These proceedings contain the papers selected for presentation at the 23rd Inter- tional Information Security Conference (SEC 2008), co-located with IFIP World Computer Congress (WCC 2008), September 8-10, 2008 in Milan, Italy. In - sponse to the call for papers, 143 papers were submitted to the conference. All - pers were evaluated on the basis of their signi?cance, novelty, and technical quality, and reviewed by at least three members of the program committee. Reviewing was blind meaning that the authors were not told which committee members reviewed which papers. The program committee meeting was held electronically, holding - tensive discussion over a period of three weeks. Of the papers submitted, 42 full papers and 11 short papers were selected for presentation at the conference. A conference like this just does not happen; it depends on the volunteer efforts of a host of individuals. There is a long list of people who volunteered their time and energy to put together the conference and who deserve acknowledgment. We thank all members of the program committee and the external reviewers for their hard work in the paper evaluation. Due to the large number of submissions, p- gram committee members were required to complete their reviews in a short time frame. We are especially thankful to them for the commitment they showed with their active participation in the electronic discussion

This book focuses on two of the most rapidly developing areas in wireless technology (WT) applications, namely, wireless sensors networks (WSNs) and wireless body area networks (WBANs). These networks can be considered smart applications of the recent WT revolutions. The book presents various security tools and scenarios for the proposed enhanced-security of WSNs, which are supplemented with numerous computer simulations. In the computer simulation section, WSN modeling is addressed using MATLAB programming language.

This book provides the foundations for understanding hardware security and trust, which have become major concerns for national security over the past decade. Coverage includes security and trust issues in all types of electronic devices and systems such as ASICs, COTS, FPGAs, microprocessors/DSPs, and embedded systems. This serves as an invaluable reference to the state-of-the-art research that is of critical significance to the security of, and trust in, modern society's microelectronic-supported infrastructures.

This book offers readers essential orientation on cybersecurity safeguards, and first and foremost helps them find the right balance between financial expenditures and risk mitigation. This is achieved by pursuing a multi-disciplinary approach that combines well-founded methods from economics and the computer sciences. Established decision making techniques are embedded into a walk-through for the complete lifecycle of cybersecurity investments. Insights into the economic aspect of the costs and benefits of cybersecurity are supplemented by established and innovative economic indicators. Readers will find practical tools and techniques to support reasonable decision making in cybersecurity investments. Further, they will be equipped to encourage a common understanding using economic aspects, and to provide cost transparency for the senior management.

One of the biggest buzzwords in the IT industry for the past few years, virtualization has matured into a practical requirement for many best-practice business scenarios, becoming an invaluable tool for security professionals at companies of every size. In addition to saving time and other resources, virtualization affords unprecedented means for intrusion and malware detection, prevention, recovery, and analysis. Taking a practical approach in a growing market underserved by books, this hands-on title is the first to combine in one place the most important and sought-after uses of virtualization for enhanced security, including sandboxing, disaster recovery and high availability, forensic analysis, and honeypotting.
Already gaining buzz and traction in actual usage at an impressive rate, Gartner research indicates that virtualization will be the most significant trend in IT infrastructure and operations over the next four years. A recent report by IT research firm IDC predicts the virtualization services market will grow from $5.5 billion in 2006 to $11.7 billion in 2011. With this growth in adoption, becoming increasingly common even for small and midsize businesses, security is becoming a much more serious concern, both in terms of how to secure virtualization and how virtualization can serve critical security objectives.
Titles exist and are on the way to fill the need for securing virtualization, but security professionals do not yet have a book outlining the many security applications of virtualization that will become increasingly important in their job requirements. This book is the first to fill that need, covering tactics such as isolating a virtual environment on the desktop for application testing, creating virtualized storage solutions for immediate disaster recovery and high availability across a network, migrating physical systems to virtual systems for analysis, and creating complete virtual systems to entice hackers and expose potential threats to actual production systems.
About the Technologies
A sandbox is an isolated environment created to run and test applications that might be a security risk. Recovering a compromised system is as easy as restarting the virtual machine to revert to the point before failure. Employing virtualization on actual production systems, rather than just test environments, yields similar benefits for disaster recovery and high availability. While traditional disaster recovery methods require time-consuming reinstallation of the operating system and applications before restoring data, backing up to a virtual machine makes the recovery process much easier, faster, and efficient. The virtual machine can be restored to same physical machine or an entirely different machine if the original machine has experienced irreparable hardware failure. Decreased downtime translates into higher availability of the system and increased productivity in the enterprise.
Virtualization has been used for years in the field of forensic analysis, but new tools, techniques, and automation capabilities are making it an increasingly important tool. By means of virtualization, an investigator can create an exact working copy of a physical computer on another machine, including hidden or encrypted partitions, without altering any data, allowing complete access for analysis. The investigator can also take a live ?snapshot? to review or freeze the target computer at any point in time, before an attacker has a chance to cover his tracks or inflict further damage.
A honeypot is a system that looks and acts like a production environment but is actually a monitored trap, deployed in a network with enough interesting data to attract hackers, but created to log their activity and keep them from causing damage to the actual production environment. A honeypot exposes new threats, tools, and techniques used by hackers before they can attack the real systems, which security managers patch based on the information gathered. Before virtualization became mainstream, setting up a machine or a whole network (a honeynet) for research purposes only was prohibitive in both cost and time management. Virtualization makes this technique more viable as a realistic approach for companies large and small.
* The first book to collect a comprehensive set of all virtualization security tools and strategies in a single volume
* Covers all major virtualization platforms, including market leader VMware, Xen, and Microsoft's Hyper-V virtualization platform, a new part of Windows Server 2008 releasing in June 2008
* Breadth of coverage appeals to a wide range of security professionals, including administrators, researchers, consultants, and forensic

