liu.seSök publikationer i DiVA
Ändra sökning
Länk till posten
Permanent länk

Direktlänk
BETA
Duma, Claudiu
Publikationer (10 of 18) Visa alla publikationer
Herzog, A., Shahmehri, N. & Duma, C. (2009). An ontology for information security (1ed.). In: Nemadi H (Ed.), Techniques and applications for advanced information privacy and security: emerging organizational, ethical and human issues (pp. 278-301). Information Science Reference
Öppna denna publikation i ny flik eller fönster >>An ontology for information security
2009 (Engelska)Ingår i: Techniques and applications for advanced information privacy and security: emerging organizational, ethical and human issues / [ed] Nemadi H, Information Science Reference , 2009, 1, s. 278-301Kapitel i bok, del av antologi (Övrigt vetenskapligt)
Abstract [en]

Advances in technology are causing new privacy concerns as an increasing number of citizens are engaging in online activities.

Techniques and Applications for Advanced Information Privacy and Security: Emerging Organizational, Ethical, and Human Issues provides a thorough understanding of issues and concerns in information technology security. An advanced reference source covering topics such as security management, privacy preservation, and authentication, this book outlines the field and provides a basic understanding of the most salient issues in privacy concerns for researchers and practitioners.

Show more Show less

Ort, förlag, år, upplaga, sidor
Information Science Reference, 2009 Upplaga: 1
Nationell ämneskategori
Teknik och teknologier
Identifikatorer
urn:nbn:se:liu:diva-59977 (URN)97-81-60566-210-7 (ISBN)1605662100 (ISBN)
Tillgänglig från: 2010-10-01 Skapad: 2010-10-01 Senast uppdaterad: 2014-06-24Bibliografiskt granskad
Herzog, A., Shahmehri, N. & Duma, C. (2007). An ontology of information security. International Journal of Information Security and Privacy, 1(4), 1-23
Öppna denna publikation i ny flik eller fönster >>An ontology of information security
2007 (Engelska)Ingår i: International Journal of Information Security and Privacy, ISSN 1930-1650, Vol. 1, nr 4, s. 1-23Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

We present a publicly available, OWL-based ontology of information security which models assets, threats, vulnerabilities, countermeasures and their relations. The ontology can be used as a general vocabulary, roadmap, and extensible dictionary of the domain of information security. With its help, users can agree on a common language and definition of terms and relationships. In addition to browsing for information, the ontology is also useful for reasoning about relationships between its entities, for example, threats and countermeasures. The ontology helps answer questions like: Which countermeasures detect or prevent the violation of integrity of data? Which assets are protected by SSH? Which countermeasures thwart buffer overflow attacks? At the moment, the ontology comprises 88 threat classes, 79 asset classes, 133 countermeasure classes and 34 relations between those classes. We provide the means for extending the ontology, and provide examples of the extendibility with the countermeasure classes ‘memory protection’ and ‘source code analysis’. This article describes the content of the ontology as well as its usages, potential for extension, technical implementation and tools for working with it.

