- Email: [email protected]
Editorial: 30th IFIP International Information Security Conference (IFIP SEC 2015)
computers & security 67 (2017) 266
Available online at www.sciencedirect.com
ScienceDirect j o u r n a l h o m e p a g e : w w w. e l s e v i e r. c o m / l o c a t e / c o s e
Editorial: 30th IFIP International Information Security Conference (IFIP SEC 2015)
This Special Issue contains selected papers from the 30th IFIP International Information Security and Privacy Conference (SEC 2015), which took place at University of Hamburg, Germany from 26 to 28 May 2015. The conference received a total of 212 submissions. Forty-two papers (20%) were accepted as full papers. The authors of ten of the best papers presented at SEC 2015 were invited to submit an extended version, which allowed them to incorporate feedback received at the conference as well as any further findings obtained since the original submission. Each paper was assigned to two reviewers who were asked to assess the contribution, quality, and significance of the new material. Ultimately, seven papers were accepted for this special issue. The papers address different aspects of security, privacy, and trust, which can be realized with various technical and organizational measures. The first two papers consider organizational measures. The paper “Practice-Based Discourse Analysis of Information Security Policies” by Karlsson et al. is concerned with the problem that security policies are frequently violated by employees, often unintentionally.The authors present eight tentative quality criteria to improve the effectiveness of such policies. The second paper, “Challenges in IT Security Preparedness Exercises: A Case Study” by Bartnes and Moe, provides further insights for security officers. Being well prepared for a security incident requires training. The authors have performed tabletop exercises in three organizations in the electric power industry. They identify a number of obstacles and describe how to overcome them. The third and the fourth paper apply cryptographic measures to improve security and privacy in practical applications. In their paper “Trustworthy Exams Without Trusted Parties” Giustolisi et al. improve the security of exams. The introduction of computers into various phases of an exam gives rise to a number of threats. The authors utilize visual cryptography and oblivious transfer to build a secure protocol. Their scheme, which they formally verify with ProVerif, prevents cheating by candidates as well as administrators and does not rely on a trusted third party. Lueks et al. want to make attribute-based credentials more practical. They aim to provide “Fast Revocation of AttributeBased Credentials for Both Users and Verifiers”. In contrast to previous work, their technique has low computational cost and gives up only a small, well-defined amount of anonymity. They
show that their solution is scalable and so efficient that it could be run on smart cards. In the fifth paper “Enhanced PKI Authentication with Trusted Product at Claimant” Yamado and Ikeda show how the security of authentication processes that rely on public-key infrastructures can be enhanced. They generalize concepts that have been specified in ISO/IEC 24761 for biometric use cases. Their solution relays context information about the claimant (client) to the verifier. The sixth and the seventh papers consider privacy issues. Ensuring that software does not unintentionally leak information is essential for security and privacy. Do et al. approach this problem in their paper “Automatic Detection and Demonstrator Generation for Information Flow Leaks in ObjectOriented Programs”. They provide a model that can be used to determine leaks and to generate exploits. A prototype for Java programs is presented and applied to an e-voting case-study. The final paper of this special issue is “Towards a Causality Based Analysis of Anonymity Protection in Indeterministic Mix Systems” by Pham and Kesdogan. Mixes are systems that are designed to provide strong traffic information protection to protect against observers on the network. The authors present a novel attack against the pool mix variant that relies on statistical measures for improved accuracy. It was an honor to host SEC 2015 at University of Hamburg and to be in charge of this special issue of Computers and Security. We thank all reviewers and authors as well as the editors and publishing staff at Computers and Security for their support and for making this issue possible. Collectively, the papers in this special issue represent the very best of the work presented at SEC 2015, including both theory and practice. We trust that readers working in various fields will find the above papers interesting and inspiring. Dominik Herrmann Hannes Federrath Special Issue Guest Editors
Available online http://dx.doi.org./10.1016/j.cose.2017.04.003 0167-4048/© 2017 Published by Elsevier Ltd.
