Search For:

Displaying 1-34 out of 34 total
SHPF: Enhancing HTTP(S) Session Security with Browser Fingerprinting
Found in: 2013 Eighth International Conference on Availability, Reliability and Security (ARES)
By Thomas Unger,Martin Mulazzani,Dominik Fruhwirt,Markus Huber,Sebastian Schrittwieser,Edgar Weippl
Issue Date:September 2013
pp. 255-261
Session hijacking has become a major problem in today's Web services, especially with the availability of free off-the-shelf tools. As major websites like Facebook, You tube and Yahoo still do not use HTTPS for all users by default, new methods are needed ...
 
InnoDB Database Forensics: Reconstructing Data Manipulation Queries from Redo Logs
Found in: 2012 Seventh International Conference on Availability, Reliability and Security (ARES)
By Peter Fruhwirt,Peter Kieseberg,Sebastian Schrittwieser,Markus Huber,Edgar Weippl
Issue Date:August 2012
pp. 625-633
InnoDB is a powerful open-source storage engine for MySQL that gained much popularity during the recent years. This paper proposes methods for forensic analysis of InnoDB databases by analyzing the redo logs, primarily used for crash recovery within the st...
 
Trees Cannot Lie: Using Data Structures for Forensics Purposes
Found in: European Intelligence and Security Informatics Conference
By Peter Kieseberg,Sebastian Schrittwieser,Martin Mulazzani,Markus Huber,Edgar Weippl
Issue Date:September 2011
pp. 282-285
Today's forensic techniques for databases are primarily focused on logging mechanisms and artifacts accessible in the database management systems (DBMSs). While log files, plan caches, cache clock hands, etc. can reveal past transactions, a malicious admin...
 
Friend-in-the-Middle Attacks: Exploiting Social Networking Sites for Spam
Found in: IEEE Internet Computing
By Markus Huber, Martin Mulazzani, Gerhard Kitzler, Sigrun Goluch, Edgar Weippl
Issue Date:May 2011
pp. 28-34
<p>Friend-in-the-middle attacks on social networking sites can be used to harvest social data in an automated fashion. Attackers can then exploit this data for large-scale attacks using context-aware spam and social phishing. The authors prove the fe...
 
Social Networking Sites Security: Quo Vadis
Found in: Social Computing / IEEE International Conference on Privacy, Security, Risk and Trust, 2010 IEEE International Conference on
By Markus Huber, Martin Mulazzani, Edgar Weippl
Issue Date:August 2010
pp. 1117-1122
Social networking sites have been studied extensively within the past five years, especially in the area of information security. Within this paper we discuss these emerging web services both regarding possible attack vectors as well as defense strategies....
 
Fortification of IT Security by Automatic Security Advisory Processing
Found in: Advanced Information Networking and Applications, International Conference on
By Stefan Fenz, Andreas Ekelhart, Edgar Weippl
Issue Date:March 2008
pp. 575-582
The past years have seen the rapid increase of security related incidents in the field of information technology. IT infrastructures in the commercial as well as in the governmental sector are becoming evermore heterogeneous which increases the complexity ...
 
Information Security Fortification by Ontological Mapping of the ISO/IEC 27001 Standard
Found in: Pacific Rim International Symposium on Dependable Computing, IEEE
By Stefan Fenz, Gernot Goluch, Andreas Ekelhart, Bernhard Riedl, Edgar Weippl
Issue Date:December 2007
pp. 381-388
This paper introduces an ontology-based framework to improve the preparation of ISO/IEC 27001 audits, and to strengthen the security state of the company respectively. Building on extensive previous work on security ontologies, we elaborate on how ISO/IEC ...
 
Security Ontologies: Improving Quantitative Risk Analysis
Found in: Hawaii International Conference on System Sciences
By Andreas Ekelhart, Stefan Fenz, Markus Klemen, Edgar Weippl
Issue Date:January 2007
pp. 156a
IT-security has become a much diversified field and small and medium sized enterprises (SMEs), in particular, do not have the financial ability to implement a holistic IT-security approach. We thus propose a security ontology, to provide a solid base for a...
   
