E-Book, Englisch, 125 Seiten
Blyth / Sutherland EC2ND 2006
1. Auflage 2010
ISBN: 978-1-84628-750-3
Verlag: Springer
Format: PDF
Kopierschutz: 1 - PDF Watermark
Proceedings of the Second European Conference on Computer Network Defence, in conjunction with the First Workshop on Digital Forensics and Incident Analysis
E-Book, Englisch, 125 Seiten
ISBN: 978-1-84628-750-3
Verlag: Springer
Format: PDF
Kopierschutz: 1 - PDF Watermark
This book contains the proceedings of the Second European Conference on Computer Network Defence, which took place in December 2006. The conference focused on the protection of computer networks and attracted participants from national and international organisations. The papers collected in this book include contributions from leading figures in the field and are a valuable source of reference for both researcher and practitioner.
Autoren/Hrsg.
Weitere Infos & Material
1;Title Page;3
2;Copyright page;4
3;Dear Delegates;5
4;Table of Contents
;7
5;Section I: Computer Network Defence;8
5.1;Efficient Sampling of the Structure of Crypto Generators' State Transition Graphs
;9
5.1.1;1 Introduction;9
5.1.2;2 Relevant Facts and Previous Work;10
5.1.3;3 Efficient Sampling;12
5.1.4;4 Experimental Results;14
5.1.4.1;4.1 Performance Results;14
5.1.4.2;4.2 Generator Properties;15
5.1.5;5 Conclusions and Future Work;18
5.1.6;References;18
5.2;Mandatory Access Control applications to web hosting;19
5.2.1;1. Introduction;19
5.2.2;2. Hosting: security and performance issues;20
5.2.2.1;2.1. Virtual hosting of dynamic sites with Apache;20
5.2.2.1.1;2.1.1. CGI performance and security issues;20
5.2.2.1.2;2.1.2. Server-side scripting performance and security issues;21
5.2.2.2;2.2. PHP and suPHP;21
5.2.3;3. Security-enhanced suPHP;22
5.2.3.1;3.1. SELinux basic concepts;22
5.2.3.2;3.2. Design of base policies for domain operation;23
5.2.3.3;3.3. Module-invoked domain transition;24
5.2.3.4;3.4. Wrapper-invoked domain transition;25
5.2.3.5;3.5. Policy-driven domain transition;26
5.2.4;4. Implementation;26
5.2.4.1;4.1. Configuration notes;26
5.2.4.2;4.2 Performance evaluation;27
5.2.5;5. Conclusions;28
5.2.6;References;28
5.3;Outsourcing Security Services for Low Performance Portable Devices
;29
5.3.1;1 Introduction;29
5.3.2;2 Architecture of the security proxy;30
5.3.3;3 Outsourced authentication;31
5.3.4;4 Routing issues;31
5.3.5;5 Security Proxy Control Protocol;33
5.3.5.1;5.1 Communication between the portable device and the security proxy;33
5.3.5.2;5.2 Communication between the security proxy and the router;34
5.3.5.3;5.3 Example: establishing an IPSec session;34
5.3.6;6 Security issues;35
5.3.7;7 Results;36
5.3.8;8 Summary;37
5.3.9;9 Acknowledgements;37
5.3.10;References;38
5.4;Public Verifiable Multi-sender Identity Based Threshold Signcryption
;39
5.4.1;1 Introduction;39
5.4.1.1;1.1 Threshold Cryptography;39
5.4.1.2;1.2 Identity Based Signcryption with Public Verifiability;39
5.4.1.3;1.3 Related works and Our Contributions;40
5.4.2;2 Preliminaries;40
5.4.2.1;2.1 Pairings and Quadratic Residue;40
