This book constitutes the proceedings of the 24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, held in Rome Italy in June 2010. The 18 full and 11 short papers presented in this volume were carefully reviewed and selected from 61 submissions. The topics covered are query and data privacy; data protection; access control; data confidentiality and query verification; policy definition and enforcement; and trust and identity management.

This book explores fundamental scientific problems essential for autonomous cyber defense. Specific areas include: Game and control theory-based moving target defenses (MTDs) and adaptive cyber defenses (ACDs) for fully autonomous cyber operations; The extent to which autonomous cyber systems can be designed and operated in a framework that is significantly different from the human-based systems we now operate; On-line learning algorithms, including deep recurrent networks and reinforcement learning, for the kinds of situation awareness and decisions that autonomous cyber systems will require; Human understanding and control of highly distributed autonomous cyber defenses; Quantitative performance metrics for the above so that autonomous cyber defensive agents can reason about the situation and appropriate responses as well as allowing humans to assess and improve the autonomous system. This book establishes scientific foundations for adaptive autonomous cyber systems and ultimately brings about a more secure and reliable Internet. The recent advances in adaptive cyber defense (ACD) have developed a range of new ACD techniques and methodologies for reasoning in an adaptive environment. Autonomy in physical and cyber systems promises to revolutionize cyber operations. The ability of autonomous systems to execute at scales, scopes, and tempos exceeding those of humans and human-controlled systems will introduce entirely new types of cyber defense strategies and tactics, especially in highly contested physical and cyber environments. The development and automation of cyber strategies that are responsive to autonomous adversaries pose basic new technical challenges for cyber-security. This book targets cyber-security professionals and researchers (industry, governments, and military). Advanced-level students in computer science and information systems will also find this book useful as a secondary textbook.

This book explores fundamental scientific problems essential for autonomous cyber defense. Specific areas include: Game and control theory-based moving target defenses (MTDs) and adaptive cyber defenses (ACDs) for fully autonomous cyber operations; The extent to which autonomous cyber systems can be designed and operated in a framework that is significantly different from the human-based systems we now operate; On-line learning algorithms, including deep recurrent networks and reinforcement learning, for the kinds of situation awareness and decisions that autonomous cyber systems will require; Human understanding and control of highly distributed autonomous cyber defenses; Quantitative performance metrics for the above so that autonomous cyber defensive agents can reason about the situation and appropriate responses as well as allowing humans to assess and improve the autonomous system. This book establishes scientific foundations for adaptive autonomous cyber systems and ultimately brings about a more secure and reliable Internet. The recent advances in adaptive cyber defense (ACD) have developed a range of new ACD techniques and methodologies for reasoning in an adaptive environment. Autonomy in physical and cyber systems promises to revolutionize cyber operations. The ability of autonomous systems to execute at scales, scopes, and tempos exceeding those of humans and human-controlled systems will introduce entirely new types of cyber defense strategies and tactics, especially in highly contested physical and cyber environments. The development and automation of cyber strategies that are responsive to autonomous adversaries pose basic new technical challenges for cyber-security. This book targets cyber-security professionals and researchers (industry, governments, and military). Advanced-level students in computer science and information systems will also find this book useful as a secondary textbook.

This book examines different aspects of network security metrics and their application to enterprise networks. One of the most pertinent issues in securing mission-critical computing networks is the lack of effective security metrics which this book discusses in detail. Since "you cannot improve what you cannot measure", a network security metric is essential to evaluating the relative effectiveness of potential network security solutions. The authors start by examining the limitations of existing solutions and standards on security metrics, such as CVSS and attack surface, which typically focus on known vulnerabilities in individual software products or systems. The first few chapters of this book describe different approaches to fusing individual metric values obtained from CVSS scores into an overall measure of network security using attack graphs. Since CVSS scores are only available for previously known vulnerabilities, such approaches do not consider the threat of unknown attacks exploiting the so-called zero day vulnerabilities. Therefore, several chapters of this book are dedicated to develop network security metrics especially designed for dealing with zero day attacks where the challenge is that little or no prior knowledge is available about the exploited vulnerabilities, and thus most existing methodologies for designing security metrics are no longer effective. Finally, the authors examine several issues on the application of network security metrics at the enterprise level. Specifically, a chapter presents a suite of security metrics organized along several dimensions for measuring and visualizing different aspects of the enterprise cyber security risk, and the last chapter presents a novel metric for measuring the operational effectiveness of the cyber security operations center (CSOC). Security researchers who work on network security or security analytics related areas seeking new research topics, as well as security practitioners including network administrators and security architects who are looking for state of the art approaches to hardening their networks, will find this book helpful as a reference. Advanced-level students studying computer science and engineering will find this book useful as a secondary text.

