The need for information security education

Inadequate security has left individuals and corporations more vulnerable to illegal activities such as computer fraud, telecommunications abuse, and the unauthorized disclosure, modification, or destruction of information. Computer crime is rising and estimates of financial losses due to computer abuse range into the billions of dollars.¹ In the absence of more secure computer and networked systems, the number of system disruptions, intrusions into personal privacy, and incidences that result in economic and human losses will increase.     

Approximate algorithms with generalizing attribute values for k-anonymity

When a table containing individual data is published, disclosure of sensitive information should be prohibitive. Since simply removing identifiers such as name and social security number may reveal the sensitive information by linking attacks which joins the published table with other tables on some attributes, the notion of k-anonymity which makes each record in the table be indistinguishable with k−1 other records by suppression or generalization has been proposed previously. It is shown to be NP-hard to k-anonymize a table minimizing information loss. The approximation algorithms with up to O(k) approximation ratio were proposed when generalization is used for anonymization.     

Multilevel security: reprise

Multilevel security is the prevention of unauthorized disclosure among multiple information classes. The threat source for the disclosures includes unauthorized users and subverted software operating on behalf of authorized users. The terminology might be more explicit if we could call this concept multidomain confidentiality, but it is worth resisting multiplying terminology. Nonetheless, we should understand that multilevel security means multidomain confidentiality. The author asks if there is less need for multilevel security today, and if there is still a need, how we might address it.     

A formal analysis of information disclosure in data exchange

We perform a theoretical study of the following query-view security problem: given a view V to be published, does V logically disclose information about a confidential query S? The problem is motivated by the need to manage the risk of unintended information disclosure in today's world of universal data exchange. We present a novel information-theoretic standard for query-view security. This criterion can be used to provide a precise analysis of information disclosure for a host of data exchange scenarios, including multi-party collusion and the use of outside knowledge by an adversary trying to learn privileged facts about the database. We prove a number of theoretical results for deciding security according to this standard. We also generalize our security criterion to account for prior knowledge a user or adversary may possess, and introduce techniques for measuring the magnitude of partial disclosures. We believe these results can be a foundation for practical efforts to secure data exchange frameworks, and also illuminate a nice interaction between logic and probability theory.     

Net-Jacking on the National Information Highway

Policies, standards, surveys, and assessment questionnaires do not currently provide consistent or complete lists of threats to information for identifying controls, conducting assessments, or establishing priorities in information security. The usual short list of four common threats — unauthorized modification, unauthorized use, destruction, and disclosure — is clearly incomplete and redundant. For example, more extensive lists often include fraud, theft, sabotage, and espionage. However, these threats are legal abstractions that require expertise in criminal law to understand. Often, users and even security specialists don't understand the criminal legal implications of these terms or have a distorted view of them.

A further problem is that these lists typically fail to include some of the most common threats to organizations as shown by actual experience of information loss. These include such important violations of the law as trespass, burglary, extortion, and larceny, as well as such general threats as false data entry, repudiation, failure to perform, deception, misrepresentation, and delay.     

Efficient and privacy-preserving skyline computation framework across domains

Skyline computation, which returns a set of interesting points from a potentially huge data space, has attracted considerable interest in big data era. However, the flourish of skyline computation still faces many challenges including information security and privacy-preserving concerns. In this paper, we propose a new efficient and privacy-preserving skyline computation framework across multiple domains, called EPSC. Within EPSC framework, a skyline result from multiple service providers will be securely computed to provide better services for the client. Meanwhile, minimum privacy disclosure will be elicited from one service provider to another during skyline computation. Specifically, to leverage the service provider’s privacy disclosure and achieve almost real-time skyline processing and transmission, we introduce an efficient secure vector comparison protocol (ESVC) to construct EPSC, which is exclusively based on two novel techniques: fast secure permutation protocol (FSPP) and fast secure integer comparison protocol (FSIC). Both protocols allow multiple service providers to calculate skyline result interactively in a privacy-preserving way. Detailed security analysis shows that the proposed EPSC framework can achieve multi-domain skyline computation without leaking sensitive information to each other. In addition, performance evaluations via extensive simulations also demonstrate the EPSC’s efficiency in terms of providing skyline computation and transmission while minimizing the privacy disclosure across different domains.     

