Security Requirements

The Java Cryptography Architecture, JCA in short, was created to allow JCA-compliant cryptography providers to be plugged into a JCA-aware application at run time. This configurable feature makes JCA widely used and assures its success. However, the public key cryptographic service interfaces defined by JCA are based on the conventional public key cryptography, which is a single-sender-singlereceiver model, and does not accommodate the group-based public key cryptography well. Especially, it does not support the threshold cryptography (TC), an important type of group-based public key cryptography, which has been shown to be a useful tool to enhance system security. As a step towards the systematic application of group-based public key cryptography, this article proposes an extension to the JCA framework to integrate threshold cryptography. Under this extension, various TC providers implementing different TC primitives can be plugged into a security application at run-time. This extension also makes it easy for a existing JCA-aware application to be migrated to use threshold cryptography. An example provider of threshold RSA is implemented under this framework extension. It is our belief that such an extension would help speed up the adoption of threshold cryptography.

The notion of Zero Knowledge introduced by Goldwasser, Micali and Rackoff in STOC 1985 is fundamental in Cryptography. Motivated by conceptual and practical reasons, this notion has been explored under stronger definitions. We will consider the following two main strengthened notions. Statistical Zero Knowledge: here the zero-knowledge property will last forever, even in case in future the adversary will have unlimited power. Concurrent Non-Malleable Zero Knowledge: here the zeroknowledge property is combined with non-transferability and the adversary fails in mounting a concurrent man-in-the-middle attack aiming at transferring zero-knowledge proofs/arguments. Besides the well-known importance of both notions, it is still unknown whether one can design a zero-knowledge protocol that satisfies both notions simultaneously. In this work we shed light on this question in a very strong sense. We show a statistical concurrent non-malleable zero-knowledge argument system for N P with a black-box simulator-extractor.

the AuThoRs Ana Isabel González-Tablas Ferreres is an assistant professor in the Computer Science Department at universidad Carlos III de madrid. Her main research interests are security and privacy for location-based services and digital signature applications. González-tablas Ferreres received her phD in computer science from universidad Carlos III de madrid. She's a member of the IEEE and ACm.

Over decades quantum cryptography has been intensively studied for unconditionally secured data transmission in a quantum regime. Due to the quantum loopholes caused by imperfect single photon detectors and/or lossy quantum channels, however, the quantum cryptography is practically inefficient and even vulnerable to eavesdropping. Here, a method of unconditionally secured key distribution potentially compatible with current fiber-optic communications networks is proposed in a classical regime for high-speed optical backbone networks. The unconditional security is due to the quantum superposition-caused measurement indistinguishability of a paired transmission channel and its unitary transformation resulting in deterministic randomness corresponding to the no-cloning theorem in a quantum regime.

There has been a growing interest in investigating methodologies to support the development of secure systems in the software engineering research community. Recently, much attention has been focused on the modelling and analysis of security properties for systems at the software architecture design level. The potential benefits of this architecture level work are substantial: security flaws can be detected and removed earlier in the software development life-cycle. This reduces development time, reduces development cost, and improves the quality of the resulting system. As a result of this attention, a wide variety of approaches have been proposed in the literature. At this point, a survey for researchers involved in the problem of systematically modelling and analyzing software architecture design that have security properties would be of value to the community. This paper presents such a survey; it includes a discussion of semi-formal, formal, integrated semi-formal and formal, and aspect-oriented approaches. Comparison criteria are defined including: the kinds of notations used to model the security properties (e.g., Petri nets, temporal logic, etc.), whether the approach supports the manual or automated analysis of security properties, the specific security property modelled (e.g., authentication, role-based access control, etc.), and the kind of example system that has been used to illustrate the approach (information, distributed, etc.).

The vision of nomadic computing with its ubiquitous access has stimulated much interest in the Mobile Ad Hoc Networking (MANET) technology. Those infrastructureless, self-organized networks that either operate autonomously or as an extension to the wired networking infrastructure, are expected to support new MANET-based applications. However, the proliferation of this networking paradigm is strongly dependent on the availability of security provisions, among other factors. The absence of infrastructure, the nature of the envisioned applications, and the resource-constrained environment pose some new challenges in securing the protocols in the ad hoc networking environments. In particular, the security requirements can differ significantly from those for infrastructure-based networks, while the provision of security enhancements may take completely different directions as well. In this paper, we study the schemes proposed to secure mobile ad hoc networks. We expose the primary goals of security enhancements, shedding light on the commensurate challenges, and survey the up-to-date literature on this topic. Then, we introduce our approach to such a multifaceted and intriguing problem. Finally, we identify some open problems and plausible approaches. plausible for different network instances. Although the discussion throughout a great part of the paper lends itself to all types of ad hoc networks, it is important to realize that not all solutions can be applied in all ad hoc networking environments. Moreover, it is necessary to emphasize the relative importance of addressing certain security issues, which can be considered, to some extent, as prerequisites for solutions to other security problems. In the following sections, we will present the challenges posed by the MANET environment, survey the relevant literature, identify the limitations of the proposed approaches, and suggest directions for future solutions. The overall problem of securing a distributed system comprises the security of the networked environment, and the security of each individual network node. The latter issue is important due to the pervasive nature of MANET, which does not allow us to assume that networked devices will always be under the continuous control of their owner. As a result, the physical security of the node becomes an important issue, leading to the requirement of tamperresistant nodes , if comprehensive security is to be provided. However, security problems manifest themselves in a more emphatic manner in a networked environment, and especially in mobile ad hoc networks. This is why in this work we focus on the network-related security issues. Security encompasses a number of attributes that have to be addressed: availability, integrity, authentication, confidentiality, non-repudiation and authorization. These goals, which are not MANET-specific only, call for approaches that have to be adapted to the particular features of MANET. First, we provide a generic definition of each goal, and, then, we expose in detail the challenges posed by this new networking paradigm. Availability ensures the survivability of network services despite misbehavior of network nodes; for instance, when nodes exhibit selfish behavior or when denial-of-service (DoS) attacks are mounted. DoS attacks can be launched at any layer of an ad hoc network. For example, an adversary could use jamming to interfere with communication at the physical layer, or, at the network layer, it could disrupt the routing protocol operation, disabling the operation of the route discovery procedure. Moreover, the adversary could bring down high-level services. One such target is the key management service, an essential service for an implementation of any security framework. Integrity guarantees that a message being transferred is not altered. A message could be altered because of benign failures, such as radio propagation impairments, or because of malicious attacks on the network. In addition, integrity viewed in the specific context of a connection, that is, the communication of two or more nodes, can provide the assurance that no messages are removed, replayed, reordered (if re-ordering would cause loss of information), or unlawfully inserted. Authentication enables a node to ensure the identity of the peer node that it is communicating with. Without

