eurofighter European_Aeronautic_Defence_and_Space_Company Flugphasen Flugzeuge Großflächendisplay HMI Maschinenbau Mechatronik Mensch-Maschine-Schnittstelle Military_Air_Systems Navigation OpenGL OpenInventor PanDis Panoramic_Display Security Synthetic-Vision Synthetic_Vision TU_Ilmenau Touchscreen VAPS_XT Voreinstellung berührungsempfindliche hochagil human-machine_interface künstliche_Außenansicht own variable_Eigenschaften Seit einigen Jahren werden die Anzeigen von Flugzeugcockpits vermehrt zur Darstellung einer künstlichen Außenansicht genutzt. Diese computergenerierten Abbildung der Realität wird aus Datenbank- und Sensorinformationen erzeugt. Die damit erzeugte Außenansicht kann man in Eigenschaften und Inhalte untergliedern. Sie wird in der zivilen Luftfahrt als primäre Fluganzeige eingesetzt um schwere Unfälle, wie z.B. einen "controlled flight into terrain" oder "runway incursions", zu verhindern. Um den Pilot eines Mehrzweckkampflugzeuges bei der Ausführung von militärischen Mission zu unterstützen, müssen die Eigenschaften einer künstlichen Außenansicht variabel und manipulierbar sein. Um dies zu realisieren wurden im Rahmen von Experteninterviews adäquate Voreinstellungen und Verstellmöglichkeiten der Eigenschaften, wie zum Beispiel das Sicht- oder Fokusfeld, für die Flugphasen "Air-to-Air", "Air-to-Surface" und "Navigation" ermittelt. In der anschließenden Evaluation wurden aus verschiedenen Bedienkonzepten die geeigneten Elementen für einen Konzeptvorschlag extrahiert. Das resultierende Bedienkonzept ermöglicht die intuitive Interaktion mit den Eigenschaften einer künstlichen Außenansicht in hochagilen Flugzeugen.http://www.bibsonomy.org/bibtex/2a6ac45d87c19d810afe18e30f9699a23/msteelemsteele2011-12-01T21:32:35+01:00MANET security verification <span class="authorEditorList"><a href="/author/Buttyán">L. Buttyán</a>, and <a href="/author/Thong">Ta Vinh Thong</a> </span><em>Wireless and Mobile Networking Conference WMNC, 2010 Third Joint IFIP, </em><em>page 1 -6. </em>(<em>October 2010</em>)Thu Dec 01 21:32:35 CET 2011Wireless and Mobile Networking Conference (WMNC), 2010 Third Joint IFIPoct.1 -6{Formal verification of secure ad-hoc network routing protocols using deductive model-checking}2010MANET security verification Ad-hoc networks do not rely on a pre-installed infrastructure, but they are formed by end-user devices in a self-organized manner. A consequence of this principle is that end-user devices must also perform routing functions. However, end-user devices can easily be compromised, and they may not follow the routing protocol faithfully. Such compromised and misbehaving nodes can disrupt routing, and hence, disable the operation of the network. In order to cope with this problem, several secured routing protocols have been proposed for ad-hoc networks. However, many of them have design flaws that still make them vulnerable to attacks mounted by compromised nodes. In this paper, we propose a formal verification method for secure ad-hoc network routing protocols that helps increasing the confidence in a protocol by providing an analysis framework that is more systematic, and hence, less error-prone than the informal analysis. Our approach is based on a new process calculus that we specifically developed for secure ad-hoc network routing protocols and a deductive proof technique. The novelty of this approach is that contrary to prior attempts to formal verification of secure ad-hoc network routing protocols, our verification method can be made fully automated.http://www.bibsonomy.org/bibtex/2dbc6c222b299829bf82cb606b00da4f9/gizmoguygizmoguy2011-11-12T19:33:05+01:00anonymity electronic employee privacy security <span class="authorEditorList"><a href="/author/Rwth">Thomas Wright Rwth</a> </span>(<em>2004</em>)Sat Nov 12 19:33:05 CET 2011Security, Privacy and Anonymity2004anonymity electronic employee privacy security http://www.bibsonomy.org/bibtex/2cd9e25ae11eddfff7ff77f73850ef5a8/msteelemsteele2011-09-09T14:08:44+02:00BISS security <span class="authorEditorList"><a href="/author/Capkun">S. Capkun</a>, and <a href="/author/Hubaux">J.P. Hubaux</a> </span><em>Proceedings of the 2nd ACM workshop on Wireless security, </em><em>page 21--29. </em><em>ACM, </em>(<em>2003</em>)Fri Sep 09 14:08:44 CEST 2011Proceedings of the 2nd ACM workshop on Wireless security21--29BISS: building secure routing out of an incomplete set of security associations2003BISS security