5.4.2.2;2.2 Protocol Emulation;41
5.4.3;3 Multi-sender Threshold Signcryption Model and Security Requirements
;41
5.4.3.1;3.1 System Model;41
5.4.3.2;3.2 Security Requirements;42
5.4.4;4 The Proposed Original Signcryption;42
5.4.5;5 The Proposed Threshold Signcryption;42
5.4.6;6 Efficiency Analysis;43
5.4.7;7 Security Proofs;43
5.4.7.1;7.1 The Security of the Original Signcryption;44
5.4.7.2;7.2 The Security of the Threshold Signcryption;44
5.4.8;8 Conclusion;45
5.4.9;References;45
5.5;A Discussion on the Role of Deception in Information Operations for the Defence of Computer Networksa
;49
5.5.1;1. Introduction;49
5.5.2;2. Elements of Deception in Conventional Warfare and Information Operations
;50
5.5.3;3. Towards the Integration of Deception in Computer Networks;53
5.5.4;4. Conclusions;56
5.5.5;References;56
5.6;A New Approach to Understanding Information Assurance
;59
5.6.1;1 Introduction;59
5.6.2;2 The Meaning of Security;59
5.6.3;3 Understanding Security Requirements;60
5.6.4;4 Business Impact versus Security;61
5.6.4.1;4.1 Product Assurance;62
5.6.4.2;4.2 Service Assurance;62
5.6.4.3;4.3 System Assurance;63
5.6.4.4;4.4 System Configuration Test;63
5.6.4.5;4.5 Compliance Process;64
5.6.4.6;4.6 Crypto Assurance;64
5.6.4.7;4.7 Protective Marking;65
5.6.5;5 Conclusion;65
5.6.6;6 Acknowledgements;65
5.6.7;7 References;65
5.7;Robust Public Key Cryptography - A New Cryptosystem Surviving Private Key Compromise
;67
5.7.1;1. Introduction;67
5.7.2;2. Robust Public Key Cryptography;67
5.7.3;3. Blind Key Algorithm;69
5.7.4;4. Proving N=M;70
5.7.5;5. Breaking the Security;71
5.7.6;6. Conclusion;72
5.7.7;References;72
6;Section II: Digital Forensics & Incident Analysis
;73
6.1;Review of Forensic Tools for Smartphones;74
6.1.1;1. Introduction;74
6.1.2;2. Generic Smart Phone overview;76
6.1.2.1;2.1. Removable media;77
6.1.2.2;2.2. The Subscriber Identity Module (SIM) Types;79
6.1.2.3;2.3. SIM Card Contents
;81
6.1.3;3. Forensic Tools;82
6.1.3.1;3.1 Handset Based Tools;82
6.1.3.2;3.2 OS Based Tools;83
6.1.3.3;3.3 SIM Based Tools;84
6.1.3.4;3.4. SIM Contents Recovery;85
6.1.3.5;3.5. Review of flaws and weaknesses
;85
6.1.3.5.1;3.5.1 GSM SIM Requirement Bypass Mechanism
;85
6.1.3.5.2;3.5.2 User Login;86
6.1.3.5.3;3.5.3. Reports;86
6.1.3.5.4;3.5.4. Viewing and Antivirus;86
6.1.3.5.5;3.5.5. Hardware Standardization;86
6.1.3.5.6;3.5.6. Timeline;87
6.1.3.5.7;3.5.7. Password Recovery;87
6.1.4;Conclusions;87
6.1.5;References;87
6.2;Oscar - Using Byte Pairs to Find File Type and Camera Make of Data Fragments
;90
6.2.1;1 Introduction;90
6.2.2;2 Method;91
6.2.2.1;2.1 2-gram Oscar;92
6.2.2.2;2.2 Advantages and Disadvantages;92
6.2.3;3 Evaluation;93
6.2.3.1;3.1 File type identification;93
6.2.3.2;3.2 Camera recognition;94
6.2.4;4 Result and Discussion;94
6.2.4.1;4.1 File type identification;95
6.2.4.2;4.2 Camera recognition;95
6.2.4.3;4.3 Discussion;96
6.2.5;5 Related Work;97
6.2.6;6 Conclusion and Future Work;98
6.2.7;References;98
6.3;An empirical methodology derived from the analysis of information remaining on second hand hard disks.