The vision of nomadic computing with its ubiquitous access has stimulated much interest in the Mobile Ad Hoc Networking (MANET) technology. Those infrastructureless, self-organized networks that either operate autonomously or as an extension to the wired networking infrastructure, are expected to support new MANET-based applications. However, the proliferation of this networking paradigm is strongly dependent on the availability of security provisions, among other factors. The absence of infrastructure, the nature of the envisioned applications, and the resource-constrained environment pose some new challenges in securing the protocols in the ad hoc networking environments. In particular, the security requirements can differ significantly from those for infrastructure-based networks, while the provision of security enhancements may take completely different directions as well. In this paper, we study the schemes proposed to secure mobile ad hoc networks. We expose the primary goals of security enhancements, shedding light on the commensurate challenges, and survey the up-to-date literature on this topic. Then, we introduce our approach to such a multifaceted and intriguing problem. Finally, we identify some open problems and plausible approaches. plausible for different network instances. Although the discussion throughout a great part of the paper lends itself to all types of ad hoc networks, it is important to realize that not all solutions can be applied in all ad hoc networking environments. Moreover, it is necessary to emphasize the relative importance of addressing certain security issues, which can be considered, to some extent, as prerequisites for solutions to other security problems. In the following sections, we will present the challenges posed by the MANET environment, survey the relevant literature, identify the limitations of the proposed approaches, and suggest directions for future solutions. The overall problem of securing a distributed system comprises the security of the networked environment, and the security of each individual network node. The latter issue is important due to the pervasive nature of MANET, which does not allow us to assume that networked devices will always be under the continuous control of their owner. As a result, the physical security of the node becomes an important issue, leading to the requirement of tamperresistant nodes , if comprehensive security is to be provided. However, security problems manifest themselves in a more emphatic manner in a networked environment, and especially in mobile ad hoc networks. This is why in this work we focus on the network-related security issues. Security encompasses a number of attributes that have to be addressed: availability, integrity, authentication, confidentiality, non-repudiation and authorization. These goals, which are not MANET-specific only, call for approaches that have to be adapted to the particular features of MANET. First, we provide a generic definition of each goal, and, then, we expose in detail the challenges posed by this new networking paradigm. Availability ensures the survivability of network services despite misbehavior of network nodes; for instance, when nodes exhibit selfish behavior or when denial-of-service (DoS) attacks are mounted. DoS attacks can be launched at any layer of an ad hoc network. For example, an adversary could use jamming to interfere with communication at the physical layer, or, at the network layer, it could disrupt the routing protocol operation, disabling the operation of the route discovery procedure. Moreover, the adversary could bring down high-level services. One such target is the key management service, an essential service for an implementation of any security framework. Integrity guarantees that a message being transferred is not altered. A message could be altered because of benign failures, such as radio propagation impairments, or because of malicious attacks on the network. In addition, integrity viewed in the specific context of a connection, that is, the communication of two or more nodes, can provide the assurance that no messages are removed, replayed, reordered (if re-ordering would cause loss of information), or unlawfully inserted. Authentication enables a node to ensure the identity of the peer node that it is communicating with. Without

The vision of nomadic computing with its ubiquitous access has stimulated much interest in the Mobile Ad Hoc Networking (MANET) technology. Those infrastructureless, self-organized networks that either operate autonomously or as an extension to the wired networking infrastructure, are expected to support new MANET-based applications. However, the proliferation of this networking paradigm is strongly dependent on the availability of security provisions, among other factors. The absence of infrastructure, the nature of the envisioned applications, and the resource-constrained environment pose some new challenges in securing the protocols in the ad hoc networking environments. In particular, the security requirements can differ significantly from those for infrastructure-based networks, while the provision of security enhancements may take completely different directions as well. In this paper, we study the schemes proposed to secure mobile ad hoc networks. We expose the primary goals of security enhancements, shedding light on the commensurate challenges, and survey the up-to-date literature on this topic. Then, we introduce our approach to such a multifaceted and intriguing problem. Finally, we identify some open problems and plausible approaches. plausible for different network instances. Although the discussion throughout a great part of the paper lends itself to all types of ad hoc networks, it is important to realize that not all solutions can be applied in all ad hoc networking environments. Moreover, it is necessary to emphasize the relative importance of addressing certain security issues, which can be considered, to some extent, as prerequisites for solutions to other security problems. In the following sections, we will present the challenges posed by the MANET environment, survey the relevant literature, identify the limitations of the proposed approaches, and suggest directions for future solutions. The overall problem of securing a distributed system comprises the security of the networked environment, and the security of each individual network node. The latter issue is important due to the pervasive nature of MANET, which does not allow us to assume that networked devices will always be under the continuous control of their owner. As a result, the physical security of the node becomes an important issue, leading to the requirement of tamperresistant nodes , if comprehensive security is to be provided. However, security problems manifest themselves in a more emphatic manner in a networked environment, and especially in mobile ad hoc networks. This is why in this work we focus on the network-related security issues. Security encompasses a number of attributes that have to be addressed: availability, integrity, authentication, confidentiality, non-repudiation and authorization. These goals, which are not MANET-specific only, call for approaches that have to be adapted to the particular features of MANET. First, we provide a generic definition of each goal, and, then, we expose in detail the challenges posed by this new networking paradigm. Availability ensures the survivability of network services despite misbehavior of network nodes; for instance, when nodes exhibit selfish behavior or when denial-of-service (DoS) attacks are mounted. DoS attacks can be launched at any layer of an ad hoc network. For example, an adversary could use jamming to interfere with communication at the physical layer, or, at the network layer, it could disrupt the routing protocol operation, disabling the operation of the route discovery procedure. Moreover, the adversary could bring down high-level services. One such target is the key management service, an essential service for an implementation of any security framework. Integrity guarantees that a message being transferred is not altered. A message could be altered because of benign failures, such as radio propagation impairments, or because of malicious attacks on the network. In addition, integrity viewed in the specific context of a connection, that is, the communication of two or more nodes, can provide the assurance that no messages are removed, replayed, reordered (if re-ordering would cause loss of information), or unlawfully inserted. Authentication enables a node to ensure the identity of the peer node that it is communicating with. Without

