CSE 2009

2009 International Conference on Computational Science and Engineering

CSE 2009

Table of Contents Volume - 3 Message from PASSAT 2009 General Chairs - Volume 3 ........................................................................xii Message from PASSAT 2009 Program Chair - Volume 3 ........................................................................xiii Message from PASSAT 2009 Steering Chairs - Volume 3.......................................................................xiv Message from PASSAT 2009 Workshop Chair - Volume 3.......................................................................xv PASSAT 2009 Organizing and Program Committees Volume 3....................................................................................................................................................................xvi PASSAT 2009 Additional Reviewers - Volume 3.......................................................................................xviii Message from SecureCom 2009 and PSA 2009 Symposium Chairs - Volume 3...................................................................................................................................................xix Message from SSP 2009 Workshop Chairs - Volume 3.............................................................................xx SSP 2009 Organizing and Program Committees - Volume 3..................................................................xxi Keynote Speech: David Chaum - Volume 3 .................................................................................................xxii Keynote Speech: Stephen S. Yau - Volume 3............................................................................................xxiii

Volume 3: The 2009 IEEE International Conference on Privacy, Security, Risk, and Trust (PASSAT 2009) Privacy and Security I Noise Injection for Search Privacy Protection ........................................................................................................1 Shaozhi Ye, Felix Wu, Raju Pandey, and Hao Chen

Privacy-Preserving Bayesian Network for Horizontally Partitioned Data .........................................................9 Saeed Samet and Ali Miri

Privacy-Preserving Multi-agent Constraint Satisfaction .....................................................................................17 Thomas Léauté and Boi Faltings

v

FaceCloak: An Architecture for User Privacy on Social Networking Sites .....................................................26 Wanying Luo, Qi Xie, and Urs Hengartner

Privacy and Security II Adapting Privacy-Preserving Computation to the Service Provider Model .....................................................34 Florian Kerschbaum

Anonymity, Privacy, Onymity, and Identity: A Modal Logic Approach ..........................................................42 Yasuyuki Tsukada, Ken Mano, Hideki Sakurada, and Yoshinobu Kawabe

Privacy-Enhanced Event Scheduling ......................................................................................................................52 Benjamin Kellermann and Rainer Böhme

Privacy Management, the Law & Business Strategies: A Case for Privacy Driven Design ............................................................................................................................................................60 Mary-Anne Williams

Privacy and Security III t-Plausibility: Semantic Preserving Text Sanitization ..........................................................................................68 Wei Jiang, Mummoorthy Murugesan, Chris Clifton, and Luo Si

Policy-Based Malicious Peer Detection in Ad Hoc Networks ...........................................................................76 Wenjia Li, Anupam Joshi, and Tim Finin

Success Likelihood of Ongoing Attacks for Intrusion Detection and Response Systems ........................................................................................................................................................................83 Wael Kanoun, Nora Cuppens-Boulahia, Frédéric Cuppens, Samuel Dubus, and Antony Martin

Risk and Trust Tuning Evidence-Based Trust Models ...................................................................................................................92 Eugen Staab and Thomas Engel

Trust Is in the Eye of the Beholder .......................................................................................................................100 Dimitri DeFigueiredo, Earl Barr, and S. Felix Wu

A Trust-Based Multiagent System ........................................................................................................................109 Richard Seymour and Gilbert L. Peterson

Towards Automating Social Engineering Using Social Networking Sites .....................................................117 Markus Huber, Stewart Kowalski, Marcus Nohlberg, and Simon Tjoa

Social Inference Risk Modeling in Mobile and Social Applications ...............................................................125 Sara Motahari, Sotirios Ziavras, Mor Naaman, Mohamed Ismail, and Quentin Jones

The 2009 International Symposium on Secure Computing (SecureCom 2009)

vi

Privacy and Security I Anonymity Properties of Stored or Transmitted Data Taken from Bluetooth Scans ..........................................................................................................................................................................133 David Evans and Robert H. Warren

Privacy Requirements in Vehicular Communication Systems .........................................................................139 Florian Schaub, Zhendong Ma, and Frank Kargl

A Framework to Balance Privacy and Data Usability Using Data Degradation ...........................................146 Harold van Heerde, Maarten Fokkinga, and Nicolas Anciaux

Privacy and Security II A Lattice-Based Privacy Aware Access Control Model ....................................................................................154 Kambiz Ghazinour, Maryam Majedi, and Ken Barker

Modelling of Pseudonymity under Probabilistic Linkability Attacks .............................................................160 Martin Neubauer

