Data and Applications Security XXIII

This book constitutes the refereed proceedings of the 23nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security held in Montreal, Canada, in July 2009.

The 18 revised full papers and 4 short papers were carefully reviewed and selected from 47 submissions. The papers are organized in topical sections on database security; security policies; privacy; intrusion detection and protocols; and trusted computing.

Inhalt

Database Security I.- Controlled Query Evaluation and Inference-Free View Updates.- Implementing Reflective Access Control in SQL.- Security Policies.- An Approach to Security Policy Configuration Using Semantic Threat Graphs.- Reaction Policy Model Based on Dynamic Organizations and Threat Context.- Towards System Integrity Protection with Graph-Based Policy Analysis.- Privacy I.- Practical Private DNA String Searching and Matching through Efficient Oblivious Automata Evaluation.- Privacy-Preserving Telemonitoring for eHealth.- Intrusion Detection and Protocols.- Analysis of Data Dependency Based Intrusion Detection System.- Secure Method Calls by Instrumenting Bytecode with Aspects.- Access Control.- Distributed Privilege Enforcement in PACS.- Spatiotemporal Access Control Enforcement under Uncertain Location Estimates.- Using Edit Automata for Rewriting-Based Security Enforcement.- Privacy II.- Distributed Anonymization: Achieving Privacy for Both Data Subjects and Data Providers.- Detecting Inference Channels in Private Multimedia Data via Social Networks.- Database Security II.- Enforcing Confidentiality Constraints on Sensitive Databases with Lightweight Trusted Clients.- Data Is Key: Introducing the Data-Based Access Control Paradigm.- Trusted Computing.- Improving Cut-and-Choose in Verifiable Encryption and Fair Exchange Protocols Using Trusted Computing Technology.- PAES: Policy-Based Authority Evaluation Scheme.- Short Papers.- Emerging Trends in Health Care Delivery: Towards Collaborative Security for NIST RBAC.- Methods for Computing Trust and Reputation While Preserving Privacy.- Building an Application Data Behavior Model for Intrusion Detection.- A Trust-Based Access Control Model for Pervasive Computing Applications.