The vision of nomadic computing with its ubiquitous access has stimulated much interest in the Mobile Ad Hoc Networking (MANET) technology. Those infrastructureless, self-organized networks that either operate autonomously or as an extension to the wired networking infrastructure, are expected to support new MANET-based applications. However, the proliferation of this networking paradigm is strongly dependent on the availability of security provisions, among other factors. The absence of infrastructure, the nature of the envisioned applications, and the resource-constrained environment pose some new challenges in securing the protocols in the ad hoc networking environments. In particular, the security requirements can differ significantly from those for infrastructure-based networks, while the provision of security enhancements may take completely different directions as well. In this paper, we study the schemes proposed to secure mobile ad hoc networks. We expose the primary goals of security enhancements, shedding light on the commensurate challenges, and survey the up-to-date literature on this topic. Then, we introduce our approach to such a multifaceted and intriguing problem. Finally, we identify some open problems and plausible approaches. plausible for different network instances. Although the discussion throughout a great part of the paper lends itself to all types of ad hoc networks, it is important to realize that not all solutions can be applied in all ad hoc networking environments. Moreover, it is necessary to emphasize the relative importance of addressing certain security issues, which can be considered, to some extent, as prerequisites for solutions to other security problems. In the following sections, we will present the challenges posed by the MANET environment, survey the relevant literature, identify the limitations of the proposed approaches, and suggest directions for future solutions. The overall problem of securing a distributed system comprises the security of the networked environment, and the security of each individual network node. The latter issue is important due to the pervasive nature of MANET, which does not allow us to assume that networked devices will always be under the continuous control of their owner. As a result, the physical security of the node becomes an important issue, leading to the requirement of tamperresistant nodes , if comprehensive security is to be provided. However, security problems manifest themselves in a more emphatic manner in a networked environment, and especially in mobile ad hoc networks. This is why in this work we focus on the network-related security issues. Security encompasses a number of attributes that have to be addressed: availability, integrity, authentication, confidentiality, non-repudiation and authorization. These goals, which are not MANET-specific only, call for approaches that have to be adapted to the particular features of MANET. First, we provide a generic definition of each goal, and, then, we expose in detail the challenges posed by this new networking paradigm. Availability ensures the survivability of network services despite misbehavior of network nodes; for instance, when nodes exhibit selfish behavior or when denial-of-service (DoS) attacks are mounted. DoS attacks can be launched at any layer of an ad hoc network. For example, an adversary could use jamming to interfere with communication at the physical layer, or, at the network layer, it could disrupt the routing protocol operation, disabling the operation of the route discovery procedure. Moreover, the adversary could bring down high-level services. One such target is the key management service, an essential service for an implementation of any security framework. Integrity guarantees that a message being transferred is not altered. A message could be altered because of benign failures, such as radio propagation impairments, or because of malicious attacks on the network. In addition, integrity viewed in the specific context of a connection, that is, the communication of two or more nodes, can provide the assurance that no messages are removed, replayed, reordered (if re-ordering would cause loss of information), or unlawfully inserted. Authentication enables a node to ensure the identity of the peer node that it is communicating with. Without

In this article we present a survey of secure ad hoc routing protocols for mobile wireless networks. A mobile ad hoc network is a collection of nodes that is connected through a wireless medium forming rapidly changing topologies. The widely accepted existing routing protocols designed to accommodate the needs of such self-organized networks do not address possible threats aiming at the disruption of the protocol itself. The assumption of a trusted environment is not one that can be realistically expected; hence, several efforts have been made toward the design of a secure and robust routing protocol for ad hoc networks. We briefly present the most popular protocols that follow the table-driven and the source-initiated on-demand approaches. Based on this discussion we then formulate the threat model for ad hoc routing and present several specific attacks that can target the operation of a protocol. In order to analyze the proposed secure ad hoc routing protocols in a structured way we have classified them into five categories: solutions based on asymmetric cryptography; solutions based on symmetric cryptography; hybrid solutions; reputation-based solutions; and a category of add-on mechanisms that satisfy specific security requirements. A comparison between these solutions can provide the basis for future research in this rapidly evolving area.

Despite the availability of approaches to specifying security requirements, we have identified a lack of comparative studies of those approaches and, subsequently, lack of guidance and useful tools to determine the most appropriate approach for a specific project. In this paper we propose SRRS (Security Requirements Recommendation System), which takes user input about the most desirable characteristics for their project and recommends the most appropriate approach. We provide an example of applying our system, and show how the SRRS process works in general.

Trustworthiness in services provided by the Critical Infrastructure (CI) is essentially dependent on the quality of underlying software, systems, practice and environment, as which the software information infrastructures are becoming increasingly a major component of business, industry, government and defense. The level of trustworthiness required from services that are operational in such critical software information infrastructures is often established based on standardized infrastructure-wide evaluation criteria -Certification and Accreditation (C&A)through the identification of operational risks and the determination of conformance with established security standards and best practices. In order to effectively establish such levels of trustworthiness for services in the CI, we identify the need for a structured and comprehensive C&A framework with appropriate tool support that combines its theoretical and practical aspects. In this paper, we present our efforts in developing such a framework that leverages novel techniques from software requirements engineering and knowledge engineering to support the automation of the Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP), which is a standard for certifying and accrediting the information networks that support the Defense Information Infrastructure (DII). Through the examples derived from our case study, we further motivate the applicability and appropriateness of our framework.