Privacy-Preserving Integrity-Assured Data Aggregation in Sensor Networks ..............................................168 Gelareh Taban and Virgil D. Gligor

Privacy and Security III User-centric Privacy Framework: Integrating Legal, Technological and Human Aspects into User-Adapting Systems ...................................................................................................................176 Victor Manuel García-Barrios

An Empirical Study on Privacy and Secure Multi-party Computation Using Exponentiation .........................................................................................................................................................182 I-Cheng Wang, Chih-Hao Shen, Kung Chen, Tsan-sheng Hsu, Churn-Jung Liau, and Da-Wei Wang

A Hybrid Enforcement Model for Group-centric Secure Information Sharing .............................................189 Ram Krishnan and Ravi Sandhu

A Framework for Enforcing Constrained RBAC Policies ................................................................................195 Jason Crampton and Hemanth Khambhammettu

Privacy and Security IV Guarantee-Based Access Control ..........................................................................................................................201 Mohammed Hussain and D.B. Skillicorn

Integrity Verification of Outsourced XML Databases .......................................................................................207 Ruilin Liu and Hui Wang

Goal-Oriented Software Security Engineering: The Electronic Smart Card Case Study ................................................................................................................................................................213 Riham Hassan, Mohamed Eltoweissy, Shawn Bohner, and Sherif El-Kassas

A Unified Approach to Intra-domain Security ....................................................................................................219 Craig A. Shue, Andrew J. Kalafut, and Minaxi Gupta

vii

Risk and Trust I A Low-Cost Green IT Design and Application of VHSP Based on Virtualization Technology ................................................................................................................................225 Chih-Hung Chang

Improving Host Profiling with Bidirectional Flows ...........................................................................................231 Pavel Minařík, Jan Vykopal, and Vojtěch Krmíček

Nearby-Friend Discovery Protocol for Multiple Users ......................................................................................238 Shashwat Raizada, Goutam Paul, and Vineet Pandey

The Insider Threat Security Architecture: A Framework for an Integrated, Inseparable, and Uninterrupted Self-Protection Mechanism ............................................................................244 Ghassan "Gus" Jabbour and Daniel A. Menascé

Risk and Trust II Reputation-Based Ontology Alignment for Autonomy and Interoperability in Distributed Access Control ................................................................................................................................252 Daniel Trivellato, Fred Spiessens, Nicola Zannone, and Sandro Etalle

How to overcome the 'Trusted Node Model' in Quantum Cryptography .......................................................259 Peter Schartner and Stefan Rass

The Influence of Personalities Upon the Dynamics of Trust and Reputation ................................................263 Mark Hoogendoorn and S. Waqar Jaffry

Large Online Social Footprints--An Emerging Threat ......................................................................................271 Danesh Irani, Steve Webb, Kang Li, and Calton Pu

Risk and Trust III A Case Study of Individual Trust Development in Computer Mediated Collaboration Teams ...............................................................................................................................................277 Xusen Cheng, Linda Macaulay, and Alex Zarifis

On the Feasibility of Remote Attestation for Web Services .............................................................................283 John Lyle and Andrew Martin

Verifying the Interplay of Authorization Policies and Workflow in Service-Oriented Architectures .........................................................................................................................289 Michele Barletta, Silvio Ranise, and Luca Viganò

ProActive Caching: Generating Caching Heuristics for Business Process Environments ............................................................................................................................................................297 Mathias Kohler, Achim D. Brucker, and Andreas Schaad

viii

The 2009 International Symposium on Privacy and Security Applications (PSA 2009) Privacy and Security I Combining Attribute-Based and Access Systems ..............................................................................................305 Behzad Malek and Ali Miri

Analysis of the GMPLS Control Plane Security .................................................................................................313 Ayonote Clement , Pavol Zavarsky, and Dale Lindskog

Diversity in Network Attacker Motivation: A Literature Review ....................................................................319 Mark Rounds and Norman Pendgraft

Privacy and Security II Emergency Privacy Measures ................................................................................................................................324 Hendrik J.G. Oberholzer and Martin S. Olivier

Designing Privacy for Scalable Electronic Healthcare Linkage .......................................................................330 Anthony Stell, Richard Sinnott, Oluwafemi Ajayi, and Jipu Jiang

Routing Policy Conflict Detection without Violating ISP's Privacy ...............................................................337 Ning Hu, Peidong Zhu, Huayang Cao, and Kan Chen

Practical Values for Privacy ...................................................................................................................................343 Benjamin Wasser and Justin Zhan

