Search results

The Java programming language supports the concept of downloadable executable content; a key technology in a wide range of emerging applications including collaborative systems, electronic commerce, and Web information services. Java enables the execution of a program, on almost any modern computer regardless of hardware configuration and operating system. Safe‐Tcl was proposed as an executable content type of MIME and thus as the standard language for executable contents within e‐mail messages. However, the ability to download, integrate, and execute code from a remote computer, provided by both Java and Safe‐Tcl, introduces serious security risks since it enables a malicious remote program to obtain unauthorised access to the downloading system’s resources. In this paper, the two proposed security models are described in detail and the efficiency and flexibility of current implementations are evaluated in a comparative manner. Finally, upcoming extensions are discussed.

Enumerates and compares a number of security‐enabling architectures for network clients. These architectures, either proposed as methodologies or currently implemented in software and/or hardware, are capable of protecting the client’s software integrity and its environment. The most important methodologies include the reference monitor model, firewalls, and virtual machines. Software implementations are the Java Sandbox, and the code signing concept. Hardware that can be used includes smart cards, and the TCPA/Palladium security initiative. Describes their most important features and provide a review and comparative study based on a number of criteria. Believes that ongoing research can empower these mechanisms for protecting network clients in a more effective way.

To present a new technique that contains the spread of rapid malcode, which is based on peer‐to‐peer (P2P) communication and the principles of computer hygiene.

Two proof‐of‐concept prototypes demonstrate the feasibility of the introduced technique. The effectiveness of the proposed model is supported by experimental findings through simulation tests. Additional software tools have been developed to ensure the correctness of the simulation.

Provides supportive information regarding the efficiency of computer hygiene practices. Moreover, theoretical and empirical results show that P2P networks could play an important role in the containment of worm epidemics.

A stable system deployed in large‐scale is yet to be implement in order to produce decisive results regarding the benefits of the proposed algorithm.

This paper argues that P2P networks can have significant impact on the containment of the rapid malcode.

This paper is an extended and revised version of the “PROMISing steps towards computer hygiene” paper which appeared in the INC2006 conference.

The security aspects of public sector information systems are important as the respective systems are often part of critical infrastructures or deal with personal or sensitive data. A set of 53 Greek public sector organizations were investigated by means of a structured questionnaire concerning important aspects of information systems security. We present the relevant theoretical background, the methodology of our research, and an analysis of the obtained results. Greek public sector organizations have only a basic level of information system security awareness. Most care about digital data confidentiality; however, only a small percentage have developed a systematic, complete, and integrated approach towards the security of their information system, including internal audit procedures. The importance of proper training and generally the importance of the human factor for achieving high levels of information systems security is often underestimated.

The purpose of this paper is to propose a generic approach that prevents a specific class of code injection attacks (CIAs) in a novel way.

To defend against CIAs this approach involves detecting attacks by using location‐specific signatures to validate code statements. The signatures are unique identifiers that represent specific characteristics of a statement's execution. The key property that differentiates the scheme presented in this paper is that these characteristics do not depend entirely on the code statement, but also take into account elements from its execution context.

The approach was applied successfully to defend against attacks targeting structured query language (SQL), XML Path Language and JavaScript with positive results.

Despite many countermeasures that have been proposed the number of CIAs has been increasing. Malicious users seem to find new ways to introduce compromised embedded executable code to applications by using a variety of languages and techniques. Hence, a generic approach that defends against such attacks would be a useful countermeasure. This approach can defend attacks that involve both domain‐specific languages (e.g. SQL) and general purpose languages (e.g. JavaScript) and can be used both against client‐side and server‐side attacks.