Ebook: Information Assurance and Computer Security

Today's society can no longer function without information technology. Essential infrastructure including the transportation system, banking and the financial markets, the entertainment industry, the health care system, government, the military and the education system can no longer survive without modern technology. This increasing dependence on information technology creates new opportunities for the benefit of society. However, it also opens an avenue that can be exploited for illicit purposes. The stakes are high and many attacks go undetected or unreported. In addition to losses such as data or other forms of intellectual property, financial theft or the shut down of infrastructure, computer security attacks that target critical infrastructure such as nuclear power plants has the potential to cause human casualties on a massive and unprecedented scale.

The challenges of computer security were discussed at an advanced research workshop held in Tetuan, Morocco in June, 2005 under the auspices of the North Atlantic Treaty Organization (NATO). This workshop provided a unique opportunity for researchers involved in mature research programmes from Europe and North America to closely interact with researchers from North Africa working in fledgling security programmes. The workshop provided a forum to present and discuss research on the four main challenges facing computer security, namely, the formulation of theoretical models for computer security, the development of tools and languages to ensure security, the design of new secure architectures and the application of security models. In the first chapter titled ‘Retaliation: Can We Live with Flaws?’, Bella et al. propose a model for security that is based on the social premise that an attacker will think twice if retaliation is possible. The second chapter by Gritzalis et al. sets the foundations for establishing a knowledge-based, ontology-centric framework with respect to security management. Biardi et al. in their chapter titled ‘Constrained Automata: a Formal Tool for ICT Risk Assessment’, propose automata theory as a tool to assess the potential for security attacks in a system. XML is extended to provide a comprehensive language for trust negotiations by Squicciarini et al. in the chapter titled ‘A comprehensive XML-based language for trust negotiations’. The challenge in providing trust in a distributed services oriented architecture is discussed in the chapter by Jen-Yao Chung et al., titled ‘Extending Trust Computing with Service Oriented Architecture’. In ‘Privacy Preserving third party architectures’, Barbara Carminati et al. propose a scalable architecture that satisfies different privacy preserving requirements. The challenges facing agent security where the agents are mobile is discussed by Łukasz Nitschke et al. Distributed systems security, in particular the protection of confidential resources is described in the chapter titled ‘Using basic Security Techniques and specifications for Confidential Resources Protection in Web-based Distributed Systems’ by Mostafa Ezziyyani et al. Shahin Shakeri et al. apply statistical techniques to the problem of spam detection and email classification. In the tenth chapter, Y. Lyhyaoui et al. analyze the security problems caused by cheating in online games. The final chapter by Kumar et al. proposes a secure protocol for routing in sensor networks based on key management.

This book provides a discussion on a wide variety of viewpoints on some of the main challenges facing secure systems. This book will therefore be of major interest to all researchers in academia or industry with an interest in computer security. It is also relevant to graduate and advanced level undergraduate students who may want to explore the latest developments in the area of computer and information security.

We thank the public diplomacy mission of NATO for sponsoring and funding this scientific meeting and also the organizing bodies for their support. We would like to thank the members of the international scientific and local organizing committees for their contributions and suggestions. A special thanks goes to Dr. Naoufal Raissouni and to Dr. Mohammed Kounaidi for their invaluable assistance and all their hard work in organizing this workshop. We also thank all chairpersons for their involvement. We are particular indebted to the participants who submitted chapters to this book and contributed to the success of the meeting. It was refreshing to observe participants from Europe and the United States as well as North Africa contribute to the discussions, presentations and overall success of this workshop.

April 2006

Johnson P. Thomas, Tulsa, Oklahoma, USA

Mohamed Essaaidi, Tetuan, Morocco

Security protocols intend to give their parties reasonable assurance that certain security properties will protect their communication session. However, the literature confirms that the protocols may suffer subtle and hidden attacks. Flawed protocols are customarily sent back to the design process, but the costs of reengineering a deployed protocol may be prohibitive. This paper outlines the concept of retaliation: who would steal a sum of money today, should this pose significant risks of having twice as much stolen back tomorrow? Attacks are always balanced decisions: if an attack can be retaliated, the economics of security may convince us to live with a flawed protocol. This new perspective requires a new threat model where any party may decide to subvert the protocol for his own sake, depending on the risks of retaliation. This threat model, which for example is also suitable to studying non-repudiation protocols, seems more appropriate than the Dolev-Yao model to the present technological/social setting.

Assurance is a de-facto requirement in modern information systems (IS). The diversity and complexity of emerging IS underlines the lack of a common way of security knowledge representation. In the paper we set the foundations for establishing a knowledge-based, ontology-centric framework with respect to the security management of an IS; we present a knowledge-rich structure, which can model the security requirements of an enterprise IT environment from a variety of information sources, exploiting process-based risk management frameworks which are applied in modern organizations. We define our overall security management framework and implement critical components such as countermeasure refinement. Our approach is represented in a neutral manner and can be used for security knowledge reusability and exchange.

Conditional security assesses the security of an ICT system in a specifc context. A fundamental step of this assessment determines the threats that can implement an attack against the system. Constrained attack automata are finite state automata to formally conducting this step by decomposing complex attacks into a sequences of elementary attacks. Each state of the automata corresponds to a set of resources controlled by the attacker while a while final states correspond to the success of a sequence of attacks so that one threat has reached one of its goals. Each transition is paired with some constrains on the amount of computational resources, the skills and the knowledge required to implement the elementary attack. To exploit these automata, each threat is modeled in terms of the amount of computational resources, skills and knowledge that it has available and this amount is modelled as a tuple of elements of partially ordered sets. By comparing the amount of resources a threat can access against that required by an attack, we can determine if there is at least one threat that can implement the attack and available countermeasures. We also consider risk mitigation the application of a set of static countermeasures or of dynamic ones. A static countermeasure prevents a threat from exploiting a vulnerability and it is modeled by removing some automata transitions. Lastly, we discuss redundant countermeasures and how constrained attack automata can model dynamic countermeasures, i.e. actions that are executed as the attack is going on to stop the attack itself.

