Emerging Challenges for Security, Privacy and Trust

1. Privacy Protection - Security Assessment

   1. Collaborative Privacy – A Community-Based Privacy Infrastructure

      • Jan Kolter, Thomas Kernchen, Günther Pernul

      Pages 226-236

   2. Security and Privacy Improvements for the Belgian eID Technology

      • Pieter Verhaeghe, Jorn Lapon, Bart De Decker, Vincent Naessens, Kristof Verslype

      Pages 237-247

   3. A Structured Security Assessment Methodology for Manufacturers of Critical Infrastructure Components

      • Thomas Brandstetter, Konstantin Knorr, Ute Rosenbaum

      Pages 248-258

2. Role Mining and Content Protection

   1. Mining Stable Roles in RBAC

      • Alessandro Colantonio, Roberto Di Pietro, Alberto Ocello, Nino Vincenzo Verde

      Pages 259-269

   2. Privacy-Preserving Content-Based Publish/Subscribe Networks

      • Abdullatif Shikfa, Melek Önen, Refik Molva

      Pages 270-282

   3. Broadcast Encryption for Differently Privileged

      • Hongxia Jin, Jeffery Lotspiech

      Pages 283-293

   4. Ontology-Based Secure XML Content Distribution

      • Mohammad Ashiqur Rahaman, Yves Roudier, Philip Miseldine, Andreas Schaad

      Pages 294-306

3. Security Protocols

   1. NGBPA Next Generation BotNet Protocol Analysis

      • Felix S. Leder, Peter Martini

      Pages 307-317

   2. Non-repudiation Analysis with LySa

      • Mayla Brusò, Agostino Cortesi

      Pages 318-329

   3. A Provably Secure Secret Handshake with Dynamic Controlled Matching

      • Alessandro Sorniotti, Refik Molva

      Pages 330-341

   4. Towards a Theory of White-Box Security

      • Amir Herzberg, Haya Shulman, Amitabh Saxena, Bruno Crispo

      Pages 342-352

4. Access Control

   1. On a Taxonomy of Delegation

      • Quan Pham, Jason Reid, Adrian McCullagh, Ed Dawson

      Pages 353-363

   2. Efficient Key Management for Enforcing Access Control in Outsourced Scenarios

      • Carlo Blundo, Stelvio Cimato, Sabrina De Capitani di Vimercati, Alfredo De Santis, Sara Foresti, Stefano Paraboschi et al.

      Pages 364-375

   3. A Probabilistic Bound on the Basic Role Mining Problem and Its Applications

      • Alessandro Colantonio, Roberto Di Pietro, Alberto Ocello, Nino Vincenzo Verde

      Pages 376-386

   4. Automating Access Control Logics in Simple Type Theory with LEO-II

      • Christoph Benzmüller

      Pages 387-398

5. Internet and Web Applications Security

   1. In Law We Trust? Trusted Computing and Legal Responsibility for Internet Security

      • Yianna Danidou, Burkhard Schafer

      Pages 399-409

   2. Persona: Network Layer Anonymity and Accountability for Next Generation Internet

      • Yannis Mallios, Sudeep Modi, Aditya Agarwala, Christina Johns

      Pages 410-420

   3. Jason: A Scalable Reputation System for the Semantic Web

      • Sandra Steinbrecher, Stephan Groß, Markus Meichau

      Pages 421-431

   4. Which Web Browsers Process SSL Certificates in a Standardized Way?

      • Ahmad Samer Wazan, Romain Laborde, David W. Chadwick, François Barrere, AbdelMalek Benzekri

      Pages 432-442

6. Back Matter

   PDF

It was an honor and a privilege to chair the 24th IFIP International Information Se- rity Conference (SEC 2009), a 24-year-old event that has become a tradition for - formation security professionals around the world. SEC 2009 was organized by the Technical Committee 11 (TC-11) of IFIP, and took place in Pafos, Cyprus, during May 18–20, 2009. It is an indication of good fortune for a Chair to serve a conference that takes place in a country with the natural beauty of Cyprus, an island where the hospitality and frie- liness of the people have been going together, hand-in-hand, with its long history. This volume contains the papers selected for presentation at SEC 2009. In response to the call for papers, 176 papers were submitted to the conference. All of them were evaluated on the basis of their novelty and technical quality, and reviewed by at least two members of the conference Program Committee. Of the papers submitted, 39 were selected for presentation at the conference; the acceptance rate was as low as 22%, thus making the conference a highly competitive forum. It is the commitment of several people that makes international conferences pos- ble. That also holds true for SEC 2009. The list of people who volunteered their time and energy to help is really long.

• Trusted Computing
• ad-hoc networks
• botnet protocols
• cryptanalysis
• data security
• egovernment
• encryption
• esignatures
• information
• intrusion detection
• iris recognition
• mobile networking
• privacy
• steganalysis
• voip

• Information Security and Infrastructure Protection Research Group, Dept. of Informatics, Athens University of Economics and Business, Athens, Greece

  Dimitris Gritzalis

• Computer Science Department, E.T.S.I. Informatica, University of Malaga, Malaga, Spain

  Javier Lopez

Policies and ethics