Ontology based IT-security planning
Found in: Pacific Rim International Symposium on Dependable Computing, IEEE
By Stefan Fenz, Edgar Weippl
Issue Date:December 2006
pp. 389-390
IT-security has become a much diversified field and small and medium sized enterprises (SMEs), in particular, do not have the financial ability to implement a holistic IT-security approach. We thus propose a security ontology, to provide a solid base for a...
 
Workshop-based Multiobjective Security Safeguard Selection
Found in: Availability, Reliability and Security, International Conference on
By Thomas Neubauer, Christian Stummer, Edgar Weippl
Issue Date:April 2006
pp. 366-373
Companies spend considerable amounts of resources on minimizing security breaches but often neglect efficient security measures and/or are not aware whether their investments are effective. While security safeguards traditionally are evaluated through a si...
 
Digital Signatures with Familiar Appearance for e-Government Documents: Authentic PDF
Found in: Availability, Reliability and Security, International Conference on
By Thomas Neubauer, Edgar Weippl, Stefan Biffl
Issue Date:April 2006
pp. 723-731
Most e-government applications have to find a solution for simple, reliable, secure and authentic signing of official documents. Citizens need a simple way to verify the authenticity and integrity of an official document. Currently XML documents allow repr...
 
Reusable Components for Developing Security-Aware Applications
Found in: Computer Security Applications Conference, Annual
By Stefan Probst, Wolfgang Essmayr, Edgar Weippl
Issue Date:December 2002
pp. 239
Today, security is considered to be an important aspect of multi-tier application development. Thoroughly researched concepts for access control exist and have been proven in mainframe computing. However, they are often not used in today?s development of m...
 
Agent Solutions for E-business Transactions
Found in: Database and Expert Systems Applications, International Workshop on
By Ismail Khalil Ibrahim, Wieland Schwinger, Edgar Weippl, Josef Altmann, Werner Winiwarter
Issue Date:September 2001
pp. 0084
Abstract: Software agents have become very popular in the last few years. They have been used successfully to perform quite a diverse range of applications. In this paper we present a model for agents as mediators in e-commerce, which highlights how far te...
 
An Approach to Role-Based Access Control for Digital Content
Found in: Information Technology: Coding and Computing, International Conference on
By Edgar Weippl
Issue Date:April 2001
pp. 0290
Abstract: Role-based access control is the state-of-the-art mechanism for restricting access to resources. Today, digital content is distributed via CD-ROMS and the Internet with little or no protection. Using widely available public key cryptography, we p...
 
An Approach to Secure Distribution of Web-Based Training Courses
Found in: Australasian Computer Science Conference
By Edgar Weippl
Issue Date:February 2001
pp. 199
Although Web-based training systems are widely used today, security issues within these systems have not been sufficiently addressed. In this paper we outline the possible specific security threats of Web-based training systems in addition to those of othe...
 
Visualizing Content Based Relations in Texts
Found in: Australasian User Interface Conference
By Edgar Weippl
Issue Date:February 2001
pp. 34
Our goal is to efficiently visualize a medium sized hypertext database containing 500-20000 articles. The visualization technique we propose is an Information Landscape. Basically,the information landscape maps texts into a 2D plane so that related texts a...
 
Governance, Risk & Compliance (GRC) Software - An Exploratory Study of Software Vendor and Market Research Perspectives
Found in: Hawaii International Conference on System Sciences
By Nicolas Racz, Edgar Weippl, Andreas Seufert
Issue Date:January 2011
pp. 1-10
The integration of governance, risk, and compliance (GRC) activities has recently witnessed increased attention. Many organizations have deployed integrated GRC software. In this paper scientific research examines state-of-the-art GRC software for the firs...
   
