Published: Jan 1, 2014
Converted to Gold OA:
DOI: 10.4018/ijsse.20140101pre
Volume 5
Fabio Martinelli, Jean-Louis Lanet
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Martinelli, Fabio, and Jean-Louis Lanet. "Special Issue on CRiSIS 2012." IJSSE vol.5, no.1 2014: pp.4-5. http://doi.org/10.4018/ijsse.20140101pre
APA
Martinelli, F. & Lanet, J. (2014). Special Issue on CRiSIS 2012. International Journal of Secure Software Engineering (IJSSE), 5(1), 4-5. http://doi.org/10.4018/ijsse.20140101pre
Chicago
Martinelli, Fabio, and Jean-Louis Lanet. "Special Issue on CRiSIS 2012," International Journal of Secure Software Engineering (IJSSE) 5, no.1: 4-5. http://doi.org/10.4018/ijsse.20140101pre
Export Reference
Published: Jan 1, 2014
Converted to Gold OA:
DOI: 10.4018/ijsse.2014010101
Volume 5
Khalifa Toumi, Ana Cavalli, César Andrés
A Multi-Organization Environment is composed of several players that depend on each other for resources and services. In order to manage the security of the exchange process the authors introduce...
Show More
A Multi-Organization Environment is composed of several players that depend on each other for resources and services. In order to manage the security of the exchange process the authors introduce the concept of trust. The authors show how adding this aspect of the cooperative work. In particular, the authors provide a framework where the concepts of trust requirement and trust evaluation play important roles for defining trust vectors. These vectors evaluate a set of requirements, under some conditions, and provide a degree of confidence. In the authors' framework they consider two different types of vectors. On the one hand a vector that relates a user to an organization and on the other hand a vector that links two organizations. Different simulations are presented in this paper in order to show this approach. Moreover, the authors show how these vectors are evaluated and shared among the different organizations. Finally, the authors propose a possible architecture to explain how to integrate their trust module in MOE in order to enhance the security.
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Toumi, Khalifa, et al. "Validation of a Trust Approach in Multi-Organization Environments." IJSSE vol.5, no.1 2014: pp.1-18. http://doi.org/10.4018/ijsse.2014010101
APA
Toumi, K., Cavalli, A., & Andrés, C. (2014). Validation of a Trust Approach in Multi-Organization Environments. International Journal of Secure Software Engineering (IJSSE), 5(1), 1-18. http://doi.org/10.4018/ijsse.2014010101
Chicago
Toumi, Khalifa, Ana Cavalli, and César Andrés. "Validation of a Trust Approach in Multi-Organization Environments," International Journal of Secure Software Engineering (IJSSE) 5, no.1: 1-18. http://doi.org/10.4018/ijsse.2014010101
Export Reference
Published: Jan 1, 2014
Converted to Gold OA:
DOI: 10.4018/ijsse.2014010102
Volume 5
Romaric Ludinard, Éric Totel, Frédéric Tronel, Vincent Nicomette, Mohamed Kaâniche, Éric Alata, Rim Akrout, Yann Bachy
RRABIDS (Ruby on Rails Anomaly Based Intrusion Detection System) is an application level intrusion detection system (IDS) for applications implemented with the Ruby on Rails framework. The goal of...
Show More
RRABIDS (Ruby on Rails Anomaly Based Intrusion Detection System) is an application level intrusion detection system (IDS) for applications implemented with the Ruby on Rails framework. The goal of this intrusion detection system is to detect attacks against data in the context of web applications. This anomaly based IDS focuses on the modelling of the normal application profile using invariants. These invariants are discovered during a learning phase. Then, they are used to instrument the web application at source code level, so that a deviation from the normal profile can be detected at run-time. This paper illustrates on simple examples how the approach detects well-known categories of web attacks that involve a state violation of the application, such as SQL injections. Finally, an assessment phase is performed to evaluate the accuracy of the detection provided by the proposed approach.
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Ludinard, Romaric, et al. "An Invariant-Based Approach for Detecting Attacks Against Data in Web Applications." IJSSE vol.5, no.1 2014: pp.19-38. http://doi.org/10.4018/ijsse.2014010102
APA
Ludinard, R., Totel, É., Tronel, F., Nicomette, V., Kaâniche, M., Alata, É., Akrout, R., & Bachy, Y. (2014). An Invariant-Based Approach for Detecting Attacks Against Data in Web Applications. International Journal of Secure Software Engineering (IJSSE), 5(1), 19-38. http://doi.org/10.4018/ijsse.2014010102
Chicago
Ludinard, Romaric, et al. "An Invariant-Based Approach for Detecting Attacks Against Data in Web Applications," International Journal of Secure Software Engineering (IJSSE) 5, no.1: 19-38. http://doi.org/10.4018/ijsse.2014010102
Export Reference
Published: Jan 1, 2014
Converted to Gold OA:
DOI: 10.4018/ijsse.2014010103
Volume 5
Sheila Cobourne, Lazaros Kyrillidis, Keith Mayes, Konstantinos Markantonakis
Voting in elections is the basis of democracy, but voting at polling stations may not be possible for all citizens. Remote (Internet) e-voting uses the voter's own equipment to cast votes, but is...