http://www.bibsonomy.org/bibtex/2a24b6ae9805d80d0a064958a2ad25db1/juergen.muellerjuergen.mueller2011-08-10T17:10:20+02:002010 SPIT VoIP article h_da myown security spam <span class="authorEditorList"><a href="/author/Müller">Jürgen Müller</a>, and <a href="/author/Massoth">Michael Massoth</a> </span><em>International Journal on Advances in Telecommunications</em> <em>3(3&amp;4):193-202</em> (<em>2010</em>)Wed Aug 10 17:10:20 CEST 2011International Journal on Advances in Telecommunications3&4193-202Advanced Consideration of a Caller Pre-Validation Against Direct Spam Over Internet Telephony320102010 SPIT VoIP article h_da myown security spam Spam over Internet Telephony as the distribution of unwanted voice messages over Voice over Internet Protocol networks is an upcoming threat. It is harder to prevent than e-mail spam since its content is not available before the victim is annoyed. This is even more difficult if the spam is sent directly to the victim’s user equipment, bypassing the proxies of the service provider. Hence, this messages cannot be filtered, since the proxies are no longer participating in the transaction. This article presents a pre-validation mechanism, which ensures a minimum level of trust about the caller. It assumes that a legal registered user does not send any spam, since his service provider will penalize him if he does so. Therefore, the pre-validation mechanism sends some requests to the presence server of the provider and the user equipment of the caller to validate their existence. This enables the knowledge to allow a call attempt of an unknown user.http://www.bibsonomy.org/bibtex/27316811329d2e58e6f8c5687791fd7c9/juergen.muellerjuergen.mueller2011-08-10T17:05:05+02:002010 SPIT VoIP awarded h_da inproceedings myown security spam <span class="authorEditorList"><a href="/author/Müller">Jürgen Müller</a>, and <a href="/author/Massoth">Michael Massoth</a> </span><em>2010 Sixth Advanced International Conference on Telecommunications AICT 2010, Barcelona, Spain, 9-15 May 2010, </em><em>page 172--177. </em><em>Los Alamitos, CA, USA, </em><em>IEEE Computer Society, </em>(<em>2010</em>)<em>Best Paper Award . </em>Wed Aug 10 17:05:05 CEST 2011Los Alamitos, CA, USA2010 Sixth Advanced International Conference on Telecommunications (AICT 2010), Barcelona, Spain, 9-15 May 2010Best Paper Award172--177Defense Against Direct Spam Over Internet Telephony by Caller Pre-Validation20102010 SPIT VoIP awarded h_da inproceedings myown security spam Voice over Internet Protocol is a steady growing market. It saves a lot of money for providers as well as for users. However, spammers could also transmit their messages over this service. This so called Spam over Internet Telephony is more difficult to filter than e-mail spam, because its content is not available in advance. Two kinds of Spam over Internet Telephony can be differentiated: Spam over Internet Tele-phony via Proxy and Direct Spam over Internet Telephony. Direct Spam over Internet Telephony is the direct transmission of unsolicited messages to a lot of user equipment. Therefore, this is the most dangerous form of Spam over Internet Telephony, because no proxy is passed, which could be able to filter the message flow. A solution to face Direct Spam over Internet Telephony is still missing. This gap is closed by the proposed caller pre-validation mechanism. The basic idea is to get more information about an incoming direct call. Only calls of existing participants are connected. The caller is trusted if his existence can be validated successfully. So, a first technique against Direct Spam over Internet Telephony is given with the presented mechanism.http://www.bibsonomy.org/bibtex/2b22fb2590121085f833bdbdd383e5acd/juergen.muellerjuergen.mueller2011-08-10T17:02:07+02:002010 SPIT VoIP h_da inproceedings myown security spam <span class="authorEditorList"><a href="/author/Müller">Jürgen Müller</a>, and <a href="/author/Massoth">Michael Massoth</a> </span><em>Mobilkommunkation ITG-FB 223 - Technologien und Anwendungen, Vorträge der 15. ITG Fachtagung vom 19. bis 20. Mai 2010 in Osnabrück, </em><em>page 107-113. </em><em>Berlin / Offenbach, Germany, </em><em>VDE/ITG, </em>(<em>2010</em>)Wed Aug 10 17:02:07 CEST 2011Berlin / Offenbach, GermanyMobilkommunkation (ITG-FB 223) - Technologien und Anwendungen, Vorträge der 15. ITG Fachtagung vom 19. bis 20. Mai 2010 in Osnabrück107-113Abwehr von Direct Spam over Internet Telephony mittels Anrufer