Research directions in data and applications security XVIII : IFIP TC 11/WG 11.3 eighteenth annual Conference on Data and Applications Security, July 25-28, 2004, Sitges, Catalonia, Spain

As Information Technology becomes a vital part of our everyday activities, ranging from personal use to government and defense applications, the need to develop high-assurance systems increases. Data and applications security and privacy are crucial elements in developing such systems. Research Directions in Data and Applications Security XVIII presents original unpublished research results, practical experiences, and innovative ideas in the field of data and applications security and privacy. Topics presented in this volume include: -Database theory; -Inference control; -Data protection techniques; -Distributed systems; -Access control models; -Security policy; -Design and management; -Privacy; -Network security. This book is the eighteenth volume in the series produced by the International Federation for Information Processing (IFIP) Working Group 11.3 on Data and Applications Security. It contains twenty-three papers and two invited talks that were presented at the Eighteenth Annual IFIP WG 11.3 Conference on Data and Applications Security, which was sponsored by IFIP and held in Sitges, Catalonia, Spain in July 2004. Research Directions in Data and Applications Security XVIII is a high-quality reference volume that addresses several aspects of information protection, and is aimed at researchers, educators, students, and developers.

• Preface. Conference Organization. Contributing Authors. I: Invited Talk I. Invited Talk - Inference Control Problem in Statistical Database Query Systems
• L.H. Cox. II: Access Control. Attribute Mutability in Usage Control
• Jaehong Park, et al. Star Tree: An Index Structure for Efficient Evaluation of Spatiotemporal Authorizations
• V. Alturi, Qui Guo. An Extended Analysis of Delegating Obligations
• A. Schaad. Implementing Real-Time Update of Access Control Policies
• I. Rai, Tai Xin. III: Data Protection Techniques. Defending against Additive Attacks with Maximal Errors in Watermarking Relational Databases
• Jingjui Li, et al. Performance-Conscious Key Management in Encrypted Databases
• H. Hacigumus, S. Mehrotra. Damage Discovery in Distributed Database Systems
• Yanjun Zuo, B. Panda. IV: Database Theory and Inference Control. Information Flow Analysis for File Systems and Databases Using Labels
• E. Gudes, et al. Refusal in Incomplete Databases
• J. Biskup, T. Weibert. Why is This User Asking so Many Questions? Explaining Sequences of Queries
• A.C. Acar, A. Motro. V: Invited Talk II. Invited Talk - Towards Semantics-Aware Access Control
• E. Damiani, S. De Capitani-de Vimercati. VI: System Security Analysis. RBAC/MAC Security for UML
• T. Doan, et al. Secure Bridges: A Means to Conduct Secure Teleconferences over Public Telephones
• I. Youn, D. Wijesekera. VII: Access Control Design and Management. Policy-based Security Management for Enterprise Systems
• R. Mukkamala, et al. A Pattern System for Access Control
• T. Priebe, et al. A Design for Parameterized Roles
• Mei Ge, S.L. Osborn.VIII: Distributed Systems. Efficient Verification of Delegation in Distributive Group Membership Management
• L. Huraj, H. Reiser. Web Resource Usage Control in RSCLP
• S. Barker. Securely Distributing Centralized Multimedia Content Utilizing Peer-to-Peer Cooperation
• I. Ray T. Hajek. IX: Privacy. On the Damage and Compensation of Privacy Leakage
• Da-Wei Wang, et al. An Experimental Study of Distortion-Based Techniques for Association Rule Hiding
• E.D. Pontikakis, et al. Privacy-Preserving Multi-Party Decision Tree Induction
• J.Z. Zhan, et al. X: Network Protection and Configuration. Configuring Storage Area Networks for Mandatory Security
• B. Aziz, et al. A Framework for Trusted Wireless Networks
• J.S. Park, A. Jain. Author Index.