Vladimir Gorodetsky Igor Kotenko Victor Skormin (Eds.)

Computer Network Security

Third International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security, MMM-ACNS 2005 St. Petersburg, Russia, September 25-27, 2005 Proceedings

Sprin ger

Table of Contents

Invited Papers

Self-managed Cells for Ubiquitous Systems Naranker Dulay, Emil Lupu, Morris Sloman, Joe Sventek, Nagwa Badr, Stephen Reeps 1

Critical Information Assurance Challenges for Modern Large-Scale Infrastructures

Ming- Yuh Huang 7

Rule-Based Topological Vulnerability Analysis Vipin Swarup, Sushil Jajodia, Joseph Pamula 23

Models and Analysis of Active Worm Defense David M. Nicol, Michael Liljenstam 38

Prevention of Information Attacks by Run-Time Detection of Self-replication in Computer Codes

Douglas Summerville, Victor Skormin, Alexander Volynkin, James Moronski 54

Mathematical Models, Architectures and Protocols for Computer Network Security

Calibrating Entropy Functions Applied to Computer Networks Duncan A. Buell 76

A Passive External Web Surveillance Technique for Private Networks Constantine Daicos, Scott Knight 88

A Secure Way to Combine IPsec, NAT & DHCP Jacques Demerjian, Ibrahim Hajjeh, Mohamad Badra, Salim Ferraz 104

A Generic Model for Analyzing Security Protocols Yonggen Gu, Yuxi Fu, Farong Zhong, Han Zhu 119

Networks, Markov Lie Monoids, and Generalized Entropy Joseph E. Johnson 129

XII Table of Contents

Trust by Workflow in Autonomie Communication Mikhail I. Smirnov 136

An Ontology-Based Approach to Information Systems Security Management

Bill Tsoumas, Stelios Dritsas, Dimitris Gritzalis 151

Authentication, Authorization and Access Control

Safety Problems in Access Control with Temporal Constraints Philippe Balbiani, Fahima Cheikh 165

A Modal Logic for Role-Based Access Control Thumrongsak Kosiyatrakul, Susan Older, Shiu-Kai Chin 179

Unique User-Generated Digital Pseudonyms Peter Schartner, Martin Schaffer 194

Information Flow Analysis, Covert Channels and Trust Management

A Probabilistic Property-Specific Approach to Information Flow Daniele Beauquier, Marie Duflot, Marius Minea 206

Generalized Abstract Non-interference: Abstract Secure Information-Flow Analysis for Automata

Roberto Giacobazzi, Isabella Mastroeni 221

Detection of Illegal Information Flow Alexander Grusho, Alexander Kniazev, Elena Timonina 235

Towards More Controllable and Practical Delegation Gang Yin, Huaimin Wang, Dianxi Shi, Haiya Gu 245

Security Policy and Operating System Security

Policy-Driven Routing Management Using CIM Felix J. Garcia demente, Jesus D. Jimenez Re, Gregorio Martinez Perez, Antonio F. Gömez Skarmeta 259

Secure Hybrid Operating System "Linux over Fenix" Dmitry P. Zegzhda, Alex M. Vovk 272

Table of Contents XIII

A Formal Description of SECIMOS Operating System Zhouyi Zhou, Bin Liang, Li Jiang, Wenchang Shi, Yeping He 286

Threat Modeling, Vulnerability Assessment and Network Forensics

A Theoretical Model for the Average Impact of Attacks on Billing Infrastructures

Fabrizio Baiardi, Claudio Telmon 298

Analyzing Vulnerabilities and Measuring Security Level at Design and Exploitation Stages of Computer Network Life Cycle

Igor Kotenko, Mihail Stepashkin 311

A Temporal Logic-Based Model for Forensic Investigation in Networked System Security

Slim Rekhis, Noureddine Boudriga 325

Vulnerabilities Detection in the Configurations of MS Windows Operating System

Peter D. Zegzhda, Dmitry P. Zegzhda, Maxim 0. Kalinin 339

Intrusion Detection

Hybrid Intrusion Detection Model Based on Ordered Sequences Abdulrahman Alharby, Hideki Imai 352

Asynchronous Alert Correlation in Multi-agent Intrusion Detection Systems

Vladimir Gorodetsky, Oleg Karsaev, Vladimir Samoilov, Alexander Ulanov 366

Behavior-Based Model of Detection and Prevention of Intrusions in Computer Networks

Victor Serdiouk 380

A Formal Immune Network and Its Implementation for On-line Intrusion Detection

Alexander 0. Tarakanov, Sergei V. Kvachev, Alexander V. Sukhorukov 394

XIV Table of Contents

Short Papers

Foundation for a Time Interval Access Controi Model Francis B. Afinidad, Timothy E. Levin, Cynthia E. Irvine, Thuy D. Nguyen 406

Developing an Insider Threat Model Using Functional Decomposition Jonathan W. Butts, Robert F. Mills, Rusty 0. Baldwin 412

An XML-Seamless Policy Based Management Framework Felix J. Garcia Clemente, Gregorio Martinez Perez, Antonio F. Gömez Skarmeta 418

Statistical Covert Channels Through PROXY Server Alexei Galatenko, Alexander Grusho, Alexander Kniazev, Elena Timonina 424

Encoding Private Key in Fingerprint Ernö Jeges, Zoltän Hornäk, Csaba Körmöczi 430

A New Scheme for the Location Information Protection in Mobile Communication Environments

Soon Seok Kim, Sang Soo Yeo, Bong Jin Park, Sung Kwon Kim 436

Region Protection/Restoration Scheme in Survivable Networks Wojciech Molisz, Jacek Rak 442

Massive Data Mining for Polymorphie Code Detection Udo Payer, Peter Teufl, Stefan Kraxberger, Mario Lamberger 448

Key Escrow with Tree-Based Access Structure Martin Schaffer, Peter Schartner 454

Security Checker Architecture for Policy-Based Security Management Artem Tishkov, Igor Kotenko, Ekaterina Sidelnikova 460

An Efficient Access Controi Model Utilized the Attribute Certificate Structuring

Soomi Yang 466

Secure Protected Password Change Scheme Eun-Jun Yoon, Eun-Kyung Ryu, Kee- Young Yoo 472

Author Index 479