Establishing secure systems assurance based on Certification and Accreditation (C&A) activities, requires effective ways to understand the enforced security requirements, gather relevant evidences, perceive related risks in the operational environment, and reveal their causal relationships with other domain concepts. However, C&A security requirements are expressed in multiple regulatory documents with complex interdependencies at different levels of abstractions that often result in subjective interpretations and non-standard implementations. Their non-functional nature imposes complex constraints on the emergent behavior of software-intensive systems, making them hard to understand, predict, and control. To address these issues, we present novel techniques from software requirements engineering and knowledge engineering for systematically extracting, modeling, and analyzing security requirements and related concepts from multiple C&A-enforced regulatory documents. We employ advanced ontological engineering processes as our primary modeling technique to represent complex and diverse characteristics of C&A security requirements and related domain knowledge. We apply our methodology to build problem domain ontology from regulatory documents enforced by the Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP).

The rapid development in electronic commerce and information technology drives the traditional physical product trading evolved to digital product trading. With the effect of the multi-agents system in the Internet environment and the promotions of Government, digital product industry grows fast. The authors proposed a digital product transaction mechanism for electronic auction in the multi-agents system environment. The research introduced a convenient platform to protect the privacies of both buyers and sellers, and track digital product further in an electronic auction environment. In addition, by using simple cryptography techniques supplemented with encryption, the authors ensure the security of information transactions, thereby providing a mechanism of safe and fair digital product electronic auction. In order to provide a dependable trust, security and privacy environment for e-commerce, some proper security issues are 248

Cryptography is one way to transfer secure information over unsecure network such as Internet. In this paper we are proposing a safe method to transmit data over Internet. In our application, the data sent to a remote host is encrypted first using encryption key then the data is sent to the destination machine. We are performing matrix transformations which are based on circular queue techniques and random functions. At the sender side the first step is to convert the original message into an image, and then perform various transformations on image matrix randomly such as circular left shift, circular right shift and reverse.

Cross domain resource sharing and collaborations have become pervasive in today's service oriented organizations. Existing approaches for the realization of cross domain access control are either focused on the model level only without concrete implementation mechanisms, or not general enough to provide a flexible framework for enterprise web applications. In this paper, we present xDAuth, a framework for the realization of cross domain access control and delegation with RESTful web service architecture. While focusing on real issues under the context of cross domain access scenarios such as no predefined trust relationship between a service provider domain and service requestor domain, xDAuth leverages existing web technologies to realize desired security requirements while supporting flexible and scalable security policies and privacy protection with low performance overhead. We have implemented xDAuth in a medical module in OpenERP, an open source ERP system. Our evaluation demonstrates that xDAuth is a feasible framework towards general cross domain access control for service oriented architectures.

A Distributed Key Generation (DKG) protocol is an essential component of threshold cryptosystems required to initialize the cryptosystem securely and generate its private and public keys. In the case of discrete-log-based (dlog-based) threshold signature schemes (ElGamal and its derivatives), the DKG protocol is further used in the distributed signature generation phase to generate one-time signature randomizers (r = g k ). In this paper we show that a widely used dlog-based DKG protocol suggested by Pedersen does not guarantee a uniformly random distribution of generated keys: we describe an efficient active attacker controlling a small number of parties which successfully biases the values of the generated keys away from uniform. We then present a new DKG protocol for the setting of dlog-based cryptosystems which we prove to satisfy the security requirements from DKG protocols and, in particular, it ensures a uniform distribution of the generated keys. The new protocol can be used as a secure replacement for the many applications of Pedersen's protocol. Motivated by the fact that the new DKG protocol incurs additional communication cost relative to Pedersen's original protocol, we investigate whether the latter can be used in specific applications which require relaxed security properties from the DKG

Abstract—Already announced in 2007 for Sun’s Rock proces-sor but later canceled, hardware transactional memory (HTM) finally found its way into general-purpose desktop and server systems and is soon to be expected for embedded and real-time systems. However, although current hardware implementations have their pitfalls, hindering an immediate adoption of HTM as a synchronization primitive for real-time operating-systems, we illustrate on the example of a transactional implementation of the L4/Fiasco.OC inter-process communication (IPC) how extended versions of HTMmay revolutionize kernel design and, in particular, how they may reduce the verification costs of a multi-core kernel to little more than verifying a selectively preemptible uni-processor kernel. Removing L4/Fiasco.OC’s half thousand lines-of-code cross-processor IPC path and making the local path transactional, we benefit from a principal performance boost for sending cross-core messages. However for the average case, we e...

An effective security and resource management is required for the provisioning and sharing of resources while keeping autonomy and stability of their environments. The models for security control and resource provisioning and sharing are to be implemented by closely-connected modules which interact tightly with information service and stand on role-based security model. These services are local to the cluster level but all of them have the ability to interact with the according neighbours in adjacent clusters. User, security, resource and information management have their representatives on global (grid) level and they are able to interact with the same services in cluster level in order to insure global centralized control. Global services are only viable when the system is used on global or extragrid level. In this paper we present the combined architecture of security and resource management and their close interaction with information service in a lightweight multilevel grid system based on highlevel middleware. It is important to check the performance and functionality parameters of the architecture at an early phase of architecture design. That is why here we consider the possibility for mapping of typical scientific application scenarios on several commodity computing clusters running our lightweight multilevel grid middleware. A set of representative use cases is listed in this paper along with taxonomy of the imposed requirements to the underlying infrastructure. For the purpose of exemplary mapping we choose an application scenario of molecular dynamics simulation which is a typical data-and computation-intensive asynchronous application. Here is given the technical mapping of this use case to the underlying infrastructure, paying particular attention to the possibility to implement high-level grid-unawareness for the use or application developer, to identify the compatibility of logical system and technological infrastructure used, as well as service and workflow representation.

