and Selection Criteria This paper is a case study of malicious code incidents in a large public university as seen through the eyes of the security liaison over a one-and-a-half year period. It documents Internet research of these incidents and provides some helpful resources available on the Internet for other university Informa ion Systems Security Officers (ISSOs). This university acts as an...

In Elsevier’s journal of Computer Standards & Interfaces, 2007, Liao and Wang proposed an authentication protocol using smart card and claimed that their protocol provides security against replay attacks, active attacks and insider attacks. In addition, they argued that user anonymity is guaranteed. In this paper, we point out that Liao-Wang protocol is vulnerable to an insider attack by presen...

Online marketplaces are now a popular way for users to buy and sell goods over the Internet. On these sites, user reputations—based on feedback from other users concerning prior transactions—are used to assess the likely trustworthiness of users. However, because accounts are often free to obtain, user reputations are subject to manipulation through white-washing, Sybil attacks, and user collus...

MAC layer jamming is a common attack on wireless networks, which is easy to launch by the attacker and which is very effective in disrupting the service provided by the network. Most of the current MAC protocols for wireless networks, for example, IEEE 802.11, do not provide sufficient protection against MAC layer jamming attacks. In this paper, we first use a non-cooperative game model to char...

We present a reputation scheme for a pseudonymous peer-to-peer (P2P) system in an anonymous network. Misbehavior is one of the biggest problems in pseudonymous P2P systems, where there is little incentive for proper behavior. In our scheme, using ecash for reputation points, the reputation of each user is closely related to his real identity rather than to his current pseudonym. Thus, our schem...

Users are often forced to trust potentially malicious terminals when trying to interact with a remote secure system. This paper presents an approach for ensuring the integrity and authenticity of messages sent through an untrusted terminal by a user to a remote trusted computing base and vice versa. The approach is both secure and easy to use. It leverages the difficulty computers have in addre...

Grid computing infrastructures need to provide traceability and accounting of their users’ activity and protection against misuse and privilege escalation. A central aspect of multi-user Grid job environments is the necessary delegation of privileges in the course of a job submission. With respect to these generic requirements this document describes an improved handling of multi-user Grid jobs...

At present there are many mobile phones operating systems available in the market but mobile phones with android OS have now become domestic product which was once extravagant product. The reason towards this change is attributed to its varied functionality, ease of use and utility. There are number of tasks performed on it like making call, sending or receiving SMS, music, billing, online shop...

System designers have long struggled with the challenge of determining how to control when untrusted applications may perform operations using privacy-sensitive sensors securely and effectively. Current systems request that users authorize such operations once (i.e., on install or first use), but malicious applications may abuse such authorizations to collect data stealthily using such sensors....

A number of research systems enable analysts to aggregate user data that is distributed across user devices while preventing online tracking and providing users with differential privacy guarantees. These systems rely on pre-defined string values to release relevant user data in a controlled fashion. Unfortunately, many string values (e.g., tags in a photo application) may not be easily predict...