Integrity and Internal Control in Information Systems VI IFIP TC11 / WG11.5 Sixth Working Conference on Integrity and Internal Control in Information Systems (IICIS) 13–14 November 2003, Lausanne, Switzerland

The development and integration of integrity and internal control mechanisms into information system infrastructures is a challenge for researchers, IT personnel and auditors. Since its beginning in 1997, the IICIS international working conference has focused on the following questions: what precisely do business managers need in order to have confidence in the integrity of their information systems and their data and what are the challenges IT industry is facing in ensuring this integrity; what are the status and directions of research and development in the area of integrity and internal control; where are the gaps between business needs on the one hand and research / development on the other; what needs to be done to bridge these gaps. This sixth volume of IICIS papers, like the previous ones, contains interesting and valuable contributions to finding the answers to the above questions. We want to recommend this book to security specialists, IT auditors and researchers who want to learn more about the business concerns related to integrity. Those same security specialists, IT auditors and researchers will also value this book for the papers presenting research into new techniques and methods for obtaining the desired level of integrity.

Preface. Acknowledgements. Part one: Refereed papers. 1. Remote Integrity Checking; Y. Deswarte, J.-J. Quisquater, A. Saïdane. 2. Automated Checking of SAP Security Permissions; S. Hoehn, J. Jurjens. 3. A Formal Analysis of Digital Signature Architecture; D. Basin, K. Miyazaki, K. Takaragi. 4. Using Parameterized UML to Specify and Compose Access Control Models; I. Ray, Na Li, Dae-Kyoo Kim, R. France. 5. Enforcing Integrity in Multimedia Surveillance; N.B. Kodali, C. Farkas, D. Wijesekera. 6. A Learning-based Approach to Information Release Control; C. Bettini, X.S. Wang, S. Jajodia. 7. Information Security Governance using ISO 17799 and COBIT; E. Pretorius, B. von Solms. 8. Tracing Attacks and Restoring Integrity with LASCAR; A. Aellig, P. Oechslin. 9. A Secure Multi-sited Version Control System; I. Ray, Junxing Zhang. 10. Integration of Integrity Constraints in Database Federations; H. Balsters, B. de Brock. 11. Reducing Disruption in Time-Tabled Condition Monitorin; Binling Jin, S.M. Embury. 12. A Service Oriented System Based Information Flow Model for Damage Assessment; Yanjun Zuo, B. Panda. 13. An Efficient OODB Model for Ensuring the Integrity of User-defined Constraints; B. Zaqaibeh, H. Ibrahim, A. Mamat, Md. Nasir Sulaiman. Part two: Invited papers. 14. From Security Culture to Effective E-security Solutions; S. Ghernaouti-Hélie. 15. Consistent Query Answering: Recent Developments and Future Directions; J. Chomicki. 16. Role of Certification in Meeting OrganisationSecurity Requirements; W. List. Part three: Panel session. 17. Grand Challenges in Data Integrity and Quality; B. Thuraisingham. Index of contributors. Index of keywords.

Dr. Sushil Jajodia is Professor and Chairman of the Dept. of Information and Software Engineering, and Director of the Center for Secure Information Systems at the George Mason University, Fairfax, Virginia, USA