Secure IT Systems

This book constitutes the proceedings of the 19th Nordic Conference on Secure IT Systems, held in Tromsø, Norway, in October 2014. The 15 full papers presented in this volume were carefully reviewed and selected from 42 submissions. They are organized in topical sections named: information management and data privacy; cloud, big data and virtualization security; network security and logging; attacks and defenses; and security in healthcare and biometrics. The volume also contains one full-paper invited talk.

Inhalt

Accountability in Cloud Service Provision Ecosystems.- Information Management and Data Privacy.- Information Classification Issues.- DEICS: Data Erasure in Concurrent Software.- A Practical Analysis of Oblivious Sorting Algorithms for Secure Multi-party Computation.- Cloud, Big Data and Virtualization Security.- Security of OS-Level Virtualization Technologies.- Processing Private Queries over an Obfuscated Database Using Hidden Vector Encryption.- p-Cipher: Authenticated Encryption for Big Data.- What Would it Take for You to Tell Your Secrets to a Cloud? - Studying Decision Factors When Disclosing Information to Cloud Services.- Network Security and Logging.- Efficient Record-Level Keyless Signatures for Audit Logs.- Static Semantics of Secret Channel Abstractions.- Browser Randomisation against Fingerprinting: A Quantitative Information Flow Approach.- Attacks and Defenses.- Attacker Profiling in Quantitative Security Assessment Based on Attack Trees.- Denial-of-Service Mitigation for Internet Services.- Spook in Your Network: Attacking an SDN with a Compromised OpenFlow Switch.- Security in Healthcare and Biometrics.- Patients' Privacy Protection against Insurance Companies in eHealth Systems.- Segmentation and Normalization of Human Ears Using Cascaded Pose Regression.- Poster Papers.- Dynamic Enforcement of Dynamic Policies.- Availability by Design.- Pareto Efficient Solutions of Attack Trees.- Verification of Stateful Protocols: Set-Based Abstractions in the Applied p-Calculus.- Improvement Proposal for the CryptoCloak Application.- Process Tracking for Forensic Readiness.- Computationally Analyzing the ISO 9798-2.4 Authentication Protocol.- Differential Privacy and Private Bayesian Inference.- Event Invitations in Privacy-Preserving DOSNs: Formalization and Protocol Design.- Attacks on Privacy-Preserving Biometric Authentication.