Two main results in the area of information hiding in natural lan-  guage text are presented. A semantically-based scheme dramatically im-  proves the information-hiding capacity of any text through two tech-  niques: (i) modifying the granularity of meaning of individual sentences,  whereas our own previous scheme kept the granularity fixed, and (ii) halv-  ing the number of sentences affected by the watermark. No longer a “long text, short watermark” approach, it now makes it possible to watermark short texts like wire agency reports. Using both the above-mentioned se-  mantic marking scheme and our previous syntactically-based method hides information in a way that reveals any non-trivial tampering with the text (while re-formatting is not considered to be tampering—the problem would be solved trivially otherwise by hiding a hash of the text) with a probabil-  ity 1–2–b(n+1), n being its number of sentences and b a small positive integer based on the extent of co-referencing.

In an open environment such as the Internet, the decision to collaborate with a stranger (e.g., by granting access to a resource) is often based on the characteristics (rather than the identity) of the requester, via digital credentials: Access is granted if Alice’s credentials satisfy Bob’s access policy. The literature contains many scenarios in which it is desirable to carry out such trust negotiations in a privacy-preserving manner, i.e., so as minimize the disclosure of credentials and/or of access policies. Elegant solutions were proposed for achieving various degrees of privacy-preservation through minimal disclosure. In this paper, we present protocols that protect both sensitive credentials and sensitive policies. That is, Alice gets the resource only if she satisfies the policy, Bob does not learn anything about Alice’s credentials (not even whether Alice got access), and Alice learns neither Bob’s policy structure nor which credentials caused her to gain access. Our protocols are efficient in terms of communication and in rounds of interaction.

As organizations increasingly rely on information systems as the primary way to conduct operations, keeping such systems secure requires increasing emphasis. This paper provides information security professionals and top management a framework through which usable security strategy and policy for applications can be created and maintained in line with the standard information technology life cycle. This framework, the Policy Framework for Interpreting Risk in E-Business Security (PFIRES), was initially developed for e-commerce activities and has since been generalized to handle security policy for all types of organizations engaged in computing and Internet operations. This framework offers a possible starting point for understanding a security policy’s impact on an organization, and is intended to guide organizations in developing, implementing, and maintaining security policy.

Today’s world of increasingly dynamic environments naturally results in more and more data being available as fast streams. Applications such as stock market analysis, environmental sensing, Web clicks, and intrusion detection are just a few of the examples where valuable data is streamed. Often, streaming information is offered on the basis of a nonexclusive, single-use customer license. One major concern, especially given the digital nature of the valuable stream, is the ability to easily record and potentially “replay” parts of it in the future. If there is value associated with such future replays, it could constitute enough incentive for a malicious customer (Mallory) to record and duplicate data segments, subsequently reselling them for profit. Being able to protect against such infringements becomes a necessity. In this work, we introduce the issue of rights protection for discrete streaming data through watermarking. This is a novel problem with many associated challenges including: operating in a finite window, single-pass, (possibly) high-speed streaming model, and surviving natural domain specific transforms and attacks (e.g., extreme sparse sampling and summarizations), while at the same time keeping data alterations within allowable bounds. We propose a solution and analyze its resilience to various types of attacks as well as some of the important expected domain-specific transforms, such as sampling and summarization. We implement a proof of concept software (wms.*) and perform experiments on real sensor data from the NASA Infrared Telescope Facility at the University of Hawaii, to assess encoding resilience levels in practice. Our solution proves to be well suited for this new domain. For example, we can recover an over 97 percent confidence watermark from a highly down-sampled (e.g., less than 8 percent) stream or survive stream summarization (e.g., 20 percent) and random alteration attacks with very high confidence levels, often above 99 percent.

Even though collaborative computing can yield substantial economic, social, and scientific benefits, a serious impediment to fully achieving that potential is a reluctance to share data, for fear of losing control over its subsequent dissemination and usage. An organization’s most valuable and useful data is often proprietary/ confidential, or the law may forbid its disclosure or regulate the form of that disclosure. We survey security technologies that mitigate this problem, and discuss research directions towards enforcing the data owner’s approved purposes on the data used in collaborative computing. These include techniques for cooperatively computing answers without revealing any private data, even though the computed answers depend on all the participants’ private data. They also include computational outsourcing, where computationally weak entities use computationally powerful entities to carry out intensive computing tasks without revealing to them either their inputs or the computed outputs.

The vast majority of the literature on watermarking has dealt with media such as images, video, and audio - all of which are ultimately destined for consumption by the human perceptual system. There has recently been growing interest in watermarking non-media such as relational data, software, natural language text, sensor streams, etc. The challenges posed by these new domains are quite different from the traditional ones. For example, some (like relational data and software) are destined for automated processing rather than for perception by a human. Others (like natural language text) are destined for human consumption, but by the cognitive rather than the perceptual system. Streaming data poses its own set of challenges. The talk will survey these areas, their problematics, the progress made, and the remaining challenges.

As society increasingly relies on computing and networks for commerce, government,  social services, entertainment, and communication, it also becomes more vulnerable to accidents, disasters, criminal behavior, and malicious activity involving this crucial infrastructure.  However, the current infrastructure was simply not designed for the kind of usage it is being put to today.  An event that involves and/or affects the computing/communications infrastructure in an extreme way is uncomfortably likely.  The recent outbreaks of denial-of-service attacks and computer viruses are, unfortunately,  the tip of a very large iceberg that is still largely out of the public view:  What could easily occur is orders of magnitude worse than what has occurred.  Many events that routinely occur today could easily take on an “extreme” character in the future, but two prime candidates are financial fraud and accidental losses:

This paper concentrates on one technological aspect of providing communications security, firewall technology. It introduces a formalism called Hierarchical Colored Petri Nets (HCPN) in tutorial style. The main contribution of the paper is a description of how to model fire- wall systems using Hierarchical Colored Petri Nets. A byproduct of this approach is a novel way of modeling audit streams in distributed systems. HCPNs are well suited for modeling concurrent, distributed systems in which regulated flows of information are significant, such as firewall systems which enforce access control policies on network packets. The paper introduces the basics of this modeling technique. It demonstrates with several examples how firewalls can be modeled. It outlines how simulations of such models can facilitate testing, performance analysis, and interactive design exploration. Finally, the approach can serve as the basis for formal analysis techniques available through Applied Petri Net Theory.

The problem of key management in access hierarchies studies ways to assign keys to users and classes such that each user, after receiving her secret key(s), is able to independently compute access keys for (and thus obtain access to) the appropriate resources defined by the hierarchical structure. If user privi-  leges additionally are time-based, the key(s) a user receives should permit access to the resources only at the appropriate times. This paper presents a new, prov-  ably secure, and efficient solution that can be used to add time-based capabilities to existing hierarchical schemes. It achieves the following performance bounds:  (i) to be able to obtain access to an arbitrary contiguous set of time intervals, a user is required to store at most 3 keys; (ii) the keys for a user can be computed by the system in constant time; (iii) key derivation by the user within the authorized time intervals involves a small constant number of inexpensive cryptographic op-  erations; and (iv) if the total number of time intervals in the system is n, then the server needs to maintain public storage larger than n by only a small asymptotic factor, e.g., O(log ∗  n log log n) with a small constant.