"While Nokia is perhaps most recognized for its leadership in the mobile phone market, they have successfully demonstrated their knowledge of the Internet security appliance market and its customers requirements."
--Chris Christiansen, Vice President, Internet Infrastructure and Security Software, IDC.
Syngress has a long history of publishing market-leading books for system administrators and security professionals on commercial security products, particularly Firewall and Virtual Private Network (VPN) appliances from Cisco, Check Point, Juniper, SonicWall, and Nokia (see related titles for sales histories). The Nokia Firewall, VPN, and IPSO Configuration Guide will be the only book on the market covering the all-new Nokia Firewall/VPN Appliance suite. Nokia Firewall/VPN appliances are designed to protect and extend the network perimeter.
According to IDC research, Nokia Firewall/VPN Appliances hold the #3 worldwide market-share position in this space behind Cisco and Juniper/NetScreen. IDC estimated the total Firewall/VPN market at $6 billion in 2007, and Nokia owns 6.6% of this market. Nokia's primary customers for security appliances are Mid-size to Large enterprises who need site-to-site connectivity and Mid-size to Large enterprises who need remote access connectivity through enterprise-deployed mobile devices. Nokia appliances for this market are priced form $1,000 for the simplest devices (Nokia IP60) up to $60,0000 for large enterprise- and service-provider class devices (like the Nokia IP2450 released in Q4 2007). While the feature set of such a broad product range obviously varies greatly, all of the appliances run on the same operating system: Nokia IPSO (IPSO refers to Ipsilon Networks, a company specializing in IP switching acquired by Nokia in 1997. The definition of the acronym has little to no meaning for customers.) As a result of this common operating system across the product line, The Nokia Firewall, VPN, and IPSO Configuration Guide will be an essential reference to users of any of these products. Users manage the Nokia IPSO (which is a Linux variant, specifically designed for these appliances) through a Web interface called Nokia Network Voyager or via a powerful Command Line Interface (CLI). Coverage within the book becomes increasingly complex relative to the product line.
The Nokia Firewall, VPN, and IPSO Configuration Guide and companion Web site will provide seasoned network administrators and security professionals with the in-depth coverage and step-by-step walkthroughs they require to properly secure their network perimeters and ensure safe connectivity for remote users. The book contains special chapters devoted to mastering the complex Nokia IPSO command line, as well as tips and tricks for taking advantage of the new "ease of use" features in the Nokia Network Voyager Web interface. In addition, the companion Web site offers downloadable video walkthroughs on various installation and troubleshooting tips from the authors.

