ebook img

Information Systems Security: Facing the information society of the 21st century PDF

496 Pages·1996·47.372 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Information Systems Security: Facing the information society of the 21st century

Information Systems Security IFIP - The International Federation for Information Processing IFIP was founded in 1960 under the auspices of UNESCO, following the First World Computer Congress held in Paris the previous year. An umbrella organization for societies working in information processing, IFIP's aim is two-fold: to support information processing within its member countries and to encourage technology transfer to developing nations. As its mission statement clearly states, IFIP's mission is to be the leading, truly international, apolitical organization which encourages and assists in the development, exploitation and application of information technology for the benefit of all people. IFIP is a non-profitmaking organization, run almost solely by 2500 volunteers. It operates through a number of technical committees, which organize events and publications. IFIP's events range from an international congress to local seminars, but the most important are: • the IFIP World Computer Congress, held every second year; • open conferences; • working conferences. The flagship event is the IFIP World Computer Congress, at which both invited and contributed papers are presented. Contributed papers are rigorously refereed and the rejection rate is high. As with the Congress, participation in the open conferences is open to all and papers may be invited or submitted. Again, submitted papers are stringently refereed. The working conferences are structured differently. They are usually run by a working group and attendance is small and by invitation only. Their purpose is to create an atmosphere conducive to innovation and development. Refereeing is less rigorous and papers are subjected to extensive group discussion. Publications arising from IFIP events vary. The papers presented at the IFIP World Computer Congress and at open conferences are published as conference proceedings, while the results of the working conferences are often published as collections of selected and edited papers. Any national society whose primary activity is in information may apply to become a full member of IFIP, although full membership is restricted to one society per country. Full members are entitled to vote at the annual General Assembly, National societies preferring a less committed involvement may apply for associate or corresponding membership. Associate members enjoy the same benefits as full members, but without voting rights. Corresponding members are not represented in IFIP bodies. Affiliated membership is open to non-national societies, and individual and honorary membership schemes are also offered. Information Systems Security Facing the information society of the 21st Century Edited by Sokratis K. Katsikas University of the Aegean Greece and Dimitris Gritzalis Athens University of Economics and Business Greece ~111 I SPRINGER INTERNATIONAL PUBLISHING, CHAM First edition 1996 © 1996 IFIP International Federation for Information Processing Originally published by Chapman & Hall in 1996 Softcover reprint of the hardcover 1st edition 1996 ISBN 978-1-5041-2921-3 ISBN 978-1-5041-2919-0 (eBook) DOI 10.1007/978-1-5041-2919-0 Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the UK Copyright Designs and Patents Act, 1988, this publication may not be reproduced, stored, or transmitted, in any form or by any means, without the prior permission in writing of the publishers, or in the case of reprographic reproduction only in accordance with the terms of the licences issued by the Copyright Licensing Agency in the UK, or in accordance with the terms of licences issued by the appropriate Reproduction Rights Organization outside the UK. Enquiries concerning reproduction outside the terms stated here should be sent to the publishers at the London address printed on this page. The publisher makes no representation, express or implied, with regard to the accuracy of the information contained in this book and cannot accept any legal responsibility or liability for any errors or omissions that may be made. A catalogue record for this book is available from the British Library § Printed on permanent acid-free text paper, manufactured in accordance with ANSI/NISO 239.48-1992 and ANSI/NISO 239.48-1984 (Permanence of Paper). CONTENTS IFIP SEC '96 Conference Committees IX Preface xi PART ONE Secure Information Systems I xi xi A practical solution to the complex human issues of information security design J. Hitchings 3 2 The use of business process models for security design in organisations R. Holbein, S. Teufel and K. Bauknecht 13 3 An analyst's view of IS security E.A. Kiountouzis and S.A. Kokolakis 23 PART TWO Security in Mobile Communications 37 4 Location management strategies increasing privacy in mobile communication D. Kesdogan, H. Federrath, A. Jerichow and A. Pfitzmann 39 5 ID-based authentication for mobile conference call S.-J. Wang, L.-P. Chin, J.-F. Chang and Y.