Search results

1 – 7 of 7
Article
Publication date: 1 March 1999

Stefanos Gritzalis, George Aggelis and Diomidis Spinellis

The Java programming language supports the concept of downloadable executable content; a key technology in a wide range of emerging applications including collaborative…

388

Abstract

The Java programming language supports the concept of downloadable executable content; a key technology in a wide range of emerging applications including collaborative systems, electronic commerce, and Web information services. Java enables the execution of a program, on almost any modern computer regardless of hardware configuration and operating system. Safe‐Tcl was proposed as an executable content type of MIME and thus as the standard language for executable contents within e‐mail messages. However, the ability to download, integrate, and execute code from a remote computer, provided by both Java and Safe‐Tcl, introduces serious security risks since it enables a malicious remote program to obtain unauthorised access to the downloading system’s resources. In this paper, the two proposed security models are described in detail and the efficiency and flexibility of current implementations are evaluated in a comparative manner. Finally, upcoming extensions are discussed.

Details

Internet Research, vol. 9 no. 1
Type: Research Article
ISSN: 1066-2243

Keywords

Article
Publication date: 1 May 2003

Victoria Skoularidou and Diomidis Spinellis

Enumerates and compares a number of security‐enabling architectures for network clients. These architectures, either proposed as methodologies or currently implemented in…

2301

Abstract

Enumerates and compares a number of security‐enabling architectures for network clients. These architectures, either proposed as methodologies or currently implemented in software and/or hardware, are capable of protecting the client’s software integrity and its environment. The most important methodologies include the reference monitor model, firewalls, and virtual machines. Software implementations are the Java Sandbox, and the code signing concept. Hardware that can be used includes smart cards, and the TCPA/Palladium security initiative. Describes their most important features and provide a review and comparative study based on a number of criteria. Believes that ongoing research can empower these mechanisms for protecting network clients in a more effective way.

Details

Information Management & Computer Security, vol. 11 no. 2
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 21 August 2007

Vasileios Vlachos and Diomidis Spinellis

To present a new technique that contains the spread of rapid malcode, which is based on peer‐to‐peer (P2P) communication and the principles of computer hygiene.

Abstract

Purpose

To present a new technique that contains the spread of rapid malcode, which is based on peer‐to‐peer (P2P) communication and the principles of computer hygiene.

Design/methodology/approach

Two proof‐of‐concept prototypes demonstrate the feasibility of the introduced technique. The effectiveness of the proposed model is supported by experimental findings through simulation tests. Additional software tools have been developed to ensure the correctness of the simulation.

Findings

Provides supportive information regarding the efficiency of computer hygiene practices. Moreover, theoretical and empirical results show that P2P networks could play an important role in the containment of worm epidemics.

Research limitations/implications

A stable system deployed in large‐scale is yet to be implement in order to produce decisive results regarding the benefits of the proposed algorithm.

Practical implications

This paper argues that P2P networks can have significant impact on the containment of the rapid malcode.

Originality/value

This paper is an extended and revised version of the “PROMISing steps towards computer hygiene” paper which appeared in the INC2006 conference.

Details

Information Management & Computer Security, vol. 15 no. 4
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 1 March 2001

Euripidis Loukis and Diomidis Spinellis

The security aspects of public sector information systems are important as the respective systems are often part of critical infrastructures or deal with personal or…

2023

Abstract

The security aspects of public sector information systems are important as the respective systems are often part of critical infrastructures or deal with personal or sensitive data. A set of 53 Greek public sector organizations were investigated by means of a structured questionnaire concerning important aspects of information systems security. We present the relevant theoretical background, the methodology of our research, and an analysis of the obtained results. Greek public sector organizations have only a basic level of information system security awareness. Most care about digital data confidentiality; however, only a small percentage have developed a systematic, complete, and integrated approach towards the security of their information system, including internal audit procedures. The importance of proper training and generally the importance of the human factor for achieving high levels of information systems security is often underestimated.

Details

Information Management & Computer Security, vol. 9 no. 1
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 19 July 2011

Dimitris Mitropoulos, Vassilios Karakoidas, Panagiotis Louridas and Diomidis Spinellis

The purpose of this paper is to propose a generic approach that prevents a specific class of code injection attacks (CIAs) in a novel way.

1192

Abstract

Purpose

The purpose of this paper is to propose a generic approach that prevents a specific class of code injection attacks (CIAs) in a novel way.

Design/methodology/approach

To defend against CIAs this approach involves detecting attacks by using location‐specific signatures to validate code statements. The signatures are unique identifiers that represent specific characteristics of a statement's execution. The key property that differentiates the scheme presented in this paper is that these characteristics do not depend entirely on the code statement, but also take into account elements from its execution context.

Findings

The approach was applied successfully to defend against attacks targeting structured query language (SQL), XML Path Language and JavaScript with positive results.

Originality/value

Despite many countermeasures that have been proposed the number of CIAs has been increasing. Malicious users seem to find new ways to introduce compromised embedded executable code to applications by using a variety of languages and techniques. Hence, a generic approach that defends against such attacks would be a useful countermeasure. This approach can defend attacks that involve both domain‐specific languages (e.g. SQL) and general purpose languages (e.g. JavaScript) and can be used both against client‐side and server‐side attacks.

Details

Information Management & Computer Security, vol. 19 no. 3
Type: Research Article
ISSN: 0968-5227

Keywords

Content available
Article
Publication date: 15 March 2013

Lior Lazar

93

Abstract

Details

Information Management & Computer Security, vol. 21 no. 1
Type: Research Article
ISSN: 0968-5227

Content available
Article
Publication date: 21 November 2008

430

Abstract

Details

Information Management & Computer Security, vol. 16 no. 5
Type: Research Article
ISSN: 0968-5227

Keywords

1 – 7 of 7