* Only book on the market covering Nokia Firewall/VPN appliances, which hold 6.6% of a $6 billion market
* Companion website offers video walkthroughs on various installation and troubleshooting tips from the authors
* Special chapters detail mastering the complex Nokia IPSO command line, as well as tips and tricks for taking advantage of the new "ease of use" features in the Nokia Network Voyager Web interface

One of the hottest topics in computer forensics today, electronic discovery (e-discovery) is the process by which parties involved in litigation respond to requests to produce electronically stored information (ESI). According to the 2007 Socha-Gelbmann Electronic Discovery Survey, it is now a $2 billion industry, a 60% increase from 2004, projected to double by 2009. The core reason for the explosion of e-discovery is sheer volume; evidence is digital and 75% of modern day lawsuits entail e-discovery.
A recent survey reports that U.S. companies face an average of 305 pending lawsuits internationally. For large U.S. companies ($1 billion or more in revenue)that number has soared to 556 on average, with an average of 50 new disputes emerging each year for nearly half of them. To properly manage the role of digital information in an investigative or legal setting, an enterprise--whether it is a Fortune 500 company, a small accounting firm or a vast government agency--must develop an effective electronic discovery program. Since the amendments to the Federal Rules of Civil Procedure, which took effect in December 2006, it is even more vital that the lifecycle of electronically stored information be understood and properly managed to avoid risks and costly mistakes.
This books holds the keys to success for systems administrators, information security and other IT department personnel who are charged with aiding the e-discovery process.
*Comprehensive resource for corporate technologists, records managers, consultants, and legal team members to the e-discovery process, with information unavailable anywhere else
*Offers a detailed understanding of key industry trends, especially the Federal Rules of Civil Procedure, that are driving the adoption of e-discovery programs
*Includes vital project management metrics to help monitor workflow, gauge costs and speed the process
*Companion Website offers e-discovery tools, checklists, forms, workflow examples, and other tools to be used when conducting e-discovery strategy

Malware has gone mobile, and the security landscape is changing quickly with emerging attacks on cell phones, PDAs, and other mobile devices. This first book on the growing threat covers a wide range of malware targeting operating systems like Symbian and new devices like the iPhone. Examining code in past, current, and future risks, protect your banking, auctioning, and other activities performed on mobile devices.
* Visual Payloads
View attacks as visible to the end user, including notation of variants.
* Timeline of Mobile Hoaxes and Threats
Understand the history of major attacks and horizon for emerging threates.
* Overview of Mobile Malware Families
Identify and understand groups of mobile malicious code and their variations.
* Taxonomy of Mobile Malware
Bring order to known samples based on infection, distribution, and payload strategies.
* Phishing, SMishing, and Vishing Attacks
Detect and mitigate phone-based phishing (vishing) and SMS phishing (SMishing) techniques.
* Operating System and Device Vulnerabilities
Analyze unique OS security issues and examine offensive mobile device threats.
* Analyze Mobile Malware
Design a sandbox for dynamic software analysis and use "MobileSandbox" to analyze mobile malware.
* Forensic Analysis of Mobile Malware
Conduct forensic analysis of mobile devices and learn key differences in mobile forensics.
* Debugging and Disassembling Mobile Malware
Use IDA and other tools to reverse-engineer samples of malicious code for analysis.
* Mobile Malware Mitigation Measures
Qualify risk, understand threats to mobile assets, defend against attacks, and remediate incidents.
* Understand the History and Threat Landscape of Rapidly Emerging Mobile Attacks
* Analyze Mobile Device/Platform Vulnerabilities and Exploits
* Mitigate Current and Future Mobile Malware Threats

The Newnes Know It All Series takes the best of what our authors have written to create hard-working desk references that will be an engineer's first port of call for key information, design techniques and rules of thumb. Guaranteed not to gather dust on a shelf
Communications engineers need to master a wide area of topics to excel. The "Wireless Security Know It All" covers every angle including Emerging Wireless Technologies and Security Issues, Wireless LAN and MAN Security, as well as Wireless Personal Area Networks.
A 360-degree view from our best-selling authors
Topics include Today s Wireless Technology, Security Definitions and Concepts, and Wireless Handheld devices
The ultimate hard-working desk reference; all the essential information, techniques and tricks of the trade in one volume"

IT securiteers - The human and technical dimension working for the organisation.