Pre-Validierung20102010 SPIT VoIP h_da inproceedings myown security spam Voice over Internet Protocol gewinnt stetig an Bedeutung. Es ermöglicht umfassende Kosteneinsparungen für Dienstanbieter und Endkunden, jedoch auch für Spammer. Durch den Einsatz von Voice over Internet Protocol wird das Medium der Telefonie für sie erstmals kostengünstig zugänglich. Spam over Internet Protocol bezeichnet die Übertragung unerwünschter Nachrichten mittels Sprache über das Internet. Durch die temporäre Adresse des Session Initiation Protocol ist es zusätzlich möglich, den Teilnehmer Peer to Peer auf seinem Endgerät zu kontaktieren. Die Signalisierungsnachrichten werden hier direkt an das Endgerät des Angerufenen gesendet. Das dadurch entstehende und als am gefährlichsten einzustufende Direct Spam over Internet Telephony kann bisher nicht effektiv abgewehrt werden. Der in diesem Papier vorgestellte Anrufer Pre-Validierungs-Mechanismus geht auf dieses Problem ein. Dabei wird die Existenz des Anrufers bei dessen Betreiber sowie des anrufenden Telefons validiert. Stimmen beide Angaben überein, ist mit diesem Mechanismus sicher gestellt, dass der Anrufer wirklich existiert und unter der angegebenen Adresse registriert ist. Somit kann ihm ein gewisses Vertrauen gegenüber gebracht werden, da er von seinem Dienstanbieter sanktioniert werden kann, sollte er Spam versenden.http://www.bibsonomy.org/bibtex/29dc9786a54eba78d863e841753205122/juergen.muellerjuergen.mueller2011-08-10T16:25:16+02:002009 SPIT VoIP h_da myown security spam thesis <span class="authorEditorList"><a href="/author/Müller">Jürgen Müller</a> </span><em>Hochschule Darmstadt University of Applied Sciences, </em><em>Master&#039;s thesis, </em>(<em>September 2009</em>)Wed Aug 10 16:25:16 CEST 2011sepSpam over Internet Telephony und Privacy im Kontext des IP Multimedia SubsystemMaster's thesis20092009 SPIT VoIP h_da myown security spam thesis The change into next generation networks is in progress. One of the keytechnologies for the new corenetworks is the IP multimedia Subsystem. At the same time the amount of E-Mail-Spam is growing. The quantity of E-Mail-Spam has risen to around 85 %. This development in the voice over internet protcol sector threatens the whole service. The existance of spam over internet telephony was proven by an experiment of the University of Duisburg-Essen. The distribution of spam over internet telephony was demonstrated by an experimental Honeypot. This proves, that spam over internet telephony is a real problem. The object of this thesis is to establish methods of spam over internet telephony prevention. However, these methods only work with strong identitys. For this reason the thesis at hand describes securityprocedures for authentication of the participants. But the session initiation protocol allows peer-to-peer-calls. Since the direct transmission of spam over internet telephony bypasses the IP multimedia Subsystem, servers are not able to check the messages for spam over internet telephony. Therefore this thesis developes a concept to provide protection against this form of spam over internet telephony.http://www.bibsonomy.org/bibtex/2023eb40f923c135cacd974c269afd411/msteelemsteele2011-07-29T17:30:09+02:00P2P attacks security <span class="authorEditorList"><a href="/author/Zeinalipour-Yazti">D. Zeinalipour-Yazti</a> </span><em>Computer</em> (<em>2002</em>)Fri Jul 29 17:30:09 CEST 2011ComputerExploiting the security weaknesses of the gnutella protocol2002P2P attacks security http://www.bibsonomy.org/bibtex/22e06bf0900ec0d0709b6b533aaa582d4/msteelemsteele2011-07-19T05:41:17+02:00DHT KAD P2P attack security <span class="authorEditorList"><a href="/author/Wang">P. Wang</a>, <a href="/author/Tyra">J. Tyra</a>, <a href="/author/Chan-Tin">E. Chan-Tin</a>, <a href="/author/Malchow">T. Malchow</a>, <a href="/author/Kune">D.F. Kune</a>, <a href="/author/Hopper">N. Hopper</a>, and <a href="/author/Kim">Y. Kim</a> </span><em>Proceedings of the 4th international conference on Security and privacy in communication netowrks, </em><em>page 1--10. </em><em>ACM, </em>(<em>2008</em>)Tue Jul 19 05:41:17 CEST 2011Proceedings of the 4th international conference on Security and privacy in communication netowrks1--10Attacking the kad network2008DHT KAD P2P attack security http://www.bibsonomy.org/bibtex/218293ee713da05a89389bfbad82e4356/msteelemsteele2011-07-17T23:45:03+02:003G attack crytpography security <span class="authorEditorList"><a