Dynamic Management of Security Constraints in Advanced Enterprises

Providing security for the content that gets exchanged between physically and geographically different locations is challenging. The cost and resources to be used to meet this challenge has to be linked to the degree of security demanded by the content. In this chapter, the security associated with the transfer of the content is quantified and treated as a quality of service parameter. The user is free to select the parameter depending up on the content being transferred. As dictated by the demanding situations, a minimum agreed security would be assured for the data at the expense of the appropriate resources over the network.

Phishing

Phishing is a new form of online crime where the unsuspecting user is tricked into revealing his/her personal information. It is usually conducted using social engineering or technical deceit–based methods. The various ways in which phishing can take place are described in this chapter. This is followed by a description of key strategies that can be adopted for protection of end users and organizations. The end user protection strategies include desktop protection agents, password management tools, secure e-mail, simple and trusted browser setting, and digital signature. Among corporate protection strategies are such measures as e-mail personalization, mail server authentication, monitoring transaction logs, detecting unusual downloading activities, token based and multifactor authentication, domain monitoring, and Web poisoning. Some of the commercially available and popular anti-phishing products are also described in this chapter.

Security in E-Health Applications

This chapter presents security solutions in integrated patient-centric Web-based health-care information systems, also known as electronic healthcare record (EHCR). Security solutions in several projects have been presented and in particular a solution for EHCR integration from scratch. Implementations of Public key infrastructure, privilege management infrastructure, role based access control and rule based access control in EHCR have been presented. Regarding EHCR integration from scratch architecture and security have been proposed and discussed. This integration is particularly suitable for developing countries with wide spread Internet while at the same time the integration of heterogeneous systems is not needed. The chapter aims at contributing to initiatives for implementation of national and transnational EHCR in security aspect.

Interoperability Among Instrusion Detection Systems

This chapter addresses the problem of interoperability among intrusion detection systems. It presents a classification and a brief description of intrusion detection systems, taking into account several issues such as information sources, analysis of intrusion detection systems, response options for intrusion detection systems, analysis timing, control strategy, and architecture of intrusion detection systems. It is also discussed the problem of information exchange among intrusion detection systems, being addressed the intrusion detection exchange protocol and a format for the exchange of information among intrusion detection systems, called by intrusion detection message exchange format. The lack of a format of the answers or countermeasures interchanged between the components of intrusion detection systems is also discussed as well as some future trends in this area.

Delegation Services

Advanced applications for the Internet need to make use of the authorization service so that users can prove what they are allowed to do and show their privileges to perform different tasks. However, for a real scalable distributed authorization solution to work, the delegation service needs to be seriously considered. In this chapter, we first put into perspective the delegation implications, issues and concepts derived from authorization schemes proposed as solutions to the distributed authorization problem, indicating the delegation approaches that some of them take. Then, we analyze interesting federation solutions. Finally, we examine different formalisms specifically developed to support delegation services, focusing on a generalization of those approaches, the Weighted Delegation Graphs solution.

Software Specification and Attack Languages

General-purpose software specification languages are introduced to model software by providing a better understanding of their characteristics. Nevertheless, these languages may fail to model some nonfunctional requirements such as security and safety. The necessity for simplifying the specification of nonfunctional requirements led to the development of domain-specific languages (e.g., attack description languages). Attack languages are employed to specify intrusion detection related aspects like intrusion signatures, normal behavior, alert correlation, and so forth. They provide language constructs and libraries that simplify the specification of the aforementioned intrusion detection aspects. Attack languages are used heavily due to the rapid growth of computer intrusions. The current trend in software development is to develop the core functionalities of the software based on the requirements expressed in general-purpose software specification languages. Then, attack languages and other security mechanisms are used to deal with security requirements. However, using two sets of languages may result in several disadvantages such as redundant and conflicting requirements (e.g., usability vs. security). Moreover, incorporating security at the latter stages of a software life cycle is more difficult and time consuming. Many research works propose the unification and reconciliation of software engineering and security engineering in various directions. These research efforts aim to enable developers to use the current software engineering tools and techniques to specify security requirements. In this chapter, we present a study on the classification of software specification languages and discuss the current state of the art regarding attack languages. Specification languages are categorized based on their features and their main purposes. A detailed comparison among attack languages is provided. We show the example extensions of the two software specification languages to include some features of the attack languages. We believe that extending certain types of software specification languages to express security aspects like attack descriptions is a major step towards unifying software and security engineering.

Prevention and Handling of Malicious Code

The purpose of this chapter is to provide a wide spectrum of end users with a complete reference on malicious code or malware. End users include researchers, students, as well as information technology and security professionals in their daily activities. A particular effort aims at educating users about malware, enhancing organization capabilities for preventing as well as handling malicious code incidents when they occur, and preparing them for tomorrow’s new types of malware, as well as the new types of safeguards they should consider. First, the author provides an overview of malicious code, its past, present, and future. Second , he presents methodologies , guidelines and recommendation on how an organization can enhance its prevention of malicious code, how it should respond to the occurrence of a malware incident, and how it should learn from such an incident to be better prepared in the future. Finally, the author addresses the issue of the current research as well as future trends of malicious code and the new and future means of malware prevention.

Wireless Local Area Network Security

Using WLAN networks in enterprises has become a popular method for providing connectivity. We present the security threats of WLAN networks, and the basic mechanisms for protecting the network. We also give some advice on avoiding the threats.

Assessing Enterprise Risk Level

This chapter gives an introduction to the CORAS approach for model-based security risk analysis. It presents a guided walkthrough of the CORAS risk analysis process based on examples from risk analysis of security, trust and legal issues in a collaborative engineering virtual organisation. CORAS makes use of structured brainstorming to identify risks and treatments. To get a good picture of the risks, it is important to involve people with different insight into the target being analysed, such as end users, developers, and managers. One challenge in this setting is to bridge the communication gap between the participants, who typically have widely different backgrounds and expertise. The use of graphical models supports communication and understanding between these participants. The CORAS graphical language for threat modelling has been developed especially with this goal in mind.

Security Risk Management Methodologies

This chapter provides a wide spectrum of existing security risk management methodologies. The chapter starts presenting the concept and the objectives of enterprise risk management. Some exiting security risk management methods are then presented by showing the way to enhance their applications to enterprise needs.