Current corporate governance regulations and international standards lead many organisations, big and small, to the creation of an information technology (IT) security function in their organisational chart or to the acquisition of services from the IT security industry.

More often than desired, these teams are only useful for companies' executives to tick the corresponding box in a certification process, be it ISO, ITIL, PCI, etc. Many IT security teams do not provide business value to their company. They fail to really protect the organisation from the increasing number of threats targeting its information systems.

IT Security Management provides an insight into how to create and grow a team of passionate IT security professionals. We will call them "securiteers." They will add value to the business, improving the information security stance of organisations.

Student assessment in online learning is submitted remotely without any face-to-face interaction, and therefore, student authentication is widely seen as one of the major challenges in online examination. Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. As the dependence upon computers and computer networks grows, especially within education, the need for authentication has increased. Biometric Authentication in Online Learning Environments provides innovative insights into biometrics as a strategy to mitigate risk and provide authentication, while introducing a framework that provides security to improve e-learning and on-line examination by utilizing biometric-based authentication techniques. This book examines e-learning, security, threats in online exams, security considerations, and biometric technologies, and is designed for IT professionals, higher education administrators, professors, researchers, business professionals, academicians, and libraries seeking topics centered on biometrics as an authentication strategy within educational environments.

Around the world, SCADA (supervisory control and data acquisition) systems and other real-time process control networks run mission-critical infrastructure--everything from the power grid to water treatment, chemical manufacturing to transportation. These networks are at increasing risk due to the move from proprietary systems to more standard platforms and protocols and the interconnection to other networks. Because there has been limited attention paid to security, these systems are seen as largely unsecured and very vulnerable to attack.
This book addresses currently undocumented security issues affecting SCADA systems and overall critical infrastructure protection. The respective co-authors are among the leading experts in the world capable of addressing these related-but-independent concerns of SCADA security. Headline-making threats and countermeasures like malware, sidejacking, biometric applications, emergency communications, security awareness llanning, personnel & workplace preparedness and bomb threat planning will be addressed in detail in this one of a kind book-of-books dealing with the threats to critical infrastructure protection. They collectivly have over a century of expertise in their respective fields of infrastructure protection. Included among the contributing authors are Paul Henry, VP of Technology Evangelism, Secure Computing, Chet Hosmer, CEO and Chief Scientist at Wetstone Technologies, Phil Drake, Telecommunications Director, The Charlotte Observer, Patrice Bourgeois, Tenable Network Security, Sean Lowther, President, Stealth Awareness and Jim Windle, Bomb Squad Commander, CMPD.
* Internationally known experts provide a detailed discussion of the complexities of SCADA security and its impact on critical infrastructure
* Highly technical chapters on the latest vulnerabilities to SCADA and critical infrastructure and countermeasures
* Bonus chapters on security awareness training, bomb threat planning, emergency communications, employee safety and much more
* Companion Website featuring video interviews with subject matter experts offer a "sit-down" with the leaders in the field

Citrix Presentation Server allows remote users to work off a network server as if they weren't remote. That means: Incredibly fast access to data and applications for users, no third party VPN connection, and no latency issues. All of these features make Citrix Presentation Server a great tool for increasing access and productivity for remote users. Unfortunately, these same features make Citrix just as dangerous to the network it's running on. By definition, Citrix is granting remote users direct access to corporate servers?..achieving this type of access is also the holy grail for malicious hackers. To compromise a server running Citrix Presentation Server, a hacker need not penetrate a heavily defended corporate or government server. They can simply compromise the far more vulnerable laptop, remote office, or home office of any computer connected to that server by Citrix Presentation Server.
All of this makes Citrix Presentation Server a high-value target for malicious hackers. And although it is a high-value target, Citrix Presentation Servers and remote workstations are often relatively easily hacked, because they are often times deployed by overworked system administrators who haven't even configured the most basic security features offered by Citrix. "The problem, in other words, isn't a lack of options for securing Citrix instances; the problem is that administrators aren't using them." (eWeek, October 2007). In support of this assertion Security researcher Petko D. Petkov, aka "pdp," said in an Oct. 4 posting that his recent testing of Citrix gateways led him to "tons" of "wide-open" Citrix instances, including 10 on government domains and four on military domains.
* The most comprehensive book published for system administrators providing step-by-step instructions for a secure Citrix Presentation Server.
* Special chapter by Security researcher Petko D. Petkov'aka "pdp detailing tactics used by malicious hackers to compromise Citrix Presentation Servers.
* Companion Web site contains custom Citrix scripts for administrators to install, configure, and troubleshoot Citrix Presentation Server.