This edited volume features a wide spectrum of the latest computer science research relating to cyber deception. Specifically, it features work from the areas of artificial intelligence, game theory, programming languages, graph theory, and more. The work presented in this book highlights the complex and multi-facted aspects of cyber deception, identifies the new scientific problems that will emerge in the domain as a result of the complexity, and presents novel approaches to these problems. This book can be used as a text for a graduate-level survey/seminar course on cutting-edge computer science research relating to cyber-security, or as a supplemental text for a regular graduate-level course on cyber-security.

This book examines different aspects of network security metrics and their application to enterprise networks. One of the most pertinent issues in securing mission-critical computing networks is the lack of effective security metrics which this book discusses in detail. Since "you cannot improve what you cannot measure", a network security metric is essential to evaluating the relative effectiveness of potential network security solutions. The authors start by examining the limitations of existing solutions and standards on security metrics, such as CVSS and attack surface, which typically focus on known vulnerabilities in individual software products or systems. The first few chapters of this book describe different approaches to fusing individual metric values obtained from CVSS scores into an overall measure of network security using attack graphs. Since CVSS scores are only available for previously known vulnerabilities, such approaches do not consider the threat of unknown attacks exploiting the so-called zero day vulnerabilities. Therefore, several chapters of this book are dedicated to develop network security metrics especially designed for dealing with zero day attacks where the challenge is that little or no prior knowledge is available about the exploited vulnerabilities, and thus most existing methodologies for designing security metrics are no longer effective. Finally, the authors examine several issues on the application of network security metrics at the enterprise level. Specifically, a chapter presents a suite of security metrics organized along several dimensions for measuring and visualizing different aspects of the enterprise cyber security risk, and the last chapter presents a novel metric for measuring the operational effectiveness of the cyber security operations center (CSOC). Security researchers who work on network security or security analytics related areas seeking new research topics, as well as security practitioners including network administrators and security architects who are looking for state of the art approaches to hardening their networks, will find this book helpful as a reference. Advanced-level students studying computer science and engineering will find this book useful as a secondary text.

This edited volume features a wide spectrum of the latest computer science research relating to cyber deception. Specifically, it features work from the areas of artificial intelligence, game theory, programming languages, graph theory, and more. The work presented in this book highlights the complex and multi-facted aspects of cyber deception, identifies the new scientific problems that will emerge in the domain as a result of the complexity, and presents novel approaches to these problems. This book can be used as a text for a graduate-level survey/seminar course on cutting-edge computer science research relating to cyber-security, or as a supplemental text for a regular graduate-level course on cyber-security.

This book features a wide spectrum of the latest computer science research relating to cyber warfare, including military and policy dimensions. It is the first book to explore the scientific foundation of cyber warfare and features research from the areas of artificial intelligence, game theory, programming languages, graph theory and more. The high-level approach and emphasis on scientific rigor provides insights on ways to improve cyber warfare defense worldwide. Cyber Warfare: Building the Scientific Foundation targets researchers and practitioners working in cyber security, especially government employees or contractors. Advanced-level students in computer science and electrical engineering with an interest in security will also find this content valuable as a secondary textbook or reference.

The field of database security has expanded greatly, with the rapid development of global inter-networked infrastructure. Databases are no longer stand-alone systems accessible only to internal users of organizations. Today, businesses must allow selective access from different security domains. New data services emerge every day, bringing complex challenges to those whose job is to protect data security. The Internet and the web offer means for collecting and sharing data with unprecedented flexibility and convenience, presenting threats and challenges of their own. This book identifies and addresses these new challenges and more, offering solid advice for practitioners and researchers in industry.