Nowadays, more and more security-relevant data are stored on computer systems; security-critical business processes are mapped to their digital pendants. This situation applies to various critical infrastructures requiring that different security requirements must be fulfilled. It demands a way to design and express higher-level security policies for such critical organizations. In this paper we focus on authorisation policies to demonstrate how software engineering techniques can help validate authorisation constraints and enforce access control policies. Our approach leverages features and functionalities of the UML/OCL modeling methods as well as model driven approach to represent and specify authorisation model and constraints. Using our authorisation constraints editor, we articulate role-based authorisation policies. Also, we attempt to validate and enforce such constraints with the USE (UML Specification Environment) tool.

Nowadays, more and more security-relevant data are stored on computer systems; security-critical business processes are mapped to their digital pendants. This situation applies to various critical infrastructures requiring that different security requirements must be fulfilled. It demands a way to design and express higher-level security policies for such critical organizations. In this paper we focus on authorisation policies to demonstrate how software engineering techniques can help validate authorisation constraints and enforce access control policies. Our approach leverages features and functionalities of the UML/OCL modeling methods as well as model driven approach to represent and specify authorisation model and constraints. Using our authorisation constraints editor, we articulate role-based authorisation policies. Also, we attempt to validate and enforce such constraints with the USE (UML Specification Environment) tool.

The adoption of positioning technologies to supplement, complement and function as defense intelligence applications has become widely accepted within homeland security and military circles. At the core of advancement are four main positioning technologies. Specifically these are the global positioning system (GPS), second generation (2G) and beyond mobile telephone networks (including wireless data networks), radio-frequency identification (RFID) and geographic information systems (GIS). For all positioning technologies, both separately and when combined, it is of primary importance to their continued adoption that the controlling powers have an in-depth understanding of the causality between implementation, usage and flow-on effect. This relies on an alignment of defense strategy, knowledge systems, security requirements and citizen rights within the broader social context. Whereas this social context must respond to continuing security breaches, advancements in technology, and the ever-changing face of bureaucracy there is however, great difficulty in creating an uncompromising foundation for homeland security which is at all times both void of complexity and suitable to all. Even more difficult though is to predict both the events and consequences which will herald from the systems now being created.

One-third of India's urban population resides in extreme poverty, in slums and squatters. Food insecurity remains a visible reality among this segment. Yet, it is scarcely documented. This paper describes levels and determinants of experiential household food insecurity (HFI) in an underserved urban slum of Delhi (India) and reports the internal validity and reliability of the measure used to assess experiential HFI. A fouritem scale was adapted from the U.S. six-item shortform food security scale and was administered in Hindi through household interviews with 410 female adults. Association of HFI with household economic and sociodemographic characteristics were examined using multiple logistic regression. Cronbach's alpha and Raschmodel-based item fit statistics were used to assess reliability and internal validity. Fifty-one percent of households were food insecure. Significant HFI predictors were unemployed to employed family members' ratio of >3:1 (Odds Ratio 2.1, Confidence Interval 1.2-3.4) and low household standard of living (OR 4.9, C.I. 2.7-8.9). Cronbach's alpha was 0.8. Item severities as estimated under Rasch model assumptions spanned 9.7 logits. Item infit statistics (0.77-1.07) indicated that the Rasch model fit the data well. Item outfit statistics suggested that one item was inconsistently understood by a small proportion of respondents. For improving HFI among the urban poor, in addition to improving behaviors/entitlement access, programs should consider linkage of urban poor to existing employment schemes, upgrading of their skills and linkage to potential employers. The adapted scale was reliable and easy to administer. However, being a subjective assessment, its sensitivity to social expectation and its association with nutrition security require examination.

Universal designated verifier signatures (UDVS) were introduced in 2003 by Steinfeld et al. to allow signature holders to monitor the verification of a given signature in the sense that any plain signature can be publicly turned into a signature which is only verifiable by some specific designated verifier. Privacy issues, like non-dissemination of digital certificates, are the main motivations to study such primitives. In this paper, we propose two fairly efficient UDVS schemes which are secure (in terms of unforgeability and anonymity) in the standard model (i.e. without random oracles). Their security relies on algorithmic assumptions which are much more classical than assumptions involved in the two only known UDVS schemes in standard model to date. The latter schemes, put forth by Zhang et al. in 2005 and Vergnaud in 2006, rely on the Strong Diffie-Hellman assumption and the strange-looking knowledge of exponent assumption (KEA). Our schemes are obtained from Waters's signature and they do not need the KEA assumption. They are also the first random oracle-free constructions with the anonymity property.

The paper proposes a comprehensive information security maturity model (ISMM) that addresses both technical and socio/nontechnical security aspects. The model is intended for securing e-government services (implementation and service delivery) in an emerging and increasing security risk environment. The paper applied inductive approach that utilizes extensive literature review and survey study approaches. A total of eight existing ISMMs were selected and critically analyzed. Models were then categorized into security awareness, evaluation and management orientations. Based on the model's strengths -three models were selected to undergo further analyses and then they were synthesized. Each of the three selected models was either from the security awareness, evaluation or management orientations category. To affirm the findings -a survey study was conducted into six government organizations located in Tanzania. The study was structured to a large extent by the security controls a...

e-Government maturity models (eGMMs) lack security services (technical and socio/non-technical) in its critical maturity stages. The paper proposes a comprehensive framework for integrating IT security services into eGMM critical stages. The proposed framework is a result of integrating information security maturity model (ISMM) critical levels into e-government maturity model (eGMM) critical stages. The research utilizes Soft Systems Methodology (SSM) of scientific inquiry adopted from Checkland and Scholes. The paper contributes to the theoretical and empirical knowledge in the following ways: firstly, it introduces a new approach that shows how government's can progressively secure their e-government services; secondly, it outlines the security requirements (technical and non-technical) for critical maturity stages of eGMM; and thirdly, it enhances awareness and understanding to the governments and stakeholders such as practitioners, experts and citizens on the importance of security requirements being clearly defined within eGMM critical stages.