-R. Tsai 49 PART THREE Secure Information Systems II 59 6 New security paradigms: orthodoxy and heresy H.H. Hosmer 61 7 Security assurance in information systems R.G. Wilsher and H. Kurth 74 8 A framework for dealing with and specifying security requirements in information systems E. Dubois and S. Wu 88 9 The effects of time on integrity in information systems W. List 100 PART FOUR Management and Legal Issues 109 10 EPHOS security: procurement of secure open systems N.H. Pope and J.G. Ross 111 vi Contents 11 Canada's computer crime laws: ten years of experience M.P.J. Kratz 122 12 Delivery and installation of software: disputes and the burden of proof L. Golvers 142 PART FIVE Risk and Security Assessment 151 13 Information security on the electronic superhighway S.H. von Solms 153 14 A taxonomy for analyzing hazards to information systems R. Baskerville 167 15 Models and tools for quantitative assessment of operational security M. Dacier, Y. Deswarte and M. Kaaniche 177 16 Activating dynamic counter measures to reduce risk L. Labuschagne and J.H.P. Eloff 187 PART SIX Applied Cryptography 197 17 Distributed registration and key distribution (DiRK) R. Oppliger and A. Albanese 199 18 On the reconstruction of shared secrets J. He and E. Dawson 209 19 A hierarchical threshold scheme with unique partial keys H. Hassler, V. Hassler and R. Posch 219 20 Efficient and provably secure key agreement N. Alexandris, M. Burmester, V. Chrissikopoulos and D. Peppes 227 21 Internetwork access control using public key certificates H. Park and R. Chow 237 PART SEVEN Database Systems Security 247 22 The security architecture of IRO-DB W. E{Jmayr, F. Kastner, G. Pernul and A.M 1]oa 249 23 Securely executing multilevel transactions S. Jadodia, K.P. Smith, B. T. Blaustein and L. Notargiacomo 259 24 A decentralized temporal authorization model E. Bertino, C. Bettini, E. Ferrari and P. Samarati 271 PART EIGHT Authentication and Access Control 281 25 Applications of keystroke analysis for improved login security and continuous user authentication S.M. Fumell, J.P. Morrissey, P.W. Sanders and C.T. Stockel 283 26 MoFAC: a model for fine-grained access control J.S. von Solms, M.S. Olivier and S.H. von Solms 295 27 A discretionary security model for object oriented environments W.J. van Rensburg and M.S. Olivier 306 Contents vii PART NINE Systems and Tools for Intrusion Prevention and Detection 317 28 Intention modelling: approximating computer user intentions for detection and prediction of intrusions T. Spyrou and J. Darzentas 319 29 An attack detection system for secure computer systems -design oftheADS I. Kantzavelou and A. Patel 337 PART TEN Security in Healthcare Systems 349 30 IT security and privacy education L Yngstrom 351 31 A human approach to security management in health care H. James, K. Andronis and W. Paul 365 32 Security enforcement in a European medical device vigilance system network G. Vassilacopoulos, V. Chrissikopoulos and D. Peppes 377 33 Design of secure medical database systems G. Pangalos and M. Khair 387 PART ELEVEN Network and Distributed Systems Security 403 34 Evaluation of the security of distributed IT systems through ITSEC/ITSEM: experiences and findings I. Uttridge, G. Bazzana, M. Giunchi, G. Deler, S. Geyres and J. Heiler 405 35 SNMP-based network security management using a temporal database approach T.K. Apostolopoulos, V. C. Daskalou 417 36 Security profile for interconnected open distributed systems with varying vulnerability N. Nikitakos, S. Gritzalis and P. Georgiadis 428 37 A model for the detection of the message stream delay attack S. 0 'Connell and A. Patel 438 38 Security model for distributed object framework and its applicability toCORBA V. Varadharajan and T. Hardjono 452 PART TWELVE Project Session: Invited Talk 465 39 Software quality assurance: the underlying framework for achieving secure and reliable software systems S.A. Frangos 467 PART THIRTEEN Poster Session 475 40 Configuration management -a basis of the high assurance software engineering process T. Gast and K. Keus 477 viii Contents 41 Multi-purpose security module based on smart cards E. Delacour 480 42 An authentication service supporting domain-based access control policies N. Yialelis and M. Sloman 482 43 On security models C. Eckert 485 44 Risks on the way to the global information society S. Fischer-Hiibner and K. Schier 487 45 Crypto Manager: an object oriented software library for cryptographic mechanisms T. Baldin and G. Bleumer 489 46 Cryptographic key distribution and authentication protocols for secure group communication A. C.M. Hutchison and K. Bauknecht 492 47 A new hybrid encryption scheme for computer networks M.T. El-Hadidi, N.H. Hegazi and H.K. Asian 494 48 From zero-knowledge to a practical authentication protocol V. Matyas Jr. 496 Index of contributors 498 Keyword index 499 IFIP SEC '96 Conference Committees • Conference General Chair D. Gritzalis, Athens University ofEconomics and Business & Greek Computer Society, Greece Honorary Conference Chair Em. Prof H. Highland, State University ofNew York, USA Programme Committee S. Katsikas, University of the Aegean, Greece (Chairman) A Bakker, HISCOM, The Netherlands W. Caelli, Queensland University of Technology, Australia J. Darzentas, University of the Aegean, Greece A Patel, University College Dublin, Ireland R. Posch, University of Technology Graz, Austria W. Ware, RAND Corp., USA Referees N. Alexandris, University of Piraeus, Greece B. Barber, NHS/IMC, United Kingdom D. Batchelor, Sussex Systems, Canada J. Beatson, New Zealand V. Bontchev, University of Hamburg, Germany J. Carlsen, Coopers & Lymbrand, Denmark V. Chrissicopoulos, University of Piraeus, Greece E. Dawson, Queensland University of Technology H. Debar, XLOG, France J. Eloff, Rand Afrikaans University, South Africa P. Fillery, Curtin University of Technology, Australia G. Frank, University of Cyprus, Cyprus M. Fugini, Politecnico di Milano, Italy G. Gable, Queensland University of Technology, Australia P. Hoving, Saab Scania, Sweden K. Iversen, KITH, Norway S. Jajodia, MITRE, USA D. Karagiannis, University of Vienna, Austria E. Kiountouzis, Athens University of Economics & Business, Greece M. Kratz, Bennett Jones Verchere, Canada T. Kurokawa, Kogakuin University, Japan W. List, Kingswell Partnership, United Kingdom

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.