Security and Protection in Information Processing Systems IFIP 18th World Computer Congress TC11 19th International Information Security Conference 22–27 August 2004 Toulouse, France

Security is probably the most critical factor for the development of the "Information Society". E-government, e-commerce, e-healthcare and all other e-activities present challenging security requirements that cannot be satisfied with current technology, except maybe if the citizens accept to waive their privacy, which is unacceptable ethically and socially. New progress is needed in security and privacy-preserving technologies. On these foundations, the IFIP/SEC conference has been established from the eighties as one of the most important forums for presenting new scientific research results as well as best professional practice to improve the security of information systems. This balance between future technology improvements and day-to-day security management has contributed to better understanding between researchers, solution providers and practitioners, making this forum lively and fruitful.

Security and Protection in Information Processing Systems contains the papers selected for presentation at the 19th IFIP International Conference on Information Security (SEC2004), which was held in August 2004 as a co-located conference of the 18th IFIP World Computer Congress in Toulouse, France. The conference was sponsored by the International Federation for Information Processing (IFIP).This volume is essential reading for scholars, researchers, and practitioners interested in keeping pace with the ever-growing field of information security.

An Abstract Reduction Model for Computer Security Risk.- Remediation Graphs for Security Patch Management.- Security Modelling for Risk Analysis.- Contrasting Malicious Applets by Modifying the Java Virtual Machine.- Analyzing Network Management Effects with Spin and cTLA.- Formal Reasoning of Various Categories of Widely Exploited Security Vulnerabilities Using Pointer Taintedness Semantics.- Meeting the Global Challenges of Security Incident Response.- Security in Globally Distributed Industrial Information Systems.- A Case for Information Ownership in ERP Systems.- Interactive Access Control for Web Services.- Identity-Based Key Infrastructures (IKI).- Modint: A Compact Modular Arithmetic Java Class Library for Cellular Phones, and its Application to Secure Electronic Voting.- Dependable Security by Twisted Secret Sharing.- A Language Driven Intrusion Detection System for Event and Alert Correlation.- Install-Time Vaccination of Windows Executables to Defend Against Stack Smashing Attacks.- Eigenconnections to Intrusion Detection.- Visualising Intrusions: Watching the Webserver.- A Long-Term Trial of Keystroke Profiling Using Digraph, Trigraph and Keyword Latencies.- Trusted Computing, Trusted Third Parties, and Verified Communications.- Maille Authentication.- Supporting end-to-end Security Across Proxies with Multiple-Channel SSL.- A Content-Protection Scheme for Multi-Layered Reselling Structures.- An Asymmetric Cryptography Secure Channel Protocol for Smart Cards.- IPsec Clustering.- Improving Secure Device Insertion in Home Ad Hoc Networks.- Spam Filter Analysis.- Collective Signature for Efficient Authentication of XML Documents.- Updating Encrypted XML Documents on Untrusted Machines.- Efficient Simultaneous Contract Signing.- DHCP Authentication Using Certificates.- Recursive Sandboxes: Extending Systrace to Empower Applications.- Fast Digital Certificate Revocation.- Masks: Managing Anonymity while Sharing Knowledge to Servers.- Security and Differentiated Hotspot Services Through Policy-based Management Architecture.- Key Management for Secure Multicast in Hybrid Satellite Networks.