Distributed s ystems usually contain objects with heterogeneous security requirements that pose important challenges on the underlying security mechanisms and especially in access control systems. Access control in distributed systems often relies on centralized security administration. Existing solutions for distributed access control do not provide the flexibility and manageability required. This paper presents the XML-based Secure Content Distribution (XSCD) infrastructure, which is based on the production of protected software objects that convey contents (software or data) and can be distributed without further security measures because they embed the access control enforcement mechanism. It also provides means for integrating Privilege Management Infrastructures (PMIs). Semantic information is used in the dynamic instantiation and semantic validation of policies. XSCD is scalable, facilitates the administration of the access control system, guarantees the secure distribution of the contents, enables semantic integration and interoperability of heterogeneous sources, provides persistent protection and allows actions (such as payment) to be bound to the access to objects.

DRM technologies include a range of functions to support the management of intellectual property for digital resources, such as expression of rights and obligations, description, identification, trading, protection, monitoring and tracking of digital content. This paper presents the EC-GATE system, a general framework capable of supporting very heterogeneous DRM applications and scenarios. This system enables content owners to enforce access control policies, copyright agreements, payments and other obligations, to digital objects in a distributed environment. The idea of this work is that the security requirements of all processes related to the secure transmission and commerce of digital contents can be fulfilled if we guarantee that the software running at the other side of the communication line is protected. To achieve what we call "protected software" we must ensure that it is neither possible to discover nor to alter the function that the software performs and it is also impossible to impersonate the software. The solution that we present is also based on the notion of "secure container", a protected package of data and administrative information. Our solution uses mobile software elements to convey the protected contents and force the user to fulfill the obligations previously established by the content owner before granting the rights and access to these contents. EC-GATE also includes components for authorization and management.

Balancing competing dependability concerns related to security, fault tolerance and performance is a challenge during software development. Addressing these concerns early on in the development lifecycle can reduce the need for extensive and costly design changes later on. We have developed an Aspect-Oriented Modeling framework that allows early localization of competing concerns into aspects and their composition with models reflecting the core functionality. This paper presents approaches for systematic evaluation ...

Efficiency of asynchronous optimistic fair exchange using trusted devices is studied. It is shown that three messages in the optimistic subprotocol are sufficient and necessary for exchanging idempotent items. When exchanging nonidempotent items, however, three messages in the optimistic subprotocol are sufficient only under the assumption that trusted devices have unbounded storage capacity. This assumption is often not satisfiable in practice. It is then proved that exchanging nonidempotent items using trusted devices with a bounded storage capacity requires exactly four messages in the optimistic subprotocol.

Many authentication and key agreement protocols were proposed for protecting communicated messages. In previous protocols, if the user's identity is transmitted in plaintext, an adversary can tap the communications and employ it to launch some attacks. In most protocols with user anonymity, they focus on satisfaction of several security requirements. From a client's point of view, those protocols are not admired since the cost of storage, computation and communication is high. In pervasive computing, a client usually uses a limited-resource device to access multiple servers. The storage and computation are very important issues especially in this kind of environments. Also, for a convenience of designing protocol, most protocols use timestamps to prevent the replay attack. As we know, the serious time synchronization problem exists in timestamp-based protocols. Finally, most protocols do not have formal proofs for the security. In this paper, we propose a secure and efficient identification and key agreement protocol with user anonymity based on the difficulty of cracking the elliptic curve Diffie-Hellman assumption. In addition, we also propose an augmented protocol for providing the explicit mutual authentication. Compared with the related protocols, the proposed protocols' computation cost is lower and the key length is shorter. Therefore, our protocols are suitable even for applications in low power computing environments. Finally, we formally prove the security of the proposed protocols by employing the random oracle model.

The Common Criteria is often too confusing and technical for non-security specialists to understand and therefore properly use. At the same time, it is essential that security critical IT products under development be validated according to such standards not after but rather during the software engineering process. To help address these issues, this paper presents an approach to eliciting security requirements for IT systems with use cases using Common Criteria methodologies. The approach involves using actor profiles to derive threats, mapping derived threats to security objectives, and mapping objectives to security requirements using a CC Toolbox data set. Our aim is to ensure that security issues are considered early during requirements engineering while making the Common Criteria more readily available to end-users in an understandable context. Violet, an open source UML diagram modeling tool, has been extended to implement the approach from a use case textual description perspective.

Component-based software engineering often relies on libraries of trusted components that are combined to build dependable and secure software systems. Resource dependences, constraint conflicts, and information flow interferences arising from component combination that may violate security requirements can be revealed by means of the noninterference approach to information flow analysis. However, the security of large component-based systems may be hard to assess in an efficient and systematic way. In this paper, we propose a component-oriented formulation of noninterference that enables compositional security verification driven by system topology. This is realized by implementing scalable noninterference checks in the formal framework of a process algebraic architectural description language equipped with equivalence checking techniques.

One of the challenges in the designing of pairing-based cryptographic protocols is to construct suitable pairing-friendly curves: Curves which would provide efficient implementation without compromising the security of the protocols. These curves have small embedding degree and large prime order subgroup. Random curves are likely to have large embedding degree and hence are not practical for implementation of pairing-based protocols. In this thesis we review some mathematical background on elliptic and hyperelliptic curves in relation to the construction of pairing-friendly hyperelliptic curves. We also present the notion of pairing-friendly curves. Furthermore, we construct new pairing-friendly elliptic curves and Jacobians of genus two hyperelliptic curves which would facilitate an efficient implementation in pairing-based protocols. We aim for curves that have smaller ρ-values than ever before reported for different embedding degrees. We also discuss optimisation of computing pairing in Tate pairing and its variants. Here we show how to efficiently multiply a point in a subgroup defined on a twist curve by a large cofactor. Our approach uses the theory of addition chains. We also show a new method for implementation of the computation of the hard part of the final exponentiation in the calculation of the Tate pairing and its variants.

