ebook img

Information Security Management & Small Systems Security: IFIP TC11 WG11.1/WG11.2 Seventh Annual Working Conference on Information Security Management & Small Systems Security September 30–October 1, 1999, Amsterdam, The Netherlands PDF

242 Pages·1999·9.761 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Information Security Management & Small Systems Security: IFIP TC11 WG11.1/WG11.2 Seventh Annual Working Conference on Information Security Management & Small Systems Security September 30–October 1, 1999, Amsterdam, The Netherlands

INFORMATION SECURITY MANAGEMENT & SMALL SYSTEMS SECURITY IFIP -The International Federation for Information Processing IFIP was founded in 1960 under the auspices of UNESCO, following the First World Computer Congress held in Paris the previous year. An umbrella organization for societies working in information processing, IFIP's aim is two-fold: to support information processing within its member countries and to encourage technology transfer to developing nations. As its mission statement clearly states, IFIP's mission is to be the leading, truly international, apolitica! organization which encourages and assists in the development, exploitation and application of information technology for the benefit of ali people. IFIP is a non-profitrnaking organization, run almost solely by 2500 volunteers. It operates through a number oftechnical committees, which organize events and publications. IFIP's events range from an international congress to local seminars, but the most important are: • The IFIP W o rid Computer Congress, held every second year; • open conferences; • working conferences. The flagship event is the IFIP World Computer Congress, at which both invited and contributed papers are presented. Contributed papers are rigorously refereed and the rejection rate is high. As with the Congress, participation in the open conferences is open to ali and papers may be invited or submitted. Again, submitted papers are stringently refereed. The working conferences are structured differently. They are usually run by a working group and attendance is small and by invitation only. Their purpose is to create an atrnosphere conducive to innovation and development. Refereeing is less rigorous and papers are subjected to extensive group discussion. Publications arising from IFIP events vary. The papers presented at the IFIP World Computer Congress and at open conferences are published as conference proceedings, while the results of the working conferences are often published as collections of selected and edited papers. Any national society whose primary activity is in information may apply to become a full member ofiFIP, although full membership is restricted to one society per country. Full members are entitled to vote at the annual General Assembly, National societies preferring a less committed involvement may apply for associate or corresponding membership. Associate members enjoy the same benefits as full members, but without voting rights. Corresponding members are not represented in IFIP bodies. Affiliated membership is open to non-national societies, and individual and honorary membership schemes are also offered. INFORMATION SECURITY MANAGEMENT & SMALL SYSTEMS SECURITY IF/PTC11 WG11.1/WG11.2 Seventh Annual Working Conference on lnformation Security Management & Sma/1 Systems Security September 30-0ctober 1, 1999, Amsterdam, The Nether/ands Edited by Jan H.P. Eloff Rand Afrikaans University South Africa Les Labuschagne Rand Afrikaans University South Africa Rossouw von Solms Port Elizabeth Te chnikon South Africa jan Verschuren Evaluation Centre for lnstrumentation and Security Techniques The Netherlands '~·' SPRINGER SCIENCE+BUSINESS MEDIA, LLC Library of Congress Cataloging-in-Publication Data IFIP TC11 WG11.1/WG11.2 Working Conference on Infonnation Security Management & Small Systems Security (7th: 1999: Amsterdam, Netherlands) Infonnation security management & small systems security : IFIP TC11 WG11.1/WG11.2 Seventh Annual Working Conference on Infonnation Security Management & Small Systems Security, September 30-0ctober 1, 19991 edited by Jan H.P. Eloff ... [et al.]. Includes bibliographical references (p. ). ISBN 978-1-4757-5483-4 ISBN 978-0-387-35575-7 (eBook) DOI 10.1007/978-0-387-35575-7 1. Computer security-Management Congresses. I. Eloff, Jan H.P. II. Title. III. Title: Infonnation security management and small systems security. QA76.9.A251464 1999 658' .0558-dc21 99-40722 CIP Copyright© 1999 Springer Science+Business Media New York Originally published by Kluwer Academic Publishers in 1999 All rights reserved. No part ofthis publication may be reproduced, stored in a retrieval system or transmitted in any fonn or by any means, mechanical, photo-copying, recording, or otherwise, without the prior written permission of the publisher, Springer Science+ Business Media, LLC. Printed on acid-free paper. CONTENTS Preface Vll Acknowledgements IX Part one - Reviewed papers 1. A protocol improvement for High-bandwidth encryption 1 using non-encrypting Smart Cards RODIGER WEIS 2. Real-time Risk Analysis on the Internet: a prototype 11 H.S. VENTER, L. LABUSCHAGNE, J.H.P. ELOFF 3. A practica! approach to manage data communication 29 security P.H SAMWEL, MARCEL SPRUIT 