New approaches for security, privacy and trust in complex environments : proceedings of the IFIP TC-11 22nd International Information Security Conference (SEC 2007), 14-16 May 2007, Sandton, South Africa

The current IT environment deals with novel, complex approaches such as information privacy, trust, digital forensics, management, and human aspects. This volume includes papers offering research contributions that focus both on access control in complex environments as well as other aspects of computer security and privacy.

Digital Forensics.- FORSIGS: Forensic Signature Analysis of the Hard Drive for Multimedia File Fingerprints.- Digital Forensic Readiness as a Component of Information Security Best Practice.- Human-Computer Interaction I.- Value creation and Return On Security Investments (ROSI).- Usability and Security of Personal Firewalls.- Computer-Based Trust.- Trusted Ticket Systems and Applications.- Trust Evaluation for Web Applications based on Behavioral Analysis.- Information Security Management I.- Improving the Information Security Model by using TFI.- Ontological Mapping of Common Criteria's Security Assurance Requirements.- Network Security I.- Management of Exceptions on Access Control Policies.- Security Analysis of Two Ultra-Lightweight RFID Authentication Protocols.- Information Security Management II.- Exploratory survey on an Evaluation Model for a Sense of Security.- Employees' Adherence to Information Security Policies: An Empirical Study.- Network Security II.- Phishing in the Wireless: Implementation and Analysis.- Secure Path-Key Revocation for Symmetric Key Pre-distribution Schemes in Sensor Networks.- Access Control I.- A Credential-Based System for the Anonymous Delegation of Rights.- Development and Application of a Proxy Server for Transparently, Digitally Signing E-Learning Content.- Human-Computer Interaction II.- Identity Theft - Empirical evidence from a Phishing Exercise.- A Practical Usability Evaluation of Security Features in End-User Applications.- Intrusion Detection Systems.- Personal Anomaly-based Intrusion Detection Smart Card Using Behavioural Analysis.- A Survey of Bots Used for Distributed Denial of Service Attacks.- Access Control II.- A Hybrid PKI-IBC Based Ephemerizer System.- Keystroke Analysis for Thumb-based Keyboards on Mobile Devices.- Information Privacy I.- Security Remarks on a Convertible Nominative Signature Scheme.- Using Payment Gateways to Maintain Privacy in Secure Electronic Transactions.- Access Control III.- A Role-Based Architecture for Seamless Identity Management and Effective Task Separation.- Extending Role Based Access Control Model for Distributed Multidomain Applications.- Information Privacy II.- A Middleware Architecture for Integrating Privacy Preferences and Location Accuracy.- Enabling Privacy of Real-Life LBS.- Access Control IV.- Crafting Web Counters into Covert Channels.- OPA: Onion Policy Administration Model - Another approach to manage rights in DRM.- Security Services.- Non-Repudiation in Internet Telephony.- FirePatch: Secure and Time-Critical Dissemination of Software Patches.- Access Control V.- An Experimental Evaluation of Multi-Key Strategies for Data Outsourcing.- Building a Distributed Semantic-aware Security Architecture.- Trust and Intrusion Detection Systems.- Using Trust to Resist Censorship in the Presence of Collusion.- Evaluating the Effects of Model Generalization on Intrusion Detection Performance.- Keynote paper.- Modernising MAC: New Forms for Mandatory Access Control in an Era of DRM.- IFIP WG 9.7/11.7 - IT Missue and the Law & the NoE "Future of Identity in the Information Society" (FIDIS) - Workshop on Security and Control of Identity in Society.- Covert Identity Information in Direct Anonymous Attestation (DAA).- Safeguarding Personal Data using Rights Management in Distributed Applications.- Identification Now and in the Future: Social Grant Distribution Process in South Africa.- Hard-drive Disposal and Identity Fraud.- An analysis of security and privacy issues relating to RFID enabled ePassports.- IFIF WG 11.1/11.8 Workshop on Fostering Knowledge and Skills for Managable Information Security.- Toward User Evaluation of IT Security Certification Schemes: A Preliminary Framework.- Teaching of Information Security in the "Health Care and Nursing" Postgraduate program.- Remote Virtual Information Assurance Network.- Certifying the Computer Security Professional Using the Project Management Institute's PMP Model.