Network Security: Know It All explains the basics, describes the protocols, and discusses advanced topics, by the best and brightest experts in the field of network security.
Assembled from the works of leading researchers and practitioners, this best-of-the-best collection of chapters on network security and survivability is a valuable and handy resource. It consolidates content from the field's leading experts while creating a one-stop-shopping opportunity for readers to access the information only otherwise available from disparate sources.
* Chapters contributed by recognized experts in the field cover theory and practice of network security technology, allowing the reader to develop a new level of knowledge and technical expertise.
* Up-to-date coverage of network security issues facilitates learning and lets the reader remain current and fully informed from multiple viewpoints.
* Presents methods of analysis and problem-solving techniques, enhancing the reader's grasp of the material and ability to implement practical solutions.
* Examples illustrate core security concepts for enhanced comprehension

The Second Edition of the Best Damn Firewall Book Period is completely revised and updated to include all of the most recent releases from Microsoft, Cisco, Juniper Network, and Check Point.
Compiled from the best of the Syngress firewall library and authored by product experts such as Dr. Tom Shinder on ISA Server, this volume is an indispensable addition to a serious networking professionals toolkit.
Coverage includes migrating to ISA Server 2006, integrating Windows Firewall and Vista security into your enterprise, successfully integrating Voice over IP applications around firewalls, and analyzing security log files.
Sections are organized by major vendor, and include hardware, software and VPN configurations for each product line.
New to this Edition:
* Microsoft firewall protection, from Windows Firewall to ISA Server 2006
* Cisco PIX Version 7, including VPN configuration and IDS
* Analyzing Firewall Logs and Reports
* VoIP and Firewall Bypassing

Trustworthy Ubiquitous Computing covers aspects of trust in ubiquitous computing environments. The aspects of context, privacy, reliability, usability and user experience related to "emerged and exciting new computing paradigm of Ubiquitous Computing", includes pervasive, grid, and peer-to-peer computing including sensor networks to provide secure computing and communication services at anytime and anywhere. Marc Weiser presented his vision of disappearing and ubiquitous computing more than 15 years ago. The big picture of the computer introduced into our environment was a big innovation and the starting point for various areas of research. In order to totally adopt the idea of ubiquitous computing several houses were build, equipped with technology and used as laboratory in order to find and test appliances that are useful and could be made available in our everyday life. Within the last years industry picked up the idea of integrating ubiquitous computing and already available products like remote controls for your house were developed and brought to the market. In spite of many applications and projects in the area of ubiquitous and pervasive computing the success is still far away. One of the main reasons is the lack of acceptance of and confidence in this technology. Although researchers and industry are working in all of these areas a forum to elaborate security, reliability and privacy issues, that resolve in trustworthy interfaces and computing environments for people interacting within these ubiquitous environments is important. The user experience factor of trust thus becomes a crucial issue for the success of a UbiComp application. The goal of this book is to provide a state the art of Trustworthy Ubiquitous Computing to address recent research results and to present and discuss the ideas, theories, technologies, systems, tools, applications and experiences on all theoretical and practical issues.

Around the globe, nations face the problem of protecting their Critical Information Infrastructure, normally referred to as Cyber Space. In this monograph, we capture FIVE different aspects of the problem; High speed packet capture, Protection through authentication, Technology Transition, Test Bed Simulation, and Policy and Legal Environment. The monograph is the outcome of over three years of cooperation between India and Australia.

This book provides a concise overview of the current state of the art in cybersecurity and shares novel and exciting ideas and techniques, along with specific cases demonstrating their practical application. It gathers contributions by both academic and industrial researchers, covering all aspects of cybersecurity and addressing issues in secure information systems as well as other emerging areas. The content comprises high-quality research articles and reviews that promote a multidisciplinary approach and reflect the latest advances, challenges, requirements and methodologies. Thus, the book investigates e.g. security vulnerabilities, cybercrime, and privacy issues related to big data analysis, as well as advances in digital forensics, secure smart city services, and risk mitigation strategies for devices employing cyber-physical systems. Given its scope, the book offers a valuable resource for students, researchers, IT professionals and providers, citizens, consumers and policymakers involved or interested in the modern security procedures needed to protect our information and communication resources. Its goal is to foster a community committed to further research and education, and one that can also translate its findings into concrete practices.