This paper presents an analysis of security requirements of large-scale distributed file systems. Our objective is to identify their generic as well as specific security requirements and to propose potential solutions that can be employed to address these requirements. FileStamp-a multi-writer distributed file system developed at CETIC is considered as a case study for this analysis. This analysis yields that the existing range of security solutions can be employed to secure large-scale distributed file systems. However, they should be holistically employed to triumph over the security chinks in the FileStamp's armor.

In this paper, we present our ongoing work of a policy-driven approach to security requirements of grid data management systems (GDMS). We analyse the security functionalities of existing GDMS to determine their shortcomings that should be addressed in our work. We identify a comprehensive set of security requirements for GDMS followed by the presentation of our proposed Security Requirements Model. Derivation of security policies from security requirements and their consequent refinement is also presented in this paper. Our approach of addressing modelling issues by providing requirements for expressing security related quality of service is the key step to turn storage systems into knowledge representation systems.

The Transportation Informatics and Telematics Knowledge Centre (after the abbreviation of its name in Hungarian: 'KITT') of Budapest Tech initiated its operation in the Autumn of 2006 thank to the financial support provided by the 'National Office for Research and Technology' (NKTH) and the 'Agency for Research Fund Management and Research Exploitation' (KPI) using the resources of the 'Research and Technology Innovation Fund' within the project No. RET-10/2006. One of the duties of KITT is to give contribution to the educational activities of the host institution of the research consortium, which role is played in this case by Budapest Tech. Regarding education, the main aim is transferring the freshest research results achieved by KITT into the education without considerable delay. Following the first few months of KITT's activities, Bánki Donát Faculty of Mechanical and Safety Engineering initiated its BSc courses in which, at first time, within the sub-branch of 'Robot Systems' of the branch of 'Mechatronics', the course 'Control of Robots' was launched in the Autumn semester of the academic year 2007/2008. Due to a lucky constellation in the KITT's Project No. 2.3 entitled 'Automatic Analysis of Vehicle Behavior' partly is involved the automatic observation, analysis and control of strongly coupled nonlinear systems of which normally very limited, imprecise, and incomplete 'a priori' information is available for the controller, as e.g. in the case of

The software industry still struggles with adverse effects of a weak alignment between requirements and testing. The Software Pattern Metamodel (SoPaMM) aligns requirements and test patterns under the influence of agile practices. However, these patterns will be more beneficial for professionals if development activities are supported by a software tool. This paper presents the behaviour-DRivEn Application Model generator (DREAM) tool, automatically generating requirements and test specifications from SoPaMM-based patterns. We show how DREAM supports requirements elicitation and specification, test case elaboration, and software documentation using a patterns catalogue for electronic health record systems.

In Service Oriented Architecture (SOA) environment, a software application is a composition of services, which are scattered across enterprises and architectures. Security plays a vital role during the design, development and operation of SOA applications. However, analysis of today's software development approaches reveals that the engineering of security into the system design is often neglected. Security is incorporated in an ad-hoc manner or integrated during the applications development phase or administration phase or out sourced. SOA security is cross-domain and all of the required information is not available at downstream phases. The post-hoc, low-level integration of security has a negative impact on the resulting SOA applications. General purpose modeling languages like Unified Modeling Language (UML) are used for designing the software system; however, these languages lack the knowledge of the specific domain and "security" is one of the essential domains. A Domain Specific Language (DSL), named the "UML-SOA-Sec" is proposed to facilitate the modeling of security objectives along the business process modeling of SOA applications. Furthermore, Saleem's MDS (Model Driven Security) services composition framework is proposed for the development of a secure web service composition. Being able to express security objectives in a widely used design notation like UML, helps to save time and effort during the implementation and verification of security in SOA applications. As a proof of concept, the research work is projected on a case study of the real world SOA application from the healthcare domain. vn ABSTRAK Dalam arkitektur berdasarkan servis (Service Oriented Architecture, SOA), perisian aplikasinya ialah gabungan servis-servis yang berkaitan perusahaan dan arkitektur. Aspek keselamatan merupakan yang terpenting ketika proses reka bentuk, pembangunan dan operasi SOA tersebut. Walaubagaimanapun, analisa semasa terhadap pendekatan pembangunan perisian telah mendedahkan bahawa aspek keselamatan pada reka bentuk sistem seringkali diabaikan. Aspek keselamatan ini digabungkan secara adhoc, secara integrasi semasa fasa pembangunan perisiandan fasa pentadbiran ataupun dari sumber luar. Keselamatan SOA ialah domain yang bersilang dan setiap maklumat yang diperlukan tiada dalam fasa hiliran. Aspek keselamatan yang dibuat secara posthoc dan integrasi pada tahapan rendah mempunyai kesan buruk dalam menghasilkan perisian SOA. Bahasa pembentukan yang mempunyai tujuan umum seperti Unified Modeling Language (UML) untuk mereka bentuk sistem perisian, walaubagaimanapun, bahasa-bahasa ini mempunyai pengetahuan yang terhad tentang domain yang spesifik dan aspek keselamatan adalah salah satu domain yang utama. Domain Specific Language (DSL), yang diberi nama "UML-SOA-Sec" dicadangkan untuk membantu membentuk objektif keselamatan sepanjang proses perniagaan membentuk perisian SOA. Tambahan pula, servis gabungan rangka kerja Saleem's MDS (Model Driven Security) juga dicadangkan untuk membangunkan gabungan servis web yang selamat. la mampu untuk memberi penekanan pada objektif keselamatan dalam kegunaan notasi reka bentuk secara meluas seperti UML, ia juga membantu untuk menjimatkan masa dan tenaga sewaktu proses perlaksanaan dan pengesahan aspek keselamatan dalam perisian SOA. Sebagai bukti kepada konsep ini, kajian ini juga dilaksanakan dalam salah sebuah perisian SOA iaitu dari domain kesihatan. vui In compliance with the terms of the Copyright Act 1987 and the IP Policy of the university, the copyright of this thesis has been reassigned by the author to the legal entity of the university,