Trust negotiation is an approach for open systems to the problem of authentication and access control among multiple security domains by allowing parties to use non-forgeable digital credentials to establish trust [3,6]. In this paper we present an extended version of the χ-TNL [1], a complete XML-based trust negotiation language. We believe that the availability of a standard and expressive language for expressing security information is essential for providing a comprehensive and widely-usable environment for carrying on trust negotiations.

Service oriented architecture is an approach to build distributed systems that deliver application functionality as services to end-user applications or to build other value-added services. The adoption of service oriented architecture will help enterprises achieve an agile e-business environment to provide customers flexible services by integrating required application functionalities dynamically and seamlessly. However, the dynamic and loosely coupling nature will raise many trust concerns of the service computing technology e.g. QoS and security issues. In this paper, we propose a framework for trust computing by extending trusted platforms with service oriented architecture. We employ Trusted Computing Group's trusted computing platform as the foundation of the framework and apply cryptography infrastructure as the enabling technologies to secure all interactions among service requesters, service providers and service registries. Based on the enabling technologies, we can further divide service level trust concerns into three layers namely service description and publishing, service discovery and composition and service execution and monitoring. We also provide guidelines for each separate trust concern in the three layers correspondingly.

The progressively relevance that each organization and company is giving to user's privacy has increased the need of devising comprehensive privacy-preserving solutions able to take into account different privacy concerns. The advent of the web has further exacerbated the problem of privacy protection and the need of privacy-preserving techniques. Indeed, the growing attention to privacy issues has resulted in many proposals for privacy preserving techniques, some of which are overviewed in this chapter. However, no efficient solution for a privacy-preserving distribution of data over the web has still emerged. For this reason, in this chapter, we propose a solution based on third-party architecture for efficiently manage personal data over the web. Main benefits of the proposed system are its scalability, in terms of number of users and amount of data, the compliance with emerging web standards, and the enforcement of different privacy requirements of data owners.

The aim of this chapter is to provide an overview of security issues facing mobile agent systems, and discuss ways of managing them. We explore the state of the art, to assess if it is mature enough for use in real-life security-critical applications like extraction of sensitive information, contract signing or broadly understood e-commerce.

Today's information systems need reliable, flexible and secure methods to provide public and confidential information to different groups of people: partners, customers, suppliers, and employees. There are a number of available remote access techniques, and a range of cutting-edge products allowing dialup, VPNs, Web, Citrix, and wireless access. However, information systems are facing significant challenges to integrate multiple cutting-edge products and providing a manageable framework for efficient access control software. Since many kind of people need an easy access to business-critical information, the challenge is to make sure that only the right people have access to the right information. This chapter presents various methods and techniques for controlling users' access to information system resources. Different approaches helping to ensure that only authorized users can access secured resources are discussed. This chapter also covers the basics of access control, general methods and techniques used to manage access to resources, some common attacks that are launched against access control systems and the generalization of the basic Security Techniques specification for confidential resources protection in Web based distributed systems.

This chapter is organized as follows: Section I gives an overview of information system security, the different attack techniques and the access control methodologies that facilitate the creation and deployment of security basic methods. In section II we identify the security risks and problems and information systems threats. The external binding attacks and platform security problems are identified in section III. Section IV, discusses several access control techniques allowing protecting information systems and presents some intrusion detection systems. In Section V, distributed systems security problems are discussed and the solutions proposed in Sections VI and VII are applied to solve them. Finally, Section VIII gives some concluding remarks.

This paper presents an extension of BSP anti-spam project [0] which is a context-based solution to filter spam and a SMTP procedure modification which can classify emails right after they get into the user inbox. Filtering is based on a multilevel statistical approach to assign a probability to an email tokens taking into consideration their occurrence in previous emails. In addition, we suggest a modification on the SMTP email protocol procedure in order to reduce the size of the problem.

Online games have recently become a very successful industry. Cheating in online games is an aspect of computer games that has so far received scant attention from researchers on game studies; cheats do not only change the experience of the cheater, but the experience of the other players as well. At this point, cheating turns into an “illegal” activity, presumably procuring the cheater great pleasure because it is prohibited; this may explain why the number of thefts, cheats, vandalisms, threats and illegal gambling cases from online gaming has increased. This paper presents an analysis of the attacks in online games; we define a classification of the attacks in online game and identify the attacker's objectives, as well as the attacks tools and mechanisms, we also present the complexity of security problems in online games through the example of the chess online game. The scope of this study is to understand these attacks not only as a problem of security in online game but also as the basis of threats against future cooperative computer systems.

Sensor networks are finding multiple applications and are being increasingly deployed in the real world. These sensors are fragile with limited computational and storage resources and communicate with each other and a base station through routing protocols. Routing protocols in sensor networks seek to minimize energy consumption and do not take security into consideration, leaving the network vulnerable to malicious outside attacks. Due to the resource limitations of sensors, the standard security protocols cannot be applied. A number of key management protocols for sensors have been proposed. However, these key management protocols do not consider the routing problem. In this paper we modify an existing key management protocol called LEAP and integrate it into the directed diffusion sensor routing protocol to produce a secure routing protocol for sensor networks. We show that the proposed protocol can protect the network from malicious outside attacks. Simulation results also show that there is a slight overhead in terms of energy expenditure for the proposed protocol. The other overhead is a slightly increased packet size.