Offering a structured approach to handling and recovering from a catastrophic data loss, this book will help both technical and non-technical professionals put effective processes in place to secure their business-critical information and provide a roadmap of the appropriate recovery and notification steps when calamity strikes.
*Addresses a very topical subject of great concern to security, general IT and business management
*Provides a step-by-step approach to managing the consequences of and recovering from the loss of sensitive data.
*Gathers in a single place all information about this critical issue, including legal, public relations and regulatory issues

The massive growth of the Internet has made an enormous amount of infor- tion available to us. However, it is becoming very difficult for users to acquire an - plicable one. Therefore, some techniques such as information filtering have been - troduced to address this issue. Recommender systems filter information that is useful to a user from a large amount of information. Many e-commerce sites use rec- mender systems to filter specific information that users want out of an overload of - formation [2]. For example, Amazon. com is a good example of the success of - commender systems [1]. Over the past several years, a considerable amount of research has been conducted on recommendation systems. In general, the usefulness of the recommendation is measured based on its accuracy [3]. Although a high - commendation accuracy can indicate a user's favorite items, there is a fault in that - ly similar items will be recommended. Several studies have reported that users might not be satisfied with a recommendation even though it exhibits high recommendation accuracy [4]. For this reason, we consider that a recommendation having only accuracy is - satisfactory. The serendipity of a recommendation is an important element when c- sidering a user's long-term profits. A recommendation that brings serendipity to users would solve the problem of "user weariness" and would lead to exploitation of users' tastes. The viewpoint of the diversity of the recommendation as well as its accuracy should be required for future recommender systems.

Digital audio, video, images, and documents are flying through cyberspace to their respective owners. Unfortunately, along the way, individuals may choose to intervene and take this content for themselves. Digital watermarking and steganography technology greatly reduces the instances of this by limiting or eliminating the ability of third parties to decipher the content that he has taken. The many techiniques of digital watermarking (embedding a code) and steganography (hiding information) continue to evolve as applications that necessitate them do the same. The authors of this second edition provide an update on the framework for applying these techniques that they provided researchers and professionals in the first well-received edition. Steganography and steganalysis (the art of detecting hidden information) have been added to a robust treatment of digital watermarking, as many in each field research and deal with the other. New material includes watermarking with side information, QIM, and dirty-paper codes. The revision and inclusion of new material by these influential authors has created a must-own book for anyone in this profession.
*This new edition now contains essential information on steganalysis and steganography
*New concepts and new applications including QIM introduced
*Digital watermark embedding is given a complete update with new processes and applications

RFID is a method of remotely storing and receiving data using devices called RFID tags. RFID tags can be small adhesive stickers containing antennas that receive and respond to transmissions from RFID transmitters. RFID tags are used to identify and track everything from food, dogs, beer kegs to library books.
RFID tags use a standard that has already been hacked by several researchers. RFID Security discusses the motives for someone wanting to hack an RFID system and shows how to protect systems.
Coverage includes: security breaches for monetary gain (hacking a shops RFID system would allow a hacker to lower the pricing on any product products). How to protect the supply chain (malicous/mischievous hackers can delete/alter/modify all identifying information for an entire shipment of products). How to protect personal privacy (privacy advocates fear that RFID tags embedded in products, which continue to transmit information after leaving a store, will be used to track consumer habits).
The purpose of an RFID system is to enable data to be transmitted by a portable device, called a tag, which is read by an RFID reader and processed according to the needs of a particular application. The data transmitted by the tag may provide identification or location information, or specifics about the product tagged, such as price, colour, date of purchase, etc. .
* Deloitte & Touche expects over 10 billion RFID tags to be in circulation by the end of 2005
* Parties debating the security issue of RFID need information on the pros and cons of the technology and this is that information
* Little competition in a market desperate for information