Position-based routing protocols make routing de-  cisions based on the geographical position of the destination of a packet. Such protocols scale well since they do not require nodes to maintain explicit routes. Instead each node must know only its own position, the position of its neighbors, and the position of the destination. Thus, a critical component of position-based routing protocols is the position service that allows nodes to obtain the position of a destination node.  In this paper we analyze the security vulnerabilities of position-  based routing protocols and virtual home region (VHR)-based distributed position service systems. We propose methods to protect the position information from both external and internal attackers. We then discuss and propose several mitigation mech-  anisms against position abuse by internal attackers that exploit the position service to trace their targets. Finally, we propose a position verification mechanism that allows the position service to verify that the positions reported by nodes are correct.

Scalability and energy management issues are crucial for sensor network databases. In this paper, we introduce the Sharing and PArtitioning of Stream Spectrum (SPASS) pro-  tocol as a new approach to provide scalability with re-  spect to the number of sensors and to manage the power consumption efficiently. The spectrum of a sensor is the range/distribution of values read by that sensor. Close-by sensors tend to give similar readings and, consequently, ex-  hibit similar spectra. We propose to combine similar spectra into one global spectrum that is shared by all contributing sensors. Then, the global spectrum is partitioned among the sensors such that each sensor carries out the responsibility of managing a partition of the spectrum. Spectrum sharing and partitioning require continuous coordination to balance the load over the sensors. Experimental results show that the SPASS protocol relieves a sensor database system from the burden of data acquisition in large-scale sensor networks and reduces the per-sensor power consumption.

Survivable routing protocols are able to provide service in the presence of attacks and failures. The strongest attacks that protocols can experience are attacks where adversaries have full control of a number of authenticated nodes that behave arbitrarily to disrupt the network, also referred to as Byzantine attacks. This work examines the survivability of ad hoc wireless routing protocols in the presence of sev-  eral Byzantine attacks: black holes, flood rushing, worm-  holes and overlay network wormholes. Traditional secure routing protocols that assume authenticated nodes can al-  ways be trusted, fail to defend against such attacks. Our protocol, ODSBR, is an on-demand wireless routing proto-  col able to provide correct service in the presence of failures and Byzantine attacks. We demonstrate through simulations its effectiveness in mitigating such attacks. Our analysis of the impact of these attacks versus the adversary

Hybrid networks are a promising architecture that builds ad hoc, wireless networks around the existing cellular tele-  phony infrastructure and supporting massive deployment for ad hoc networking. In this paper we present a rout-  ing protocol, DST, for hybrid networks that maintains a close to optimal spanning tree of the network by using dis-  tributed topology trees. DST is fully dynamic and generates only O(log n) messages per update operation. We demon-  strate experimentally that the performance of DST scales well with the network size and activity, making it ideal for the metropolitan environment hybrid networks are expected to operate in.

Organizations are making substantial investments in information security to reduce the risk presented by vulnerabilities in their information technology (IT) infrastructure. However, each security technology only addresses specific vulnerabilities and potentially creates additional vulnerabilities. The objective of this research is to present and evaluate a Genetic Algorithm (GA)-  based approach enabling organizations to choose the minimal-cost security profile providing the maximal vulnerability coverage. This approach is compared to an enumerative approach for a given test set. The GA-based approach provides favorable results, eventually leading to improved tools for supporting information security investment decisions.

Business-to-business (B2B) exchanges are expected to bring about lower prices for buyers through reverse auctions.  Analysis of such settings for seller pricing behavior often points to mixed-strategy equilibria. In real life, it is plausible that managers learn this complex ideal behavior over time. We modeled the two-seller game in a synthetic environment, where two agents use a reinforcement learning (RL) algorithm to change their pricing strategy over time. We find that the agents do indeed converge towards the theoretical Nash equilibrium. The results are promising enough to consider the use of artificial learning mechanisms in electronic marketplace transactions.