Our cyber defenses are static and are governed by lengthy processes, e.g., for testing and security patch deployment. Adversaries could plan their attacks carefully over time and launch attacks at cyber speeds at any given moment. We need a new class of defensive strategies that would force adversaries to continually engage in reconnaissance and re-planning of their cyber operations. One such strategy is to present adversaries with a moving target where the attack surface of a system keeps changing. Moving Target Defense II: Application of Game Theory and Adversarial Modeling includes contributions from world experts in the cyber security field. In the first volume of MTD, we presented MTD approaches based on software transformations, and MTD approaches based on network and software stack configurations. In this second volume of MTD, a group of leading researchers describe game theoretic, cyber maneuver, and software transformation approaches for constructing and analyzing MTD systems. Designed as a professional book for practitioners and researchers working in the cyber security field, advanced -level students and researchers focused on computer science will also find this book valuable as a secondary text book or reference.

This book features a wide spectrum of the latest computer science research relating to cyber warfare, including military and policy dimensions. It is the first book to explore the scientific foundation of cyber warfare and features research from the areas of artificial intelligence, game theory, programming languages, graph theory and more. The high-level approach and emphasis on scientific rigor provides insights on ways to improve cyber warfare defense worldwide. Cyber Warfare: Building the Scientific Foundation targets researchers and practitioners working in cyber security, especially government employees or contractors. Advanced-level students in computer science and electrical engineering with an interest in security will also find this content valuable as a secondary textbook or reference.

This Springer Brief examines the tools based on attack graphs that help reveal network hardening threats. Existing tools detail all possible attack paths leading to critical network resources. Though no current tool provides a direct solution to remove the threats, they are a more efficient means of network defense than relying solely on the experience and skills of a human analyst. Key background information on attack graphs and network hardening helps readers understand the complexities of these tools and techniques. A common network hardening technique generates hardening solutions comprised of initially satisfied conditions, thereby making the solution more enforceable. Following a discussion of the complexity issues in this technique, the authors provide an improved technique that considers the dependencies between hardening options and employs a near-optimal approximation algorithm to scale linearly with the size of the inputs. Also included are automated solutions for hardening a network against sophisticated multi-step intrusions. Network Hardening: An Automated Approach to Improving Network Security is a valuable resource for researchers and professionals working in network security. It is also a useful tool for advanced-level students focused on security in computer science and electrical engineering.

This book presents a range of cloud computing security challenges and promising solution paths. The first two chapters focus on practical considerations of cloud computing. In Chapter 1, Chandramouli, Iorga, and Chokani describe the evolution of cloud computing and the current state of practice, followed by the challenges of cryptographic key management in the cloud. In Chapter 2, Chen and Sion present a dollar cost model of cloud computing and explore the economic viability of cloud computing with and without security mechanisms involving cryptographic mechanisms. The next two chapters address security issues of the cloud infrastructure. In Chapter 3, Szefer and Lee describe a hardware-enhanced security architecture that protects the confidentiality and integrity of a virtual machine's memory from an untrusted or malicious hypervisor. In Chapter 4, Tsugawa et al. discuss the security issues introduced when Software-Defined Networking (SDN) is deployed within and across clouds. Chapters 5-9 focus on the protection of data stored in the cloud. In Chapter 5, Wang et al. present two storage isolation schemes that enable cloud users with high security requirements to verify that their disk storage is isolated from some or all other users, without any cooperation from cloud service providers. In Chapter 6, De Capitani di Vimercati, Foresti, and Samarati describe emerging approaches for protecting data stored externally and for enforcing fine-grained and selective accesses on them, and illustrate how the combination of these approaches can introduce new privacy risks. In Chapter 7, Le, Kant, and Jajodia explore data access challenges in collaborative enterprise computing environments where multiple parties formulate their own authorization rules, and discuss the problems of rule consistency, enforcement, and dynamic updates. In Chapter 8, Smith et al. address key challenges to the practical realization of a system that supports query execution over remote encrypted data without exposing decryption keys or plaintext at the server. In Chapter 9, Sun et al. provide an overview of secure search techniques over encrypted data, and then elaborate on a scheme that can achieve privacy-preserving multi-keyword text search. The next three chapters focus on the secure deployment of computations to the cloud. In Chapter 10, Oktay el al. present a risk-based approach for workload partitioning in hybrid clouds that selectively outsources data and computation based on their level of sensitivity. The chapter also describes a vulnerability assessment framework for cloud computing environments. In Chapter 11, Albanese et al. present a solution for deploying a mission in the cloud while minimizing the mission's exposure to known vulnerabilities, and a cost-effective approach to harden the computational resources selected to support the mission. In Chapter 12, Kontaxis et al. describe a system that generates computational decoys to introduce uncertainty and deceive adversaries as to which data and computation is legitimate. The last section of the book addresses issues related to security monitoring and system resilience. In Chapter 13, Zhou presents a secure, provenance-based capability that captures dependencies between system states, tracks state changes over time, and that answers attribution questions about the existence, or change, of a system's state at a given time. In Chapter 14, Wu et al. present a monitoring capability for multicore architectures that runs monitoring threads concurrently with user or kernel code to constantly check for security violations. Finally, in Chapter 15, Hasan Cam describes how to manage the risk and resilience of cyber-physical systems by employing controllability and observability techniques for linear and non-linear systems.

Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats was developed by a group of leading researchers. It describes the fundamental challenges facing the research community and identifies new promising solution paths. Moving Target Defense which is motivated by the asymmetric costs borne by cyber defenders takes an advantage afforded to attackers and reverses it to advantage defenders. Moving Target Defense is enabled by technical trends in recent years, including virtualization and workload migration on commodity systems, widespread and redundant network connectivity, instruction set and address space layout randomization, just-in-time compilers, among other techniques. However, many challenging research problems remain to be solved, such as the security of virtualization infrastructures, secure and resilient techniques to move systems within a virtualized environment, automatic diversification techniques, automated ways to dynamically change and manage the configurations of systems and networks, quantification of security improvement, potential degradation and more. Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats is designed for advanced -level students and researchers focused on computer science, and as a secondary text book or reference. Professionals working in this field will also find this book valuable.

This book constitutes the refereed proceedings of the 18th European Symposium on Computer Security, ESORICS 2013, held in Egham, UK, in September 2013.

The 43 papers included in the book were carefully reviewed and selected from 242 papers. The aim of ESORICS is to further the progress of research in computer security by establishing a European forum for bringing together researchers in this area, by promoting the exchange of ideas with system developers and by encouraging links with researchers in related areas. The papers cover all topics related to security, privacy and trust in computer systems and networks.

This volume contains the papers presented at three workshops embedded in the 19th IFIP International Conference on Information Security (SEC2004), which was sponsored by the International Federation for Information Processing (IFIP) and held in August 2004 as a co-located conference of the 18th IFIP World Computer Congress in Toulouse, France. The first workshop was organized by IFIP Working Group 11.1, which is itself dedicated to Information Security Management, i.e., not only to the practical implementation of new security technology issued from recent research and development, but also and mostly to the improvement of security practice in all organizations, from multinational corporations to small enterprises. Methods and techniques are developed to increase personal awareness and education in security, analyze and manage risks, identify security policies, evaluate and certify products, processes and systems. The second workshop was organized by IFIP Working Group 11.8, dedicated to Information Security Education. This year, the workshop was aimed at developing a first draft of an international doctorate program allowing a specialization in IT Security.The draft is based upon selected papers from individuals or groups (from academic, military and government organizations), and discussions at the workshop. This draft will be further refined and eventually published as an IFIP Report. Finally, the last workshop was organized by IFIP Working Group 11.4 on Network Security. The purpose of the workshop was to bring together privacy and anonymity experts from around the world to discuss recent advances and new perspectives on these topics that are increasingly important aspects in electronic services, especially in advanced distributed applications, such as m-commerce, agent-based systems, P2P, etc. The carefully selected papers gathered in this volume show the richness of the information security domain, as well as the liveliness of the working groups cooperating in the IFIP Technical Committee 11 on Security and Protection in Information Processing Systems. Information Security Management, Education and Privacy is essential reading for scholars, researchers, and practitioners interested in keeping pace with the ever-growing field of information security.