4. The Future of Australian & New Zealand Security 41 Standard AS/NZS 4444? MAT THEW W ARREN, BILL HUTCHINSON 5. The Effective Utilization of Audit Logs in lnformation 51 Security Management WERNER OLIVIER, ROSSOUW VON SOLMS 6. An approach to standardizing security analysis methods for 63 virtual systems ANN FRISINGER, LOVISE YNGSTROM 7. Information Security at Top Level-Securometer® 75 streamlines management information ANDRE BUREN, BERT VAN DER MEER, ABBAS SHAHIM, WILLEM BARNHOORN, EDO ROOS LINDGREEN 8. Risk analysis on Internet connection 89 MARCEL SPRUIT, P.H SAMWEL 9. A Secure Station for Network Monitoring and Control 103 V ASSILIS PREVELAKIS Vl 10. Security aspects of a Java-servlet-based web-hosted e-mail 117 system ELEANOR HEPWORTH, ULRICH ULTES-NITSCHE 11. Time as an Aid to lmproving Security in Smart Cards 131 VINCENT CORDONNIER, ANTHONY WATSON, SERGIY NEMCHENKO 12. The Intranet Authorization Paradigm 145 MARK VANDENWAUVER, PAULASHLEY, GARYGASKELL 13. Predicting the Performance of Transactional Electronic 161 Commerce Protocols MAT THEW BERRY, ANDREW HUTCHISON, ELT ON SAUL Part two - Invited papers 14. The Cyber-Posture ofthe National Information 179 Infrastructure WILLIS H. W ARE 15. Principles oflris Recognition 205 MICHAELNEGIN, MACHIEL VANDERHARST 16. Designing a Secure System for Implementing Chip Cards 213 in the Financial Services Industry TERRY STANLEY 17. New models for the management of public key 221 infrastructure and root certification authorities STEPHEN WILSON 18. A Secure Electronic Commerce Environment: Onlywith 231 "Smart Cards" WILLIAM CAELLI Index of contributors 243 PREFACE The 7th Annual Working Conference of ISMSSS (lnformation Security Management and Small Systems Security), jointly presented by WG 11.1 and WG 11.2 of the International Federation for Information Processing {IFIP), focuses on various state-of-art concepts in the two relevant fields. The conference focuses on technical, functional as well as managerial issues. This working conference brings together researchers and practitioners of different disciplines, organisations, and countries, to discuss the latest developments in (amongst others) secure techniques for smart card technology, information security management issues, risk analysis, intranets, electronic commerce protocols, certification and accreditation and biometrics authentication. W e are fortunate to have attracted at least six highly acclaimed international speakers to present invited lectures, which will set the platform for the reviewed papers. Invited speakers will talk on a broad spectrum of issues, all related to information security management and small system security issues. These talks cover new perspectives on secure smart card systems, the role of BS7799 in certification, electronic commerce and smart cards, iris biometrics and many more. AH papers presented at this conference were reviewed by a minimum of two international reviewers. W e wish to express our gratitude to all authors of papers and the international referee board. W e would also like to express our appreciation to the organising committee, chaired by Leon Strous, for aU their inputs and arrangements. Finally, we would like to thank Les Labuschagne and Hein Venter for their contributions to this conference of WG 11.1 and WG 11.2, which was essential for its becoming a success. WGll.l (lnformation Security Management) Chairman: Rossouw von Solms E-mail: [email protected] WG11.2 (Small Systems Security) Chairman: Jan Eloff E-mail: [email protected] ACKNOWLEDGEMENTS Organised by: IFIP TC -11 Working Group 11.1 (lnformation Security Management) and Working Group 11.2 (Smalt Systems Security) Supported and sponsored by: 1NO (The Netherlands Organisation for Applied Sciences) CMG Finance, Division Advanced Technology Concord Eracom ISACA NL chapter (lnformation Systems Audit & Control Association) NGI (Dutch Computer Society) NGI SIGIS (Special Interest Group on Information Security) NOREA (Dutch Association ofRegistered EDP-Auditors) Philips Crypto Sensar ISACA BeLux chapter NGI SIG EDP-Aidit Conference General Chair Jan Eloff, Rand Afrikaans University, South-Africa Rossouw von Solms, Port Elizabeth Technikon, South-Africa Programme Committee Jan Eloff, Rand Afrikaans University, South-Africa Rossouw von Solms, Port Elizabeth Technikon, South-Africa Rene Struik, Philips Crypto, The Netherlands Jan Verschuren, 1NO-TPD-Effi, The Netherlands Les Labuschagne, Rand Afrikaans University, South-Africa X Reviewers Beatson, Jobn, New Zealand Booysen, Hettie, South Africa Caelli, Bill, Australia Eloff, Jan, South Africa Eloff, Mariki, South Africa Gritzalis, Dimitris, Greece Janczewski, Lech, New Zealand Katsikas, Sokratis, Greece Labuschagne, Les, South Africa Longley, Dennis, Australia MacLaine, Piet, The Netherlands Pohl, Hartmut, Germany Posh, Reinhart, Austria Preneel, Bart, Belgium Smith, Elme, South Africa Van den Wauver, Mark, Belgium Verschuren, Jan, The Netherlands Von Solms, Basie, South Africa Von Solms, Rossouw, South Africa Wa rren, Matt, Australia Organising Committee Leon Strous, De Nederlandsche Bank, The Netherlands Wim Smith, TNO-FEL, The Netherlands Nelly van der Helm, TNO-FEL, The Netherlands PARTONE Reviewed Papers

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.