Risk of a given threat is a function of the likelihood of exercising the threat and the severity of its impacts. This paper proposes incorporating attacker capabilities and motivations in estimating the likelihood of exercising threats. Attacker capability is the ability to use appropriate means (e.g., knowledge, time, expertise, and tools) and opportunity (e.g., enough time to perform the attack) to exploit the vulnerabilities that could cause the related threat. Attacker motivation is the benefit the attacker gains from successful exercise of a threat. 1 A threat is a circumstance or event with the potential to harm a system [2]. 2 We refer to technical experts who know the IS being investigated and have basic knowledge about attacks and threats.

In this position paper, we motivate and summarize our work on repeatably generating cryptographic keys from spoken user input. The goal of this work is to enable a device to generate a key (e.g., for encrypting files) upon its user speaking a chosen password (or passphrase) to it. An attacker who captures the device and extracts all information it contains, however, should be unable to determine this key. We outline our approach for achieving this goal and present preliminary empirical results for it. We also describe several directions for future work.

Pervasive computing envisions an environment in which we are surrounded by many embedded computer devices. Those networked devices provide us with a mobile, spontaneous and dynamic way to access various resources provided by domains with different security policies. The conventional approach to secure access over multiple domains is to implement a universal trusted infrastructure, extending local identity-or capability-based security systems and combining them with cross-domain authentication mechanisms. However, this does not adequately meet the security requirements of communicating with strangers in pervasive environments. This paper presents an intrinsically multi-domain oriented approach which incorporates an identity-based encryption (IBE) access control mechanism. This approach allows the right domain to get involved with its local players' interactions by helping them to convert a token to a usable access capability, whilst facilitating revocation.

Graphical conceptual models for On-Line Analytical Processing (OLAP) applications should semiautomatically generate the database schema and the corresponding multidimensional (MD) model for a specific target commercial OLAP tool. However, this generation process is not immediate as the semantics represented by these conceptual models are different from those considered by the underlying MD models of OLAP tools. Therefore, some transformations for these differences are needed in this process. In the context of graphical conceptual models, we provide an object-oriented conceptual model that provides a Unified Modeling Language (UML) graphical notation to represent both structural and dynamics properties of MD models and initial user requirements at the conceptual level. In this paper, on one hand, we present how to semi-automatically generate the database schema and the underlying MD model for one of the most leading commercial OLAP tools from our model. In this process, some semantics represented in the model are transformed into those considered by the underlying MD model of the target OLAP tool. On the other hand, initial user requirements are translated into their corresponding definitions in the target OLAP tool. In this way, the final user is able to start the analysis process from the initial requirements specified at the conceptual level. Finally, we present the prototype of the Computer Aided Software Engineering (CASE) tool that gives support to both the model definition and this generation process.

Global connectivity of computing and storage resources opens up the possibility of sabotaging and misusing information to a degree never seen before. The exponential growth in the scale of distributed data management systems and corresponding increase in the amount of data being handled by these systems require efficient management by maintaining consistency, ensuring security, fault tolerance and good performance in terms of availability and security. Achieving high confidence in security design requires the use of adequate modelling techniques. Goal-oriented requirements engineering methods such as KAOS support this by allowing the security analyst to capture of goals (in particular security properties), to model assets, to discover threats (or security anti-goals) and address them by operational security requirements enforced by responsible components. This analysis can be refined down to a formal level, supported by model-checking tools. However, a comprehensive analysis of security requirements of critical information infrastructures (CII) requires additional parameters such as risk analysis, analysis of data isolation techniques, forensics, etc. In this paper, we present our approach to integrate those new dimensions in KAOS for the formal analysis of security requirements. A Grid-based Data Management System (GDMS) is used as a case study in this work. Holistic view of the requirements model is presented to highlight the role of each new dimension in the comprehensive security requirements analysis of GDMS.

In this work, we propose a first version of an e-voting scheme that achieves end-to-end verifiability, everlasting privacy and efficient coercion resistance in the JCJ setting. Everlasting privacy is achieved assuming an anonymous channel, without resorting to dedicated channels between the election authorities to exchange private data. In addition, the proposed scheme achieves coercion resistance under standard JCJ assumptions. As a core building block of our scheme, we also propose a new primitive called publicly auditable conditional blind signature (PACBS), where a client receives a token from the signing server after interaction; the token is a valid signature only if a certain condition holds and the validity of the signature can only be checked by a designated verifier. We utilize this primitive to blindly mark votes under coercion in an auditable manner.

This paper aims to apply the Bees Algorithm for solving system of equations. The solving System of Equations may be linear or nonlinear for a number of unknowns. As an application of System of Equations, we can implement cryptanalysis attack algorithms on stream cipher systems using plaintext attack (or part from it). We consider the Geffe System (which has nonlinear combining function) to be our study case, which is depend on set of Linear Feedback Shift Registers, as a model of stream cipher systems, in the performance of Bees Algorithm by solving System of Equations for any number of variables of the output of Linear Feedback Shift Registers. The application divided into two stages, first, constructing System of Equations for the suggested cryptosystem, and the second, is attacking the variables of System of Equations which they are also represent the initial key values of the combined of Linear Feedback Shift Registers.

SOA is a Buzzword today and much is said about it, the actual goal of SOA is to help align IT capabilities with business goals .Another important goal of SOA is to provide an agile technical infrastructure that can be quickly and easily reconfigured as business requirement change. Until the emergence of SOA based IT systems, business and government organizations were faced off with difficult trade off between the expanses of custom solution and the convenience of packaged applications. In this paper we have argued that how service based information systems are different from component based systems. Further we have identified the line of division between two approaches and pointed out the issues of SOA adoption in an organization.