href="/author/Dunkelman">Orr Dunkelman</a>, <a href="/author/Keller">Nathan Keller</a>, and <a href="/author/Shamir">Adi Shamir</a> </span><em>Cryptology ePrint Archive, Report 2010/013, </em>(<em>2010</em>)<em>http://eprint.iacr.org/ . </em>Sun Jul 17 23:45:03 CEST 2011Cryptology ePrint Archive, Report 2010/013\url{http://eprint.iacr.org/}A Practical-Time Attack on the A5/3 Cryptosystem Used in Third Generation GSM Telephony20103G attack crytpography security http://www.bibsonomy.org/bibtex/206ad7062b8a54f4e2f68efbab13b7fc6/msteelemsteele2011-07-15T19:10:40+02:00link_layer network_layer security <span class="authorEditorList"><a href="/author/None"> None</a> </span>(<em>2003</em>)Fri Jul 15 19:10:40 CEST 2011{Link Layer and Network Layer Security for Wireless Networks}2003link_layer network_layer security http://www.bibsonomy.org/bibtex/263b8d811f83387d1e0adbd62761d33f7/msteelemsteele2011-07-15T19:06:19+02:00link_layer network security ad-hoc <span class="authorEditorList"><a href="/author/Islam">M.M. Islam</a>, <a href="/author/Pose">R. Pose</a>, and <a href="/author/Kopp">C. Kopp</a> </span><em>proceedings of Australian Telecommunication Networks and Applications Conference, </em><em>Citeseer, </em>(<em>2004</em>)Fri Jul 15 19:06:19 CEST 2011proceedings of Australian Telecommunication Networks and Applications ConferenceA Link Layer Security Protocol for Suburban Ad-Hoc Networks2004link_layer network security ad-hoc http://www.bibsonomy.org/bibtex/291b843196aba139db03786256d1c8621/msteelemsteele2011-07-15T19:02:50+02:00adversary adverse security unanimity <span class="authorEditorList"><a href="/author/Dolev">D. Dolev</a> </span><em>Foundations of Computer Science, 1981. SFCS&#039;81. 22nd Annual Symposium on, </em><em>page 159--168. </em><em>IEEE, </em>(<em>1981</em>)Fri Jul 15 19:02:50 CEST 2011Foundations of Computer Science, 1981. SFCS'81. 22nd Annual Symposium on159--168Unanimity in an unknown and unreliable environment1981adversary adverse security unanimity http://www.bibsonomy.org/bibtex/2bd14b7651e98ad2f3cc77e7afba30116/msteelemsteele2011-07-15T15:18:02+02:00ad-hoc attack cryptographic_schemes cryptography denial-of-service key_management_service land_mobile_radio military_tactical_operations mobile_hosts mobile_wireless_networks network network_design network_redundancy networking_environment public_key_cryptography public_key_infrastructure radio_networks replication routing secure security security-sensitive_operations security_attacks seminal telecommunication threshold_cryptography wireless_networking_paradigm <span class="authorEditorList"><a href="/author/Zhou">Lidong Zhou</a>, and <a href="/author/Haas">Z.J. Haas</a> </span><em>Network, IEEE</em> <em>13(6):24 -30</em> (<em>November 1999</em>)Fri Jul 15 15:18:02 CEST 2011Network, IEEEnov624 -30Securing ad hoc networks131999ad-hoc attack cryptographic_schemes cryptography denial-of-service key_management_service land_mobile_radio military_tactical_operations mobile_hosts mobile_wireless_networks network network_design network_redundancy networking_environment public_key_cryptography public_key_infrastructure radio_networks replication routing secure security security-sensitive_operations security_attacks seminal telecommunication threshold_cryptography wireless_networking_paradigm Ad hoc networks are a new wireless networking paradigm for mobile hosts. Unlike traditional mobile wireless networks, ad hoc networks do not rely on any fixed infrastructure. Instead, hosts rely on each other to keep the network connected. Military tactical and other security-sensitive operations are still the main applications of ad hoc networks, although there is a trend to adopt ad hoc networks for commercial uses due to their unique properties. One main challenge in the design of these networks is their vulnerability to security attacks. In this article, we study the threats on ad hoc network faces and the security goals to be achieved. We identify the new challenges and opportunities posed by this new networking environment and explore new approaches to secure its communication. In particular, we take advantage of the inherent redundancy in ad hoc networks-multiple routes between nodes-to defend routing against denial-of-service attacks. We also use replication and new cryptographic schemes, such as threshold cryptography, to build a highly secure and highly available key management service, which terms the core of our security framework