Available online at www.sciencedirect.com
ScienceDirect j o u r n a l h o m e p a g e : w w w. e l s e v i e r. c o m / l o c a t e / c o s e
Editorial: 30th IFIP International Information Security Conference (IFIP SEC 2015)
This Special Issue contains selected papers from the 30th IFIP International Information Security and Privacy Conference (SEC 2015), which took place at University of Hamburg, Germany from 26 to 28 May 2015. The conference received a total of 212 submissions. Forty-two papers (20%) were accepted as full papers. The authors of ten of the best papers presented at SEC 2015 were invited to submit an extended version, which allowed them to incorporate feedback received at the conference as well as any further findings obtained since the original submission. Each paper was assigned to two reviewers who were asked to assess the contribution, quality, and significance of the new material. Ultimately, seven papers were accepted for this special issue. The papers address different aspects of security, privacy, and trust, which can be realized with various technical and organizational measures. The first two papers consider organizational measures. The paper “Practice-Based Discourse Analysis of Information Security Policies” by Karlsson et al. is concerned with the problem that security policies are frequently violated by employees, often unintentionally.The authors present eight tentative quality criteria to improve the effectiveness of such policies. The second paper, “Challenges in IT Security Preparedness Exercises: A Case Study” by Bartnes and Moe, provides further insights for security officers. Being well prepared for a security incident requires training. The authors have performed tabletop exercises in three organizations in the electric power industry. They identify a number of obstacles and describe how to overcome them. The third and the fourth paper apply cryptographic measures to improve security and privacy in practical applications. In their paper “Trustworthy Exams Without Trusted Parties” Giustolisi et al. improve the security of exams. The introduction of computers into various phases of an exam gives rise to a number of threats. The authors utilize visual cryptography and oblivious transfer to build a secure protocol. Their scheme, which they formally verify with ProVerif, prevents cheating by candidates as well as administrators and does not rely on a trusted third party. Lueks et al. want to make attribute-based credentials more practical. They aim to provide “Fast Revocation of AttributeBased Credentials for Both Users and Verifiers”. In contrast to previous work, their technique has low computational cost and gives up only a small, well-defined amount of anonymity. They
show that their solution is scalable and so efficient that it could be run on smart cards. In the fifth paper “Enhanced PKI Authentication with Trusted Product at Claimant” Yamado and Ikeda show how the security of authentication processes that rely on public-key infrastructures can be enhanced. They generalize concepts that have been specified in ISO/IEC 24761 for biometric use cases. Their solution relays context information about the claimant (client) to the verifier. The sixth and the seventh papers consider privacy issues. Ensuring that software does not unintentionally leak information is essential for security and privacy. Do et al. approach this problem in their paper “Automatic Detection and Demonstrator Generation for Information Flow Leaks in ObjectOriented Programs”. They provide a model that can be used to determine leaks and to generate exploits. A prototype for Java programs is presented and applied to an e-voting case-study. The final paper of this special issue is “Towards a Causality Based Analysis of Anonymity Protection in Indeterministic Mix Systems” by Pham and Kesdogan. Mixes are systems that are designed to provide strong traffic information protection to protect against observers on the network. The authors present a novel attack against the pool mix variant that relies on statistical measures for improved accuracy. It was an honor to host SEC 2015 at University of Hamburg and to be in charge of this special issue of Computers and Security. We thank all reviewers and authors as well as the editors and publishing staff at Computers and Security for their support and for making this issue possible. Collectively, the papers in this special issue represent the very best of the work presented at SEC 2015, including both theory and practice. We trust that readers working in various fields will find the above papers interesting and inspiring. Dominik Herrmann Hannes Federrath Special Issue Guest Editors
Available online http://dx.doi.org./10.1016/j.cose.2017.04.003 0167-4048/© 2017 Published by Elsevier Ltd.