Show More
Voting in elections is the basis of democracy, but voting at polling stations may not be possible for all citizens. Remote (Internet) e-voting uses the voter's own equipment to cast votes, but is potentially vulnerable to many common attacks, which affect the election's integrity. Security can be improved by distributing vote processing over many web servers installed in tamper-resistant, secure environments, using the Smart Card Web Server (SCWS) on a mobile phone Subscriber Identity Module (SIM). A generic voting model is proposed, using a SIM/SCWS voting application with standardised Mobile Network Operator (MNO) management procedures to process the votes cast. E-voting systems Prêt à Voter and Estonian I-voting are used to illustrate the generic model. As the SCWS voting application is used in a distributed processing architecture, e-voting security is enhanced: to compromise an election, an attacker must target many individual mobile devices, rather than a centralised web server.
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Cobourne, Sheila, et al. "Remote E-Voting Using the Smart Card Web Server." IJSSE vol.5, no.1 2014: pp.39-60. http://doi.org/10.4018/ijsse.2014010103
APA
Cobourne, S., Kyrillidis, L., Mayes, K., & Markantonakis, K. (2014). Remote E-Voting Using the Smart Card Web Server. International Journal of Secure Software Engineering (IJSSE), 5(1), 39-60. http://doi.org/10.4018/ijsse.2014010103
Chicago
Cobourne, Sheila, et al. "Remote E-Voting Using the Smart Card Web Server," International Journal of Secure Software Engineering (IJSSE) 5, no.1: 39-60. http://doi.org/10.4018/ijsse.2014010103
Export Reference
Published: Jan 1, 2014
Converted to Gold OA:
DOI: 10.4018/ijsse.2014010104
Volume 5
Christine Fricker, Philippe Robert, Yousra Chabchoub
The authors propose in this paper an on-line algorithm based on Bloom filters to detect port scan attacks in IP traffic. Only relevant information about destination IP addresses and destination...
Show More
The authors propose in this paper an on-line algorithm based on Bloom filters to detect port scan attacks in IP traffic. Only relevant information about destination IP addresses and destination ports are stored in two steps in a two-dimensional Bloom filter. This algorithm can be indefinitely performed on a real traffic stream thanks to a new adaptive refreshing scheme that closely follows traffic variations. It is a scalable algorithm able to deal with IP traffic at a very high bit rate thanks to the use of hashing functions over a sliding window. Moreover it does not need any a priori knowledge about traffic characteristics. When tested against real IP traffic, the proposed on-line algorithm performs well in the sense that it detects all the port scan attacks within a very short response time of only 10 seconds without any false positive.
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Fricker, Christine, et al. "Improving the Detection of On-Line Vertical Port Scan in IP Traffic." IJSSE vol.5, no.1 2014: pp.61-74. http://doi.org/10.4018/ijsse.2014010104
APA
Fricker, C., Robert, P., & Chabchoub, Y. (2014). Improving the Detection of On-Line Vertical Port Scan in IP Traffic. International Journal of Secure Software Engineering (IJSSE), 5(1), 61-74. http://doi.org/10.4018/ijsse.2014010104
Chicago
Fricker, Christine, Philippe Robert, and Yousra Chabchoub. "Improving the Detection of On-Line Vertical Port Scan in IP Traffic," International Journal of Secure Software Engineering (IJSSE) 5, no.1: 61-74. http://doi.org/10.4018/ijsse.2014010104
Export Reference
IGI Global Open Access Collection provides all of IGI Global’s open access content in one convenient location and user-friendly interface
that can easily searched or integrated into library discovery systems.
Browse IGI Global Open
Access Collection
Author Services Inquiries
For inquiries involving pre-submission concerns, please contact the Journal Development Division:
journaleditor@igi-global.comOpen Access Inquiries
For inquiries involving publishing costs, APCs, etc., please contact the Open Access Division:
openaccessadmin@igi-global.comProduction-Related Inquiries
For inquiries involving accepted manuscripts currently in production or post-production, please contact the Journal Production Division:
journalproofing@igi-global.comRights and Permissions Inquiries
For inquiries involving permissions, rights, and reuse, please contact the Intellectual Property & Contracts Division:
contracts@igi-global.comPublication-Related Inquiries
For inquiries involving journal publishing, please contact the Acquisitions Division:
acquisition@igi-global.comDiscoverability Inquiries
For inquiries involving sharing, promoting, and indexing of manuscripts, please contact the Citation Metrics & Indexing Division:
indexing@igi-global.com Editorial Office
701 E. Chocolate Ave.
Hershey, PA 17033, USA
717-533-8845 x100