We propose Oblivious Attribute Certificates (OACerts), an attribute certificate scheme in which a certificate holder can select which attributes to use and how to use them.  In particular, a user can use attribute values stored in an OACert obliviously, \ie, the user obtains a service if and only if the attribute values satisfy the policy of the service provider, yet the service provider learns nothing about these attribute values.  This way, the service provider’s access control policy is enforced in an oblivious fashion.

To enable the oblivious access control using OACerts, we propose a new cryptographic primitive called Oblivious Commitment-Based Envelope (OCBE).  In an OCBE scheme, Bob has an attribute value committed to Alice and Alice runs a protocol with Bob to send an envelope (encrypted message) to Bob such that: (1) Bob can open the envelope if and only if his committed attribute value satisfies a predicate chosen by Alice, (2) Alice learns nothing about Bob’s attribute value. We develop provably secure and efficient OCBE protocols for the Pedersen commitment scheme and predicates such as $=,\ge,\le,>,<,\ne$ as well as logical combinations of them.

The large availability of repositories storing various types of information about individuals has raised serious privacy concerns over the last ten years. Yet database technology is far from providing adequate solutions to this problem that requires a delicate balance between individual

This research endeavor explores five biometric technologies and their potential usage in the tourism and hospitality industry.  This paper begins with a review of viable biometric technologies and continues with a discussion of their potential applications to tourism and hospitality businesses.  Various tourism and hospitality scenarios in which biometrics can be used are explored.  The article concludes with a discussion on the need for additional research on consumer perceptions to assist in answering questions regarding the social and business impact of biometric technologies in tourism and hospitality.

In the past, there have been several denial-of-service (DOS) attacks which exhaust some shared resource (e.g., physical memory, process table, file descriptors, TCP connections) of the targeted machine. Though these attacks have been addressed, it is important to continue to identify and address new attacks because DOS is one of most prominent methods used to cause significant financial loss. A recent paper shows how to prevent attacks that exploit the sharing of pipeline resources (e.g., shared trace cache) in SMT to degrade the performance of normal threads. In this paper, we show that power density can be exploited in SMT to launch a novel DOS attack, called heat stroke. Heat stroke repeatedly accesses a shared resource to create a hot spot at the resource. Current solutions to hot spots inevitably involve slowing down the pipeline to let the hot spot cool down. Consequently, heat stroke slows down the entire SMT pipeline and severely degrades normal threads. We present a solution to heat stroke by identifying the thread that causes the hot spot and selectively slowing down the malicious thread while minimally affecting normal threads.

Securing data is becoming a crucial need for most internet-based applications. Whereas the problem of data confidentiality has been widely investigated, the problem of how to ensure that data, when moving among different parties, are modified only according to the stated policies has been so far not deeply investigated. In this paper, we propose an approach supporting parallel and distributed secure updates to XML documents. The approach, based on the use of a security region-object parallel flow (S-RPF) graph protocol, is particularly suited for all environments requiring cooperative updates to XML documents. It allows different users to simultaneously update different portions of the same document, according to the specified access control policies. Additionally, it supports a decentralized management of update operations in that a subject can exercise its privileges and verify the correctness of the operations performed so far on the document without interacting, in most of the cases, with the document server.

An apparently prevailing myth is that safety is undecidable in Discretionary Access Control (DAC); therefore, one needs to invent new DAC schemes in which safety analysis is decidable.  In this paper, we dispel this myth. We argue that DAC should not be equated with the Harrison-Ruzzo-Ullman scheme, in which safety is undecidable.  We present an efficient (running time cubic in its input size) algorithm for deciding safety in the Graham-Denning DAC scheme, which subsumes the DAC schemes used in the literature on comparing DAC with other access control models. We also refute several claims made in recent work by Solworth and Sloan, in which the authors present a new access control scheme based on labels and relabelling and claim that it can ``implement the full range of DAC models’‘. We present a precise characterization of their access control scheme and show that it does not adequately capture a simple DAC scheme.

The percentage of women in computer science has not improved since the late 1970

A description of some algorithms to detect flesh tones in images.  The focus of the algorithms is on a first responder tool that depends more on speed that comprehensiveness.

Many different demands can be made of intrusion detection systems. An important requirement is that it be effective i.e. that it should detect a substantial percentage of intrusions into the supervised system, while still keeping the false alarm rate at an acceptable level.  This paper aims to demonstrate that, for a reasonable set of assumptions, the false alarm rate is the limiting factor for the performance of an intrusion detection system. This is due to the base-rate fallacy phenomenon, that in order to achieve- a perhaps unattainably low- false alarm rate. A selection of reports of intrusion detection performance are reviewed, and the conclusion is reached that there are indications that at least some types of intrusion detection have far to go before they can attain such low false alarm rates.

This paper proposes a theoretical solution to the problem of Social Engineering (SE)  attacks perpetrated over the phone lines.  As a byproduct real time attack signatures are generated, which can be used in a cyber forensic analysis of such attacks.  Current methods of SE attack detection and prevention rely on policy and personnel training, which fails because the root of the problem, people, are still involved.  The proposed solution relies on computer systems to analyze phone conversations in real time and determine if the caller is deceiving the receiver.  This Social Engineering Defense Architecture (SEDA) is completely theoretical as the technologies employed are only in the proof of concept phase, but they are all proven to be tractable problems.

The iPod is the most popular digital music device. The newest versions of the iPod have become more PDA like then ever before. With this new functionality the iPod has recently found its way into the criminal world. With the continued growth of the digital music device market, the iPod