by Padmavathi, G.; Annadurai, S.

Multicast communication is going to be the communication paradigm of all future networks. Secure multicasting is a very vital problem in today’s networks. In secure multicasting, the group members share a common key called the group key. Whenever the group members change, the group key must be changed. Therefore, many multicast security problems are abstracted into key management and distribution problems. The problem of distributing cryptographic keys to the group members in an optimum way that minimizes the communication and storage overheads are the important objectives of a secure multicast problem. In this paper, an efficient key management technique is proposed that minimizes the number of message exchanges and the number of keys stored. Existing key management methods have O(N) and O(log N) overheads. The proposed method shows further improvement. The model has been simulated and the results show improvements to existing approaches.

DOI: 10.1007/s10922-005-6266-2
Print publication date: 9/1/2005
View article on SpringerLink

by Clemm, Alexander; Festor, Olivier; Pras, Aiko

DOI: 10.1007/s10922-005-7774-6
Print publication date: 9/1/2005
View article on SpringerLink

by

DOI: 10.1007/s10922-005-6533-z
Print publication date: 9/1/2005
View article on SpringerLink

by Dawkins, J.; Clark, K.; Manes, G.; Papa, M.

A comprehensive network security management system must coordinate detection and scanning tools for converged networks; derive fully-integrated attack and network models; perform vulnerability and multi-stage attack analysis; support large-scale attack visualization; and possibly orchestrate strategic responses to unwarranted actions that cross network boundaries. We present an architecture that embodies these principles. The unified network security management system described in this paper gleans data from a suite of detection tools for various networking domains. Aggregate real-time network data supplies a comprehensive modeling framework used for further analysis, correlation, and visualization. The resulting system not only provides network administrators with a heads-up cockpit display of their entire network, it also supports guided response and predictive capabilities for multi-stage attacks in converged networks.

DOI: 10.1007/s10922-005-6292-x
Print publication date: 9/1/2005
View article on SpringerLink

by Westphall, Carla Merkle; Fraga, Joni da Silva

This paper proposes extending the CORBA (Common Object Request Broker Architecture) security model to make possible the use of mandatory policies and policy management in distributed applications. Mandatory policies and a policy service were proposed for insertion in the JaCoWeb Project, which is developing an authorization scheme for large-scale networks based on CORBA security standards. In this paper, there is a combination of client-side and server-side access control, in a single domain. Our mandatory control is carried out on the level of ORB (Object Request Broker), on the client side, preventing, in unauthorized accesses, the emission of the corresponding requisition, the associated processing on the server and also, the generation of new requests through this unauthorized processing. In this paper, operations of security management not currently included in the OMG standards are also proposed. The paper further presents implementation results and an evaluation of these results based on common criteria.

DOI: 10.1007/s10922-005-6271-2
Print publication date: 9/1/2005
View article on SpringerLink

by Chand, Prem

DOI: 10.1007/s10922-005-6290-z
Print publication date: 9/1/2005
View article on SpringerLink

by Hu, Yi; Panda, Brajendra

Existing host-based Intrusion Detection Systems use the operating system log or the application log to detect misuse or anomaly activities. These methods are not sufficient for detecting intrusion in the database systems. In this paper, we describe a method for detecting malicious activities in a database management system by using data dependency relationships. Typically, before a data item is updated in the database, some other data items are read or written. And after the update, other data items may also be written. These data items read or written in the course of update of a data item construct the read set, prewrite set, and the postwrite set for this data item. The proposed method identifies malicious transactions by comparing these sets with data items read or written in user transactions. We have provided mechanisms for finding data dependency relationships among transactions and use Petri-Nets to model normal data update patterns at user task level. Using this method, we ascertain more hidden anomalies in the database log. Our simulation on synthetic data reveals that the proposed model can achieve desirable performance when both transaction and user task level intrusion detection methods are employed.

DOI: 10.1007/s10922-005-6264-1
Print publication date: 9/1/2005
View article on SpringerLink

by Manes, Gavin W.; Schulte, Dominic; Guenther, Seth; Shenoi, Sujeet

Network vulnerability analysis tools today do not provide a complete security awareness solution. Currently, network administrators utilize multiple analysis tools in succession or randomly in a patchwork fashion that provides only temporary assurance. This paper introduces NetGlean as a methodology for distributed network security scanning with a holistic approach to network analysis. NetGlean uses new and existing techniques in a continual, autonomous, evolutionary manner to provide powerful real-time and historical views of large and complex networks. This paper introduces the methodology and describes one implementation NetGleanIP, a scanner for IP and converged networks.

DOI: 10.1007/s10922-005-6263-2
Print publication date: 9/1/2005
View article on SpringerLink

by Kabay, M. E.

DOI: 10.1007/s10922-005-6262-3
Print publication date: 9/1/2005
View article on SpringerLink

by Brusil, Paul; Hale, John

DOI: 10.1007/s10922-005-6261-5
Print publication date: 9/1/2005
View article on SpringerLink