基于主观Bayes方法的企业信息安全预警方法

信息安全是指防止未经授权的使用、披露、破坏、修改、查看记录和销毁访问信息与信息系统。使用数据挖掘技术,我们可以完成对信息安全的预警。主观Bayes方法是一种不确定性推理方法,影响信息安全的因素定义为证据,由安全专家给出或从统计历史数据得出证据的充分度量LS值,使用这种方法,可以推理出企业安全预警的值。     

基于无盘网络的重要信息系统安全应用研究

一些政府部门和企业,有完全Internet物理隔离的重要数据,相比可能受到来自外网攻击的数据来说,这些信息更加重要。目前,这种类型的应用大多是通过建立专网实现的。传统的专网存在很多安全隐患:来自使用者不恰当的操作、运行变慢和病毒木马、未授权人员的接触后恶意破坏、外部维修人员有意或无意的泄密……其安全在很大程度上依赖于使用者的素质,而不是从管理和技术角度严格限定。本文从网络环境和数据加密两方面,建立了一种重要信息系统安全网络模型,并在实践中通过了长时间的使用测试。测试证明,这种网络安全性高、可靠性好、扩展性强、维护需求小、实现费用低,即使发生最坏的情况,泄密也可控制在相对最小范围内,是一种具有较高推广价值的安全网络。     

一种面向操作系统应用类的安全策略

从保密性和完整性的角度分析了用户普遍使用的,建立在自主访问控制机制上的,应用在高安全等级操作系统上运行所面临的安全问题,提出了一种面向应用类的安全策略。面向应用类的安全策略将用户使用的应用抽象为应用类,定义了主体的运行状态——用户域和应用域以及客体的类别——用户数据和应用类数据,定义了用户数据访问控制规则,应用类数据访问控制规则以及主体安全状态的迁移规则,防止了用户数据的非授权泄露和应用类数据的非受权修改,为用户建立了一种高安全的应用环境。     

Multi-Agent-Based Anomaly Intrusion Detection

ABSTRACT

Cyber security has emerged as an established discipline for computer systems and infrastructures with a focus on protecting information stored on those systems from adversaries who want to obtain, damage, corrupt, modify, destroy, or prohibit access to it. Several information security techniques are available to protect information systems against unauthorized use, duplication, modification, destruction, and virus attacks. An Intrusion Detection System (IDS) is a program that analyzes what happens or has happened during an execution and finds indications that the computer has been misused. In this paper, we have proposed an effective IDS in which a local agent present in every node collects data from its own system and classifies anomaly behaviors using SVM classifier. The local agent uses the mobile agent to gather information from the neighboring node to check its integrity before it allows the system to send data to its neighboring node. The local agent is also capable of removing the local system from network if the system is found to be under attack, thereby providing a global secure environment. Our system identifies successful attacks from the anomaly behaviors.     

Try ITF,You'll like ITF

Abstract

Corporations have incredible amounts of data that is created, acquired, modified, stored, and transmitted. This data is the life blood of the corporation and must be protected like any other strategic asset. The controls established to prevent unauthorized individuals from accessing a company's or a customer's data will depend on the data itself and the laws and regulations that have been enacted to protect that data. A company also has proprietary information, including research, customer lists, bids, and proposals — information the company needs to survive and thrive, as well as personal, medical, and financial information and securityrelated information such as passwords, physical access control and alarm documentation, firewall rules, security plans, security test and evaluation plans, risk assessments, disaster recovery plans, and audit reports. Suppliers and business partners may have shared their proprietary information to enable business processes and joint ventures. Appropriate access controls should be implemented to restrict access to all of these types of information. The effectiveness of any control will depend on the environment in which it is implemented and how it is implemented.     

A warranty of cyberworthiness

It is argued that before customers will purchase and use new, expansive, and ubiquitous computing products, they want reliable assurances that the processing software will protect sensitive and confidential data entrusted to it. Unfortunately, if security warranties were to be added to a software license, they would appear too absolute and unlimited. Currently,software makers resist offering cybersecurity warranties, and will continue to do so if the only one they consider is the unattainable absolute security they can't, in good faith, cover with an unlimited warranty. But what if the warranty were something less ambitious, more immediately attainable, and more beneficial (for both customers and makers)? The article explores the possibilities of a written warranty that vouches for an applications capabilities to protect confidential information from unauthorized access from, or disclosure to, cyberspace, a warranty of cyberworthiness.     