Nationell ämneskategori
Datavetenskap (datalogi)
Identifikatorer
urn:nbn:se:liu:diva-14436 (URN)10.4018/jisp.2007100101 (DOI)
Tillgänglig från: 2007-04-27 Skapad: 2007-04-27 Senast uppdaterad: 2018-01-13
Duma, C., Herzog, A. & Shahmehri, N. (2007). Privacy in the Semantic Web: What Policy Languages Have to Offer. In: IEEE Workshop on Policies for Distributed Systems and Networks,2007: . Paper presented at IEEE Workshop on Policies for Distributed Systems and Networks,2007 (pp. 109). Bologna, Italy: IEEE
Öppna denna publikation i ny flik eller fönster >>Privacy in the Semantic Web: What Policy Languages Have to Offer
2007 (Engelska)Ingår i: IEEE Workshop on Policies for Distributed Systems and Networks,2007, Bologna, Italy: IEEE , 2007, s. 109-Konferensbidrag, Publicerat paper (Refereegranskat)
Ort, förlag, år, upplaga, sidor
Bologna, Italy: IEEE, 2007
Nyckelord
policy, privacy, semantic web
Nationell ämneskategori
Datavetenskap (datalogi)
Identifikatorer
urn:nbn:se:liu:diva-37670 (URN)10.1109/POLICY.2007.39 (DOI)37265 (Lokalt ID)37265 (Arkivnummer)37265 (OAI)
Konferens
IEEE Workshop on Policies for Distributed Systems and Networks,2007
Tillgänglig från: 2009-10-10 Skapad: 2009-10-10 Senast uppdaterad: 2018-01-13
Madria, S., Mondal, A., Mohania, M., Bhargava, B., Bressan, S., Iwaihara, M., . . . Yolum, P. (2007). W18 - PDMST '07 & GRep '07: 4th international workshop on P2P Data Management, Security, and Trust. Database and Expert Systems Applications
Öppna denna publikation i ny flik eller fönster >>W18 - PDMST '07 & GRep '07: 4th international workshop on P2P Data Management, Security, and Trust
Visa övriga...
2007 (Engelska)Ingår i: Database and Expert Systems Applications, ISSN 1529-4188, , s. 775-776Övrigt (Övrigt vetenskapligt)
Abstract [en]

[No abstract available]

Förlag
s. 775-776
Nationell ämneskategori
Teknik och teknologier
Identifikatorer
urn:nbn:se:liu:diva-47722 (URN)10.1109/DEXA.2007.4312999 (DOI)
Tillgänglig från: 2009-10-11 Skapad: 2009-10-11 Senast uppdaterad: 2017-12-13
Duma, C., Karresand, M., Shahmehri, N. & Caronni, G. (2006). A Trust-Aware, P2P-Based Overlay for Intrusion Detection. In: International Workshop on Database and Expert Systems Applications DEXA06,2006: . Paper presented at International Workshop on Database and Expert Systems Applications DEXA06,2006 (pp. 692). IEEE
Öppna denna publikation i ny flik eller fönster >>A Trust-Aware, P2P-Based Overlay for Intrusion Detection
2006 (Engelska)Ingår i: International Workshop on Database and Expert Systems Applications DEXA06,2006, IEEE , 2006, s. 692-Konferensbidrag, Publicerat paper (Refereegranskat)
Ort, förlag, år, upplaga, sidor
IEEE, 2006
Nyckelord
intrusion detection, trust, peer-to-peer, security
Nationell ämneskategori
Datavetenskap (datalogi)
Identifikatorer
urn:nbn:se:liu:diva-34399 (URN)10.1109/DEXA.2006.21 (DOI)21408 (Lokalt ID)21408 (Arkivnummer)21408 (OAI)
Konferens
International Workshop on Database and Expert Systems Applications DEXA06,2006
Tillgänglig från: 2009-10-10 Skapad: 2009-10-10 Senast uppdaterad: 2018-01-13
Byers, D., Ardi, S., Shahmehri, N. & Duma, C. (2006). Modeling Software Vulnerabilities with Vulnerability Cause Graphs. In: International Conference on Software Maintenance,2006: . Paper presented at International Conference on Software Maintenance,2006 (pp. 411-422). IEEE
Öppna denna publikation i ny flik eller fönster >>Modeling Software Vulnerabilities with Vulnerability Cause Graphs
2006 (Engelska)Ingår i: International Conference on Software Maintenance,2006, IEEE , 2006, s. 411-422Konferensbidrag, Publicerat paper (Refereegranskat)
Ort, förlag, år, upplaga, sidor
IEEE, 2006
Nyckelord
Software Security, Vulnerability Modeling
Nationell ämneskategori
Datavetenskap (datalogi)
Identifikatorer
urn:nbn:se:liu:diva-34284 (URN)21258 (Lokalt ID)21258 (Arkivnummer)21258 (OAI)
Konferens
International Conference on Software Maintenance,2006
Tillgänglig från: 2009-10-10 Skapad: 2009-10-10 Senast uppdaterad: 2018-01-13
Bonatti, P., Duma, C., Fuchs, N., Olmedilla, D., Peer, J. & Shahmehri, N. (2006). Semantic Web Policies -- A Discussion of Requirements and Research Issues. In: European Semantic Web Conference,2006: . Paper presented at European Semantic Web Conference,2006 (pp. 712-724). Springer: Springer
Öppna denna publikation i ny flik eller fönster >>Semantic Web Policies -- A Discussion of Requirements and Research Issues
Visa övriga...
2006 (Engelska)Ingår i: European Semantic Web Conference,2006, Springer: Springer , 2006, s. 712-724Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Policies are pervasive in web applications. They play crucial roles in enhancing security, privacy and usability of distributed services. There has been extensive research in the area, including the Semantic Web community, but several aspects still exist that prevent policy frameworks from widespread adoption and real world application. This paper discusses important requirements and open research issues in this context, focusing on policies in general and their integration into trust management frameworks, as well as on approaches to increase system cooperation, usability and user-awareness of policy issues.

