Security and Privacy - Silver Linings in the Cloud 25th IFIP TC 11 International Information Security Conference, SEC 2010, Held as Part of WCC 2010, Brisbane, Australia, September 20-23, 2010, Proceedings

These proceedings contain the papers of IFIP/SEC 2010. It was a special honour and privilege to chair the Program Committee and prepare the proceedings for this conf- ence, which is the 25th in a series of well-established international conferences on security and privacy organized annually by Technical Committee 11 (TC-11) of IFIP. Moreover, in 2010 it is part of the IFIP World Computer Congress 2010 celebrating both the Golden Jubilee of IFIP (founded in 1960) and the Silver Jubilee of the SEC conference in the exciting city of Brisbane, Australia, during September 20–23. The call for papers went out with the challenging motto of “Security & Privacy Silver Linings in the Cloud” building a bridge between the long standing issues of security and privacy and the most recent developments in information and commu- cation technology. It attracted 102 submissions. All of them were evaluated on the basis of their significance, novelty, and technical quality by at least five member of the Program Committee. The Program Committee meeting was held electronically over a period of a week. Of the papers submitted, 25 were selected for presentation at the conference; the acceptance rate was therefore as low as 24. 5% making SEC 2010 a highly competitive forum. One of those 25 submissions could unfortunately not be included in the proceedings, as none of its authors registered in time to present the paper at the conference.

Kristian Beckman Award Awardee Keynote.- The 5 Waves of Information Security – From Kristian Beckman to the Present.- Security Management.- A Business Continuity Management Simulator.- Mining Business-Relevant RBAC States through Decomposition.- Group Dynamics in a Security Risk Management Team Context: A Teaching Case Study.- Security Management & Governance.- Using Actor Network Theory to Understand Information Security Management.- Information Security Governance: When Compliance Becomes More Important than Security.- Network Security & Authentication.- Understanding Domain Registration Abuses.- Who on Earth Is “Mr. Cypher”: Automated Friend Injection Attacks on Social Networking Sites.- Authentic Refinement of Semantically Enhanced Policies in Pervasive Systems.- Qualified Mobile Server Signature.- Intrusion Detection, Trust Management, and Models.- Fraud Detection in ERP Systems Using Scenario Matching.- Use of IP Addresses for High Rate Flooding Attack Detection.- Augmenting Reputation-Based Trust Metrics with Rumor-Like Dissemination of Reputation Information.- Ex-SDF: An Extended Service Dependency Framework for Intrusion Impact Assessment.- Software Security and Assurance.- A Dynamic and Ubiquitous Smart Card Security Assurance and Validation Mechanism.- On-the-fly Inlining of Dynamic Security Monitors.- A Metric-Based Scheme for Evaluating Tamper Resistant Software Systems.- Evaluation of the Offensive Approach in Information Security Education.- Panel.- Research Methodologies in Information Security Research: The Road Ahead.- Access Control and Privacy.- Purpose-Based Access Control Policies and Conflicting Analysis.- Delegation in Predicate Encryption Supporting Disjunctive Queries.- Tagging Disclosures of Personal Data to Third Parties to Preserve Privacy.- k-Shares: A Privacy Preserving Reputation Protocol for Decentralized Environments.- Privacy.- Towards Fair Indictment for Data Collection with Self-Enforcing Privacy.- How to Enhance Privacy and Identity Management for Mobile Communities: Approach and User Driven Concepts of the PICOS Project.- Performance Analysis of Accumulator-Based Revocation Mechanisms.- IFIP Technical Committee 11 Security and Privacy Protection in Information Processing Systems.