Security and privacy in dynamic environments : proceedings of the IFIP TC-11 21st International Information Security Conference (SEC 2006), 22-24 May 2006, Karlstad, Sweden

This book contains the Proceedings of the 21st IFIP TC-11 International Information Security Conference (IFIP/SEC 2006) on "Security and Privacy in Dynamic Environments". The papers presented here place a special emphasis on Privacy and Privacy Enhancing Technologies. Further topics addressed include security in mobile and ad hoc networks, access control for dynamic environments, new forms of attacks, security awareness, intrusion detection, and network forensics.

Privacy and Privacy-Enhancing Technologies I.- Improving Availability of Emergency Health Information without Sacrificing Patient Privacy.- Ensuring Privacy for Buyer-Seller E-Commerce.- A General Certification Framework with Applications to Privacy-Enhancing Certificate Infrastructures.- Security in Mobile and Ad Hoc Networks.- Authenticated Query Flooding in Sensor Networks.- Identity Based Message Authentication for Dynamic Networks.- Providing Authentication and Access Control in Vehicular Network Environment.- Trust and Security Management.- A Framework for Web Services Trust.- Trust: An Element of Information Security.- Security-by-Ontology: A Knowledge-Centric Approach.- Privacy Enhancing Technologies II.- A Methodology for Designing Controlled Anonymous Applications.- Design Options for Privacy-Respecting Reputation Systems within Centralised Internet Communities.- Protecting (Anonymous) Credentials with the Trusted Computing Group's TPM V1.2.- Attacks, Vulnerability Analysis, and Tools.- Analysis and Improvement of Anti-Phishing Schemes.- CAT - A Practical Graph & SDL Based Toolkit for Vulnerability Assessment of 3G Networks.- Protecting Web Services from DoS Attacks by SOAP Message Validation.- Access Control and Authentication I.- A Flexible and Distributed Architecture to Enforce Dynamic Access Control.- A Paradigm for Dynamic and Decentralized Administration of Access Control in Workflow Applications.- CAS++: An Open Source Single Sign-On Solution for Secure e-Services.- Security Protocols.- A Synchronous Multi-Party Contract Signing Protocol Improving Lower Bound of Steps.- On the Cryptographic Key Secrecy of the Strengthened Yahalom Protocol.- Sealed-Bid Micro Auctions.- Intrusion Detection.- Detecting Known and Novel Network Intrusions.- Evaluating Classifiers for Mobile-Masquerader Detection.- VisFlowCluster-IP: Connectivity-Based Visual Clustering of Network Hosts.- Usability and Awareness.- A Usability Study of Security Policy Management.- Considering the Usability of End-User Security Software.- Utilizing the Common Criteria for Advanced Student Research Projects.- Privacy Enhancing Technologies III.- On the Relationship of Privacy and Secure Remote Logging in Dynamic Systems.- Privacy-Preserving Shared-Additive-Inverse Protocols and Their Applications.- Access Control and Authentication II.- Click Passwords.- Cryptographically Enforced Personalized Role-Based Access Control.- Access Control and Authentication III.- Using VO Concept for Managing Dynamic Security Associations.- Secure Fast Handover in an Open Broadband Access Network using Kerberos-style Tickets.- Forensics.- Network Forensics on Packet Fingerprints.- Oscar - File Type Identification of Binary Data in Disk Clusters and RAM Pages.- IFIP WG 11.1/11.8 Security Culture Workshop.- Organizational Security Culture: More Than Just an End-User Phenomenon.- Cyber Security Training and Awareness Through Game Play.- Internalisation of Information Security Culture amongst Employees through Basic Security Knowledge.- Bridging the Gap between General Management and Technicians - A Case Study in ICT Security.- Value-Focused Assessment of Information Communication and Technology Security Awareness in an Academic Environment.- Using Phishing for User Email Security Awareness.- IFIP WG 11.4 I-NetSec'06 Workshop.- Anonymous Credentials: Opportunities and Challenges.- Practical Private Regular Expression Matching.- A System for Privacy-Aware Resource Allocation and Data Processing in Dynamic Environments.- The APROB Channel: Adaptive Semi-Real-Time Anonymous Communication.