Privacy and Security III Phishpin: An Identity-Based Anti-phishing Approach ......................................................................................347 Hicham Tout and William Hafner

Security Implications of Virtualization: A Literature Study .............................................................................353 André van Cleeff, Wolter Pieters, and Roel J. Wieringa

ViDPSec Visual Device Pairing Security Protocol ............................................................................................359 Dimitris Zisiadis, Spyros Kopsidas, and Leandros Tassiulas

Lightweight IDS Based on Features Selection and IDS Classification Scheme ............................................365 Safaa Zaman and Fakhri Karray

Risk and Trust A Study of the Methods for Improving Internet Usage Policy Compliance ...................................................371 Mandeep Saran and Pavol Zavarsky

Process-Oriented Approach for Validating Asset Value for Evaluating Information Security Risk ......................................................................................................................................379 Shi-Cho Cha, Li-Ting Liu, and Bo-Chen Yu

An Efficient Framework for IT Controls of Bill 198 (Canada Sarbanes-Oxley) Compliance by Aligning COBIT 4.1, ITIL v3 and ISO/IEC 27002 ................................................................386 Zhitao Huang, Pavol Zavarsky, and Ron Ruhl

Ceremonies Formal Analysis in PKI’s Context ..................................................................................................392 Jean Everson Martina, Túlio Cícero Salavaro de Souza, and Ricardo Felipe Custódio ix

The 2009 International Workshop on Software Security Processes (SSP 2009) Software Engineering for Security Activity and Artifact Views of a Secure Software Development Process ......................................................399 Muhammad Umair Ahmed Khan and Mohammad Zulkernine

An AHP-Based Framework for Quality and Security Evaluation ...................................................................405 V. Casola, A.R. Fasolino, N. Mazzocca, and P. Tramontana

Assurance Process for Large Open Source Code Bases ....................................................................................412 Claudio A. Ardagna, Massimo Banzi, Ernesto Damiani, and Fulvio Frati

Code Obfuscation Using Pseudo-random Number Generators ........................................................................418 John Aycock, Juan Manuel Gutiérrez Cárdenas, and Daniel Medeiro Nunes de Castro

Misuse Cases + Assets + Security Goals .............................................................................................................424 Takao Okubo, Kenji Taguchi, and Nobukazu Yoshioka

Data Privacy Specification of Fair Data Practice Principles Using Privacy Policy Languages ..........................................430 Girma Nigusse, Bart De Decker, and Vincent Naessens

Limiting Private Data Exposure in Online Transactions: A User-Based Online Privacy Assurance Model .......................................................................................................................................438 Alaa Aref El Masri and João Pedro Sousa

A Privacy Framework for Personal Self-Improving Smart Spaces ..................................................................444 N. Liampotis, I. Roussaki, E. Papadopoulou, Y. Abu-Shaaban, M.H. Williams, N.K. Taylor, S.M. McBurney, and K. Dolinar

Knowledge Acquisition and Insider Threat Prediction in Relational Database Systems ......................................................................................................................................................................450 Qussai Yaseen and Brajendra Panda

Risk Management Managing Risk of IT Security Outsourcing in the Decision-Making Stage ...................................................456 Samuel Oladapo, Pavol Zavarsky, Ron Ruhl, Dale Lindskog, and Andy Igonor

Risk Perceptions of Information Security: A Measurement Study ..................................................................462 Fariborz Farahmand, Melissa Dark, Sydney Liles, and Brandon Sorge

Managing Risks on Critical IT Systems in Public Service Organizations ......................................................470 Yeni Yuqin Li Helgesson

Effects of Individual and Organization Based Beliefs and the Moderating Role of Work Experience on Insiders’ Good Security Behaviors ............................................................................476 Burcu Bulgurcu, Hasan Cavusoglu, and Izak Benbasat

x

Trust and Security Models and Emerging Approaches A Dynamic Trust Evaluation Model on C2C Marketplaces .............................................................................482 Yun Yang and Juhua Chen

Threat Modeling for CSRF Attacks ......................................................................................................................486 Xiaoli Lin, Pavol Zavarsky, Ron Ruhl, and Dale Lindskog

A Novel Approach to DRM Systems ...................................................................................................................492 F. Frattolillo, F. Landolfi, and F. Marulli

Worm Path Identification Using Visualization System .....................................................................................498 Seiji Shibaguchi, Yuki Nakayama, and Ken-ichi Okada

A Simulation of Various Variable Hacker Populations .....................................................................................504 Norman Pendegraft and Mark Rounds

Author Index - Volume 3 .....................................................................................................................................511

xi