Security is probably the most critical factor for the development of the "Information Society". E-government, e-commerce, e-healthcare and all other e-activities present challenging security requirements that cannot be satisfied with current technology, except maybe if the citizens accept to waive their privacy, which is unacceptable ethically and socially. New progress is needed in security and privacy-preserving technologies. On these foundations, the IFIP/SEC conference has been established from the eighties as one of the most important forums for presenting new scientific research results as well as best professional practice to improve the security of information systems. This balance between future technology improvements and day-to-day security management has contributed to better understanding between researchers, solution providers and practitioners, making this forum lively and fruitful. Security and Protection in Information Processing Systems contains the papers selected for presentation at the 19th IFIP International Conference on Information Security (SEC2004), which was held in August 2004 as a co-located conference of the 18th IFIP World Computer Congress in Toulouse, France. The conference was sponsored by the International Federation for Information Processing (IFIP).This volume is essential reading for scholars, researchers, and practitioners interested in keeping pace with the ever-growing field of information security.

Intrusion Detection In Distributed Systems: An Abstraction-Based Approach presents research contributions in three areas with respect to intrusion detection in distributed systems. The first contribution is an abstraction-based approach to addressing heterogeneity and autonomy of distributed environments. The second contribution is a formal framework for modeling requests among cooperative IDSs and its application to Common Intrusion Detection Framework (CIDF). The third contribution is a novel approach to coordinating different IDSs for distributed event correlation.

This sixth volume in the series Integrity and Internal Control in Information Systems is a state-of-the-art collection of papers in the area of integrity within information systems and the relationship between integrity in information systems and the overall internal control systems that are established in organizations to support corporate governance codes. Integrity and Internal Control in Information Systems VI represents a continuation of the dialogue between information security specialists, internal control specialists and the business community. The objectives of this dialogue are: To present methods and techniques that will help business achieve the desired level of integrity in information systems and data; To present the results of research that may in future be used to increase the level of integrity or help management maintain the desired level of integrity; To investigate the shortcomings in the technologies presently in use, shortcomings that require attention in order to protect the integrity of systems in general.The book contains a collection of papers from the Sixth International Working Conference on Integrity and Internal Control in Information Systems (IICIS), sponsored by the International Federation for Information Processing (IFIP) and held in Lausanne, Switzerland in November 2003. It will be essential reading for academics and practitioners in computer science, information technology, business informatics, accountancy and IT-auditing.

New technology is always evolving and companies must have appropriate security for their business to be able to keep up-to-date with the changes. With the rapid growth in internet and www facilities, database security will always be a key topic in business and in the public sector and has implications for the whole of society. Database Security Volume XII covers issues related to security and privacy of information in a wide range of applications, including: * Electronic Commerce * Informational Assurances * Workflow * Privacy * Policy Modeling * Mediation * Information Warfare Defense * Multilevel Security * Role-based Access Controls * Mobile Databases * Inference * Data Warehouses and Data Mining. This book contains papers and panel discussions from the Twelfth Annual Working Conference on Database Security, organized by the International Federation for Information Processing (IFIP) and held July 15-17, 1998 in Chalkidiki, Greece. Database Security Volume XII will prove invaluable reading for faculty and advanced students as well as for industrial researchers and practitioners working in the area of database security research and development.

Dear readers, Although it is well-known that confidentiality, integrity and availability are high level objectives of information security, much of the attention in the security arena has been devoted to the confidentiality and availability aspects of security. IFIP TC-ll Working Group 11. 5 has been charged with exploring the area of the integrity objective within information security and the relationship between integrity in information systems and the overall internal control systems that are established in organizations to support the corporate governance codes. In this collection you will not only find the papers that have been presented during the first working conference dedicated to the subject (section A) but also some of the papers that have formed the basis for the current activities of this working group (section B). Finally some information about IFIP TC-ll and its working groups is included (section C). This first working conference is the start for an ongoing dialog between the information security specialists and the internal control specialists so that both may work more effectively together to assist in creating effective business systems in the future.