Ort, förlag, år, upplaga, sidor
Springer: Springer, 2006
Nyckelord
semantic web, policy, trut, trust negotiation, reputation, rules
Nationell ämneskategori
Datavetenskap (datalogi)
Identifikatorer
urn:nbn:se:liu:diva-34403 (URN)10.1007/11762256_51 (DOI)21412 (Lokalt ID)21412 (Arkivnummer)21412 (OAI)
Konferens
European Semantic Web Conference,2006
Tillgänglig från: 2009-10-10 Skapad: 2009-10-10 Senast uppdaterad: 2018-01-13
Bonatti, P., Duma, C., Olmedilla, D. & Shahmehri, N. (2005). An Integration of Reputation-based and Policy-based Trust Management. In: Semantic Web and Policy Workshop,2005 (pp. 136). Proceedings of the Semantic Web and Policy Workshop: UMBC eBiquity
Öppna denna publikation i ny flik eller fönster >>An Integration of Reputation-based and Policy-based Trust Management
2005 (Engelska)Ingår i: Semantic Web and Policy Workshop,2005, Proceedings of the Semantic Web and Policy Workshop: UMBC eBiquity , 2005, s. 136-Konferensbidrag, Publicerat paper (Refereegranskat)
Ort, förlag, år, upplaga, sidor
Proceedings of the Semantic Web and Policy Workshop: UMBC eBiquity, 2005
Nyckelord
trust, reputation, policy
Nationell ämneskategori
Datavetenskap (datalogi)
Identifikatorer
urn:nbn:se:liu:diva-30965 (URN)16643 (Lokalt ID)16643 (Arkivnummer)16643 (OAI)
Tillgänglig från: 2009-10-09 Skapad: 2009-10-09 Senast uppdaterad: 2018-01-13
Duma, C., Shahmehri, N. & Caronni, G. (2005). Dynamic trust metrics for peer-to-peer systems. In: Proceedings of the Sixteenth International Workshop on Database and Expert Systems Applications, 2005. Paper presented at Sixteenth International Workshop on Database and Expert Systems Applications, 22-26 August, 2005, Copenhagen, Denmark (pp. 776-781). Los Alamitos, CA, USA: IEEE Computer Society
Öppna denna publikation i ny flik eller fönster >>Dynamic trust metrics for peer-to-peer systems
2005 (Engelska)Ingår i: Proceedings of the Sixteenth International Workshop on Database and Expert Systems Applications, 2005, Los Alamitos, CA, USA: IEEE Computer Society, 2005, s. 776-781Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

One of the fundamental challenges for peer-to-peer (P2P) systems is the ability to manage risks involved in interacting and collaborating with priorly unknown and potentially malicious parties. Reputation-based trust management can mitigate this risk by deriving the trustworthiness of a certain peer from that peer's behavior history. However, the existing reputation systems do not provide an adequate reaction to quick changes in peers' behavior, raising serious concerns regarding their effectiveness in coping with dynamic malicious peers.