;100
6.3.1;1 Introduction;100
6.3.2;2 Forensic Race;101
6.3.3;3 A proposal for an empirical approach;103
6.3.3.1;3.1 Further details about the methodology;104
6.3.4;4 Advantages of the proposed methodology;105
6.3.4.1;4.1 Providing some examples;106
6.3.5;5 Conclusions;108
6.3.5.1;5.1 Acknowledgements;108
6.3.6;References;108
6.4;Towards Trustable Digital Evidence with PKIDEV: PKI Based Digital Evidence Verification Modeli
;109
6.4.1;1 Introduction;109
6.4.2;2 Challenges;110
6.4.3;3 Shortcomings of Digital Signatures and PKI;111
6.4.4;4 Related Work;112
6.4.5;5 PKIDEV Model;112
6.4.5.1;5.1 Components of the Model;113
6.4.5.2;5.2 How PKIDEV Model Works;114
6.4.6;6 Benefits of the Model;116
6.4.7;7 Conclusion and Future Work;117
6.4.8;References;118
6.5;Professionalism in Computer Forensics;119
6.5.1;1. Introduction;120
6.5.2;2. Professionalism in Computing;121
6.5.3;3. Positioning Computer Forensics;121
6.5.4;4. Professional Issues in Computer Forensics;123
6.5.5;5. Certification in Computer Forensics
;125
6.5.6;6. Continuous Professional Conduct;126
6.5.7;7. Consideration of Post Traumatic Stress Disorder;126
6.5.8;8. Practitioner Framework for Professionalism in Computer Forensics
;127
6.5.9;9. What can Universities do?;127
6.5.10;10. Future Development;128
6.5.11;11. Summary;128
6.5.12;References;128
"A New Approach to Understanding Information Assurance (p. 53-54)
Abstract: The growth of technologies such as ubiquitous and the mobile computing has resulted in the need for a rethinking of the security paradigm. Over the past forty years technology has made fast steps forward, yet most organisations still view security in terms of Confidentiality, Integrity and Availability (CIA). This model of security has expanded to include NonRepudiation and Authentication. However this thinking fails to address the social, ethical and business requirements that the modem use of computing has generated.
Today computing devices are integrated into every facet of business with the result that security technologies have struggled to keep pace with the rate of change. In this paper we will argue that the currently view that most organisations/stakeholders have of security is out-of-date, or in some cases wrong, and that the new view of security needs to be rooted in business impact and business function.
1 Introduction
The growth of technologies related to remote/distance working has lead to the creation of ubiquitous computing and the GRID. GRID and ubiquitous computing function by distributing the processes and storage capacity across a network. This move towards distributed computing has pushed organisations towards the use of shared resources and shared infrastructure. This drive towards co-operative working and resource/infrastructure sharing has resulted in the need to re-think and re-assess the meaning of terms like information assurance, threat and risk management.
2 The Meaning of Security
Before the advent of the personal computer if you wanted to use a computer then you had to make use of a main-frame. These were large computers that where housed in large computer rooms, and costs millions of dollars. The rainbow book series was a series of books that came out of the US Department of Defense .
The Orange book attempted to provide a semantic interpretation of security. It achieved this through the imposition of an ontological framework that allows us to structure and formally represented our understanding of security. This ontological framework views security from a technical/mathematical perspective and lead to the creation of the Bell-LaPadula module of security [5].
Later standards such as ITSEC and Common-Criteria have moved towards a more function descriptive view of security that is cognizant of growth of personal computing devices . While other standards such as BS7799 and ISO-2700 I [2] have attempted to approach security from a business perspective. However all of these standards start from an assumption that the stakeholder who owns the security problem is fully aware of what their security requirements are, and thus is full able to articulate them. In this paper we will present a new meaning of security based upon the concept of business impact upon a set of seven assurance requirements. The term business impact is defined as follows:
"The result of an information security incident on business functions and the effect that a business interruption might have upon them.""