Information Hiding: Steganography and Watermarking - Attacks and Countermeasures deals with information hiding. With the proliferation of multimedia on the Internet, information hiding addresses two areas of concern: privacy of information from surveillance (steganography) and protection of intellectual property (digital watermarking). Steganography (literally, covered writing) explores methods to hide the existence of hidden messages. These methods include invisible ink, microdot, digital signature, covert channel, and spread spectrum communication. Digital watermarks represent a commercial application of steganography. Watermarks can be used to track the copyright and ownership of electronic media. In this volume, the authors focus on techniques for hiding information in digital media. They analyze the hiding techniques to uncover their limitations. These limitations are employed to devise attacks against hidden information. The goal of these attacks is to expose the existence of a secret message or render a digital watermark unusable. In assessing these attacks, countermeasures are developed to assist in protecting digital watermarking systems.Understanding the limitations of the current methods will lead us to build more robust methods that can survive various manipulation and attacks. The more information that is placed in the public's reach on the Internet, the more owners of such information need to protect themselves from theft and false representation. Systems to analyze techniques for uncovering hidden information and recover seemingly destroyed information will be useful to law enforcement authorities in computer forensics and digital traffic analysis. Information Hiding: Steganography and Watermarking - Attacks and Countermeasures presents the authors' research contributions in three fundamental areas with respect to image-based steganography and watermarking: analysis of data hiding techniques, attacks against hidden information, and countermeasures to attacks against digital watermarks. Information Hiding: Steganography and Watermarking -- Attacks and Countermeasures is suitable for a secondary text in a graduate level course, and as a reference for researchers and practitioners in industry.

Motivation Modem enterprises rely on database management systems (DBMS) to collect, store and manage corporate data, which is considered a strategic corporate re source. Recently, with the proliferation of personal computers and departmen tal computing, the trend has been towards the decentralization and distribution of the computing infrastructure, with autonomy and responsibility for data now residing at the departmental and workgroup level of the organization. Users want their data delivered to their desktops, allowing them to incor porate data into their personal databases, spreadsheets, word processing doc uments, and most importantly, into their daily tasks and activities. They want to be able to share their information while retaining control over its access and distribution. There are also pressures from corporate leaders who wish to use information technology as a strategic resource in offering specialized value-added services to customers. Database technology is being used to manage the data associated with corporate processes and activities. Increasingly, the data being managed are not simply formatted tables in relational databases, but all types of ob jects, including unstructured text, images, audio, and video. Thus, the database management providers are being asked to extend the capabilities of DBMS to include object-relational models as well as full object-oriented database man agement systems.

Information security is receiving a great deal of attention as computers increasingly process more and more sensitive information. A multilevel secure database management system (MLS DBMS) is designed to store, retrieve and process information in compliance with certain mandatory security requirements, essential for protecting sensitive information from unauthorized access, modification and abuse. Such systems are characterized by data objects labeled at different security levels and accessed by users cleared to those levels. Unless transaction processing modules for these systems are designed carefully, they can be exploited to leak sensitive information to unauthorized users. In recent years, considerable research has been devoted to the area of multilevel secure transactions that has impacted the design and development of trusted MLS DBMS products. Multilevel Secure Transaction Processing presents the progress and achievements made in this area. The book covers state-of-the-art research in developing secure transaction processing for popular MLS DBMS architectures, such as kernelized, replicated, and distributed architectures, and advanced transaction models such as workflows, long duration and nested models. Further, it explores the technical challenges that require future attention. Multilevel Secure Transaction Processing is an excellent reference for researchers and developers in the area of multilevel secure database systems and may be used in advanced level courses in database security, information security, advanced database systems, and transaction processing.

Integrity and Internal Control in Information Systems is a state-of-the-art book that establishes the basis for an ongoing dialogue between the IT security specialists and the internal control specialists so that both may work more effectively together to assist in creating effective business systems in the future. Building on the issues presented in the preceding volume of this series, this book seeks further answers to the following questions: What precisely do business managers need in order to have confidence in the integrity of their information systems and their data? What is the status quo of research and development in this area? Where are the gaps between business needs on the one hand and research/development on the other; what needs to be done to bridge these gaps? Integrity and Internal Control in Information Systems contains the selected proceedings of the Second Working Conference on Integrity and Internal Control in Information Systems, sponsored by the International Federation for Information Processing (IFIP) and held in Warrenton, Virginia, USA, in November 1998. It will be essential reading for academics and practitioners in computer science, information technology, business informatics, accountancy and edp-auditing.