IT Governance, Risk & Compliance (GRC) Status Quo and Integration: An Explorative Industry Case Study
Found in: Services, IEEE Congress on
By Nicolas Racz,Edgar Weippl,Riccardo Bonazzi
Issue Date:July 2011
pp. 429-436
The integration of governance, risk, and compliance (GRC) activities has gained importance over the last years. This paper presents an analysis of the GRC integration efforts in information technology departments of three large enterprises. Action design r...
 
Social engineering attacks on the knowledge worker
Found in: Proceedings of the 6th International Conference on Security of Information and Networks (SIN '13)
By Edgar Weippl, Heidelinde Hobel, Katharina Krombholz, Markus Huber
Issue Date:November 2013
pp. 28-35
Social engineering has become an emerging threat in virtual communities and is an effective means to attack information systems. Today's knowledge workers make use of a number of services that leverage sophisticated social engineering attacks. Moreover, th...
     
Cloudoscopy: services discovery and topology mapping
Found in: Proceedings of the 2013 ACM workshop on Cloud computing security workshop (CCSW '13)
By Amir Herzberg, Edgar Weippl, Johanna Ullrich, Haya Shulman
Issue Date:November 2013
pp. 113-122
We define and study cloudoscopy, i.e., exposing sensitive information about the location of (victim) cloud services and/or about the internal organisation of the cloud network, in spite of location-hiding efforts by cloud providers. A typical cloudoscopy a...
     
Is security an afterthought when designing apps?
Found in: Proceedings of the 10th International Conference on Advances in Mobile Computing & Multimedia (MoMM '12)
By Edgar Weippl
Issue Date:December 2012
pp. 4-4
Mobile applications only become really useful if combined with cloud-based services. We have observed that the increasingly short time to market may cause serious design flaws in the security architecture. In this talk I will highlight some flaws discovere...
     
INMOTOS: extending the ROPE-methodology
Found in: Proceedings of the 14th International Conference on Information Integration and Web-based Applications & Services (IIWAS '12)
By Edgar Weippl, Lorenz Zechner, Peter Kieseberg
Issue Date:December 2012
pp. 272-277
The Interdependency Modeling Tool and Simulation (INMOTOS) project is aimed to develop a tool for modeling and assessment of interdependent business- and contingency plans and risks affecting them. In the scope of that project a methodology had to be creat...
     
Digital forensics for enterprise rights management systems
Found in: Proceedings of the 14th International Conference on Information Integration and Web-based Applications & Services (IIWAS '12)
By Edgar Weippl, Peter Kieseberg, Sebastian Schrittwieser
Issue Date:December 2012
pp. 111-120
Digital forensics is the application of techniques to recover, reconstruct and analyze data from a computer or a similar system in order to gather digital evidence (e.g. on a suspicious employee or for law enforcement). Guidelines and standards for forensi...
     
Is security an afterthought when designing apps?
Found in: Proceedings of the 14th International Conference on Information Integration and Web-based Applications & Services (IIWAS '12)
By Edgar Weippl
Issue Date:December 2012
pp. 4-4
Mobile applications only become really useful if combined with cloud-based services. We have observed that the increasingly short time to market may cause serious design flaws in the security architecture. In this talk I will highlight some flaws discovere...
     
Using the structure of B+-trees for enhancing logging mechanisms of databases
Found in: Proceedings of the 13th International Conference on Information Integration and Web-based Applications and Services (iiWAS '11)
By Edgar Weippl, Lorcan Morgan, Markus Huber, Martin Mulazzani, Peter Kieseberg, Sebastian Schrittwieser
Issue Date:December 2011
pp. 301-304
Today's database management systems implement sophisticated access control mechanisms to prevent unauthorized access and modifications. This is, as an example, an important basic requirement for SOX (Sarbanes--Oxley Act) compliance, whereby every past tran...
     
Social snapshots: digital forensics for online social networks
Found in: Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC '11)
By Edgar Weippl, Gilbert Wondracek, Manuel Leithner, Markus Huber, Martin Mulazzani, Sebastian Schrittwieser
Issue Date:December 2011
pp. 113-122
Recently, academia and law enforcement alike have shown a strong demand for data that is collected from online social networks. In this work, we present a novel method for harvesting such data from social networking websites. Our approach uses a hybrid sys...
     