Multi-domain application environments where distributed domains interoperate with each other are becoming a reality in internet-based and web-services based enterprise applications. The secure interoperation in a multidomain environment is a challenging problem. In this paper, we propose a distributed secure interoperability protocol that ensures secure interoperation of the multiple collaborating do mains without compromisingthesecurityof collaborating domains. We introduce the idea of access paths and access paths constraints. Furthermore, we device a path discovery algorithm that is capable of querying interoperating domains for the set of secure access paths between different domains.

In the context of Network management, Chomicki, Lobo and Naqvi have defined the specification language Policy Description Language (PDL) and later extended it by in-  troducing monitors: constraints on the actions that the net-  work manager can execute simultaneously. This article pro-  poses PPDL, an extension of PDL with Preferences, that allows the specification of user-defined preferences on how to apply monitors. The new language adopts Brewka

In this poster, we will illustrate an integrated approach to Web filtering, whose main features are flexible filtering policies taking into account both users

In this paper, we present P-Hera, a peer-to-peer (P2P)  infrastructure for scalable and secure content hosting. P-  Hera allows the users and content owners to dynamically establish trust using fine-grained access control. In P-Hera,  resource owners can specify fine-grained restrictions on who can access their resources and which user can access which part of data. We differentiate our work with tradi-  tional works of fine-grained access control on Web services,  as our system in addition to handling access constrains of the service provider (which is the case in Web services),  it also handles security constrains regarding actions per-  formed on data: replication and modification. We believe this is of immense significance for wide-range of applica-  tions such as data Grids, Information Grids and Web Con-  tent Delivery Networks. In addition to presenting the over-  all system architecture, we also study the problem of eval-  uating these fine-grained access policies in depth and pro-  pose a novel means of organizing these policies that can re-  sult in faster evaluation. We demonstrate the effectiveness of our approach using prototype implementation.

s are used. Privacy Preserving Data Mining (PPDM) algorithms have been recently introduced with the aim of mod-  ifying the database in such a way to prevent the discovery of sensible information. Due to the large amount of possible techniques that can be used to achieve this goal, it is necessary to provide some standard evalu-  ation metrics to determine the best algorithms for a specific application or context. Currently, however, there is no common set of parameters that can be used for this purpose. This paper explores the problem of PPDM algorithm evaluation, starting from the key goal of preserving of data quality. To achieve such goal, we propose a formal definition of data quality specifically tailored for use in the context of PPDM algorithms, a set of evaluation parameters and an evaluation algorithm. The resulting evaluation core process is then presented as a part of a more general three step evaluation framework, taking also into account other aspects of the algorithm evaluation such as efficiency, scalability and level of privacy.

Web-based third-party architectures for data publishing are today receiving growing attention, due to their scalability and the abil-  ity to efficiently manage large numbers of users and great amounts of data. A third-party architecture relies on a distinction between the Owner and the Publisher of information. The Owner is the producer of information, whereas Publisher provides data manage-  ment services and query processing functions for (a portion of) the Owner

To support privacy-preserving video sharing, we have pro-  posed a novel framework that is able to protect the video content privacy at the individual video clip level and pre-  vent statistical inferences from video collections. To protect the video content privacy at the individual video clip level,  we have developed an effective algorithm to automatically detect privacy-sensitive video ob jects and video events. To prevent the statistical inferences from video collections, we have developed a distributed framework for privacy-preserving classifier training, which is able to significantly reduce the costs of data transmission and reliably limit the privacy breaches by determining the optimal size of blurred test samples for classifier validation. Our experiments on a spe-  cific domain of patient training and counseling videos show convincing results

The internet and related technologies have made multido-  main collaborations a reality. Collaboration enables do-  mains to effectively share resources; however it introduces several security and privacy challenges. Managing security in the absence of a central mediator is even more challenging.  In this paper, we propose a distributed secure interoperabil-  ity framework for mediator-free collaboration environments.  We introduce the idea of secure access paths which enables domains to make localized access control decisions without having global view of the collaboration. We also present a path authentication technique for proving path authenticity.  Furthermore, we present both a proactive and on-demand path discovery algorithms that enable domains to securely discover paths in the collaboration environment.