Computer Network Security

This volume contains papers presented at the 3rd International Workshop on Mathematical Methods, Models and Architectures for Computer Network - curity (MMM-ACNS 2005) held in St. Petersburg, Russia, during September 25-27, 2005. The workshop was organized by the St. Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences (SPIIRAS) in cooperation with Binghamton University (SUNY, USA). The 1st and the 2nd International Workshops on Mathematical Methods, Models and Architectures for Computer Network Security (MMM-ACNS 2001 and MMM-ACNS 2003), hosted by the St. Petersburg Institute for Informatics and Automation, demonstrated the keen interest of the international research community in the subject area. It was recognized that conducting a biannual series of such workshops in St. Petersburg stimulates fruitful exchanges between the di?erent schools of thought, facilitates the dissemination of new ideas and promotesthespiritofcooperationbetweenresearchersontheinternationalscale. MMM-ACNS 2005 provided an international forum for sharing original - search results and application experiences among specialists in fundamental and applied problems of computer network security. An important distinction of the workshop was its focus on mathematical aspects of information and computer network security addressing the ever-increasing demands for secure computing and highly dependable computer networks.

Inhalt

Invited Papers.- Self-managed Cells for Ubiquitous Systems.- Critical Information Assurance Challenges for Modern Large-Scale Infrastructures.- Rule-Based Topological Vulnerability Analysis.- Models and Analysis of Active Worm Defense.- Prevention of Information Attacks by Run-Time Detection of Self-replication in Computer Codes.- Mathematical Models, Architectures and Protocols for Computer Network Security.- Calibrating Entropy Functions Applied to Computer Networks.- A Passive External Web Surveillance Technique for Private Networks.- A Secure Way to Combine IPsec, NAT & DHCP.- A Generic Model for Analyzing Security Protocols.- Networks, Markov Lie Monoids, and Generalized Entropy.- Trust by Workflow in Autonomic Communication.- An Ontology-Based Approach to Information Systems Security Management.- Authentication, Authorization and Access Control.- Safety Problems in Access Control with Temporal Constraints.- A Modal Logic for Role-Based Access Control.- Unique User-Generated Digital Pseudonyms.- Information Flow Analysis, Covert Channels and Trust Management.- A Probabilistic Property-Specific Approach to Information Flow.- Generalized Abstract Non-interference: Abstract Secure Information-Flow Analysis for Automata.- Detection of Illegal Information Flow.- Towards More Controllable and Practical Delegation.- Security Policy and Operating System Security.- Policy-Driven Routing Management Using CIM.- Secure Hybrid Operating System "Linux over Fenix".- A Formal Description of SECIMOS Operating System.- Threat Modeling, Vulnerability Assessment and Network Forensics.- A Theoretical Model for the Average Impact of Attacks on Billing Infrastructures.- Analyzing Vulnerabilities and Measuring Security Level at Design and Exploitation Stages of Computer Network Life Cycle.- A Temporal Logic-Based Model for Forensic Investigation in Networked System Security.- Vulnerabilities Detection in the Configurations of MS Windows Operating System.- Intrusion Detection.- Hybrid Intrusion Detection Model Based on Ordered Sequences.- Asynchronous Alert Correlation in Multi-agent Intrusion Detection Systems.- Behavior-Based Model of Detection and Prevention of Intrusions in Computer Networks.- A Formal Immune Network and Its Implementation for On-line Intrusion Detection.- Short Papers.- Foundation for a Time Interval Access Control Model.- Developing an Insider Threat Model Using Functional Decomposition.- An XML-Seamless Policy Based Management Framework.- Statistical Covert Channels Through PROXY Server.- Encoding Private Key in Fingerprint.- A New Scheme for the Location Information Protection in Mobile Communication Environments.- Region Protection/Restoration Scheme in Survivable Networks.- Massive Data Mining for Polymorphic Code Detection.- Key Escrow with Tree-Based Access Structure.- Security Checker Architecture for Policy-Based Security Management.- An Efficient Access Control Model Utilized the Attribute Certificate Structuring.- Secure Protected Password Change Scheme.