In this paper we investigate the requirements on the dynamics of trust in P2P systems and propose a versatile trust metric which satisfies these requirements. In particular, our proposed metric is able to detect and penalize both the sudden changes in peers' behavior and their potential oscillatory malicious behavior. Moreover, our metric is flexible and allows the implementation of different types of trust dynamics. We evaluate our metric through simulation and show its unique features and advantages over the existing metrics.

Ort, förlag, år, upplaga, sidor
Los Alamitos, CA, USA: IEEE Computer Society, 2005
Nationell ämneskategori
Datavetenskap (datalogi)
Identifikatorer
urn:nbn:se:liu:diva-30649 (URN)16244 (Lokalt ID)0-7695-2424-9 (ISBN)16244 (Arkivnummer)16244 (OAI)
Konferens
Sixteenth International Workshop on Database and Expert Systems Applications, 22-26 August, 2005, Copenhagen, Denmark
Tillgänglig från: 2009-10-09 Skapad: 2009-10-09 Senast uppdaterad: 2018-01-13
Duma, C. (2005). Security and trust mechanisms for groups in distributed services. (Doctoral dissertation). Linköping: Linköping University Electronic Press
Öppna denna publikation i ny flik eller fönster >>Security and trust mechanisms for groups in distributed services
2005 (Engelska)Doktorsavhandling, sammanläggning (Övrigt vetenskapligt)
Abstract [en]

Group communication is a fundamental paradigm in modem distributed services, with applications in domains such as content distribution, distributed games, and collaborative workspaces. Despite the increasing interest in group-based services and the latest developments in efficient and reliable multi cast, the secure management of groups remains a major challenge for group communication.

In this thesis we propose security and trust mechanisms for supporting secure management of groups within the contexts of controlled and of self-organizing settings.

Controlled groups occur in services, such as multi cast software delivery, where an authority exists that enforces a group membership policy. In this context we propose a secure group key management approach which assures that only authorized users can access protected group resources. In order to scale to large and dynamic groups, the key management scheme must also be efficient. However, security and efficiency are competing requirements. We address this issue by proposing two flexible group key management schemes which can be configured to best meet the security and efficiency requirements of applications and services. One of the schemes can also be dynamically tuned, at system runtime, to adapt to possible requirement changes.

Self-organizing groups occur in services, such as those enabled by peer-to-peer (P2P) and wireless technologies, which adopt a decentralized architecture. In the context of self-organizing groups, with no authority to dictate and control the group members' interactions, group members might behave maliciously and attempt to subvert other members in the group. We address this problem by proposing a reputation-based trust management approach that enables group members to distinguish between well-behaving and malicious members.

We have evaluated our group key management and trust mechanisms analytically and through simulation. The evaluation of the group key management schemes shows cost advantages for rekeying and key storage. The evaluation of the reputation-based trust management shows that our trust metric is resilient to group members maliciously changing their behavior and flexible in that it supports different types of trust dynamics. As a proof of concept, we have incorporated our trust mechanism into a P2P-based intrusion detection system. The test results show an increase in system resiliency to attacks.

Ort, förlag, år, upplaga, sidor
Linköping: Linköping University Electronic Press, 2005. s. 22
Serie
Linköping Studies in Science and Technology. Dissertations, ISSN 0345-7524 ; 979
Nationell ämneskategori
Datavetenskap (datalogi)
Identifikatorer
urn:nbn:se:liu:diva-30648 (URN)16243 (Lokalt ID)91-85457-54-X (ISBN)16243 (Arkivnummer)16243 (OAI)
Disputation
2005-11-09, Visionen, hus B, Campus Valla, Linköpings universitet, Linköping, 10:15 (Engelska)
Tillgänglig från: 2009-10-09 Skapad: 2009-10-09 Senast uppdaterad: 2018-01-13Bibliografiskt granskad
Organisationer

Sök vidare i DiVA

Visa alla publikationer