QR code security
Found in: Proceedings of the 8th International Conference on Advances in Mobile Computing and Multimedia (MoMM '10)
By Edgar Weippl, Lindsay Munroe, Manuel Leithner, Martin Mulazzani, Mayank Sinha, Peter Kieseberg, Sebastian Schrittwieser
Issue Date:November 2010
pp. 430-435
This paper examines QR Codes and how they can be used to attack both human interaction and automated systems. As the encoded information is intended to be machine readable only, a human cannot distinguish between a valid and a maliciously manipulated QR co...
     
Cheap and automated socio-technical attacks based on social networking sites
Found in: Proceedings of the 3rd ACM workshop on Artificial intelligence and security (AISec '10)
By Edgar Weippl, Markus Huber, Martin Mulazzani, Sebastian Schrittwieser
Issue Date:October 2010
pp. 61-64
The vastly and steadily increasing data pool collected by social networking sites can have severe implications once this information becomes available to attackers. Whilst socio-technical attacks such as social engineering relied upon expensive background ...
     
Exploiting social networking sites for spam
Found in: Proceedings of the 17th ACM conference on Computer and communications security (CCS '10)
By Edgar Weippl, Gerhard Kitzler, Markus Huber, Martin Mulazzani, Sigrun Goluch
Issue Date:October 2010
pp. 693-695
In the ongoing arms race between spammers and the multi-million dollar anti-spam industry, the number of unsolicited e-mail messages (better known as "spam") and phishing has increased heavily in the last decade. In this paper, we show that our novel frien...
     
Addressing misalignment between information security metrics and business-driven security objectives
Found in: Proceedings of the 6th International Workshop on Security Measurements and Metrics (MetriSec '10)
By Christian Fruehwirth, Edgar Weippl, Mohamed Tabatabai, Stefan Biffl
Issue Date:September 2010
pp. 1-7
Companies, which approach information security management from a business perspective, invest in using security metrics to measure the degree to which their security objectives are being met. The decision however, on which particular security metrics to us...
     
An event-based empirical process analysis framework
Found in: Proceedings of the 2010 ACM-IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM '10)
By Alexander Schatten, Dietmar Winkler, Dindin Wahyudin, Edgar Weippl, Mohammed Tabatabai, Richard Mordinyi, Stefan Biffl, Thomas Moser, Wikan Danar Sunindyo
Issue Date:September 2010
pp. 1-1
The engineering of complex software-intensive systems, like industrial production plants, requires software engineering to coordinate and interact with other engineering disciplines. Project and quality managers need empirical study results to improve syst...
     
On cooperatively creating dynamic ontologies
Found in: Proceedings of the sixteenth ACM conference on Hypertext and hypermedia (HYPERTEXT '05)
By Edgar Weippl, Eva Gahleitner, Jurgen Palkoska, Wernher Behrendt
Issue Date:September 2005
pp. 208-210
Collaborative construction of ontologies is still hampered by immature methodologies and by tools which are insufficient for domain experts who are not at the same time, knowledge engineers. The DynamOnt project has set out to develop a methodology for col...
     
Building secure knowledge bases: combining Java agents and DBagents
Found in: Proceedings of the fifth international conference on Autonomous agents (AGENTS '01)
By Edgar Weippl
Issue Date:May 2001
pp. 212-213
Today, databases are ubiquitous. In factories machine tools are connected to databases that process outstanding orders and log occurring errors. Our industrial partner AMS engineering builds and maintains machine tools for various client companies that ope...
     
Coimbra: secure Web access to multimedia content
Found in: Proceedings of the 2000 ACM workshops on Multimedia (MULTIMEDIA '00)
By Edgar Weippl
Issue Date:October 2000
pp. 145-148
In this paper, we describe various concepts how Web content can be published in a way so that copies cannot be illegally distributed. The required access control mechanisms are implemented using well-known cryptographic algorithms. A modified Web browser d...
     
 1