一个多级安全关系数据模型

本文道德给出了一个基于数据项的多级安全关系数据模型的形式化描述，然后就其完整性进行了较详细的讨论。     

谈网络安全的防范措施

网络安全主要是保障个人数据或企业的信息在网络中的保密性、完整性、不可否认性,防止信息的泄露和破坏,防止信息资源的非授权访问。对于网络管理者来说,网络安全的主要任务是保障合法用户正常使用网络资源,避免病毒、拒绝服务、远程控制、非授权访问等安全威胁,及时发现安全漏洞,制止攻击行为等。从教育和意识形态方面,网络安全主要是保障信息内容的合法与健康,控制含不良内容的信息在网络中的传播。     

Association rule hiding

Large repositories of data contain sensitive information that must be protected against unauthorized access. The protection of the confidentiality of this information has been a long-term goal for the database security research community and for the government statistical agencies. Recent advances in data mining and machine learning algorithms have increased the disclosure risks that one may encounter when releasing data to outside parties. A key problem, and still not sufficiently investigated, is the need to balance the confidentiality of the disclosed data with the legitimate needs of the data users. Every disclosure limitation method affects, in some way, and modifies true data values and relationships. We investigate confidentiality issues of a broad category of rules, the association rules. In particular, we present three strategies and five algorithms for hiding a group of association rules, which is characterized as sensitive. One rule is characterized as sensitive if its disclosure risk is above a certain privacy threshold. Sometimes, sensitive rules should not be disclosed to the public since, among other things, they may be used for inferring sensitive data, or they may provide business competitors with an advantage. We also perform an evaluation study of the hiding algorithms in order to analyze their time complexity and the impact that they have in the original database.     

Quantum secret sharing without monitoring signal disturbance

Secret sharing, in which a dealer wants to split a secret in such a way that any unauthorized subsets of parties are unable to reconstruct it, plays a key role in cryptography. The security of quantum protocols for the task is guaranteed by the fact that Eve’s any strategies to obtain secret information from encoded quantum states should cause a disturbance in the signal. Here, we propose a quantum secret sharing (classical information) scheme for N parties which is no longer needed to monitor signal disturbance. Comparing to existing qudit-based schemes, this scheme has obvious advantages in feasibility and scalability. Our work paves a novel way for quantum secret sharing.     

浅谈企事业单位的网络安全

什么是网络安全网络安全是指网络系统的硬件、软件及其系统中的数据受到保护,不因偶然的或者恶意的原因而遭受到破坏、更改、泄露,系统连续可靠正常地运行,网络服务不中断。网络安全从其本质上来讲就是网络上的信息安全。网络安全问题来自于网络、软件、工作人员和环境等内外的安全威胁,黑客攻击、病毒干扰和破坏、计算机犯罪,它不仅使网络中的信息被窃取、泄漏、修改和破坏,还会使网络设备、计算机设备遭受威胁和破坏,使系统瘫痪。因此,网络的安全是一项综合的系统工程式,应引起我们的高度重视。     

An Introduction to Insider Threat Management

This column will highlight some of the most significant events taking place in the world of new products directly geared to users of computer systems. As the publisher of ISPNews—INFOSecurity Product News, I have the opportunity to learn about the latest products having an impact on the information systems community. In this regular column, I will select a category of products and report on their distinguishing features. In addition, I will discuss areas of high risk that should be reviewed by those with responsibility for information security and asset protection.

In this inaugural column, I review several of the latest products designed to protect microcomputers, local area networks, and mainframes from unauthorized access through dialin communications lines. These products have not been tested and the author does not claim that they actually perform as the vendor indicates.     

SQL Server中基于角色的访问控制应用

在数据库系统里面,有大量敏感信息并且被不同用户共享,需要对他们安全保护,防止未经授权的访问。访问控制作为一种强有力的保护系统的方式,能保证信息的完整性和机密性。此文先介绍基于角色的访问控制机制,然后在SQL Server平台上应用基于角色的访问控制策略,以保证数据库的安全。     

SQL Server中基于角色的访问控制应用

在数据库系统里面．有大量敏感信息并且被不同用户共享,需要对他们安全保护,防止未经授权的访问。访问控制作为一种强有力的保护系统的方式,能保证信息的完整性和机密性。此文先介绍基于角色的访问控制机制,然后在SQL Server平台上应用基于角色的访问控制策略．以保证数据库的安全。