Proceedings of the IFIP TC 11 23rd International Information Security Conference IFIP 20th World Computer Congress, IFIP SEC'08, September 7-10, 2008, Milano, Italy

These proceedings contain the papers selected for presentation at the 23rd Inter- tional Information Security Conference (SEC 2008), co-located with IFIP World Computer Congress (WCC 2008), September 8–10, 2008 in Milan, Italy. In - sponse to the call for papers, 143 papers were submitted to the conference. All - pers were evaluated on the basis of their signi?cance, novelty,and technical quality, and reviewed by at least three members of the program committee. Reviewing was blind meaning that the authors were not told which committee members reviewed which papers. The program committee meeting was held electronically, holding - tensive discussion over a period of three weeks. Of the papers submitted, 42 full papers and 11 short papers were selected for presentation at the conference. A conference like this just does not happen; it depends on the volunteer efforts of a host of individuals. There is a long list of people who volunteered their time and energy to put together the conference and who deserve acknowledgment. We thank all members of the program committee and the external reviewers for their hard work in the paper evaluation. Due to the large number of submissions, p- gram committee members were required to complete their reviews in a short time frame. We are especially thankful to them for the commitment they showed with their active participation in the electronic discussion.

Hiding in Groups: On the Expressiveness of Privacy Distributions.- Practical Privacy-Preserving Benchmarking.- Enhancing Privacy in Remote Data Classification.- Minimizing SSO Effort in Verifying SSL Anti-phishing Indicators.- Robbing Banks with Their Own Software—an Exploit Against Norwegian Online Banks.- Collaborative architecture for malware detection and analysis.- Realizing Stateful Public Key Encryption in Wireless Sensor Network.- Establishing secure links in low-rate wireless personal area networks.- An Asynchronous Node Replication Attack in Wireless Sensor Networks.- A B Formal Framework for Security Developments in the Domain of Smart Card Applications.- An Implementation of a Privacy Enforcement Scheme based on the Java Security Framework using XACML Policies.- Negotiation of Prohibition: An Approach Based on Policy Rewriting.- An Integrity Lock Architecture for Supporting Distributed Authorizations in Database Federations.- Role Signatures for Access Control in Open Distributed Systems.- Policies and Security Aspects For Distributed Scientific Laboratories.- A Fuzzy Model for the Composition of Intrusion Detectors.- Investigating the problem of IDS false alarms: An experimental study using Snort.- User Session Modeling for Effective Application Intrusion Detection.- A Product Machine Model for Anomaly Detection of Interposition Attacks on Cyber-Physical Systems.- Anomaly Detection with Diagnosis in Diversified Systems using Information Flow Graphs.- Behavioral Intrusion Detection Indicators.- Leveraging Lattices to Improve Role Mining.- A Parallelization Framework for Exact Knowledge Hiding in Transactional Databases.- Efficient Coalition Detection in Traitor Tracing.- SPIT Identification Criteria Implementation: Effectiveness and Lessons Learned.-Detecting More SIP Attacks on VoIP Services by Combining Rule Matching and State Transition Models.- A Decentralized Bayesian Attack Detection Algorithm for Network Security.- An Operation-Based Metric for CPA Resistance.- YASIR: A Low-Latency, High-Integrity Security Retrofit for Legacy SCADA Systems.- Adversary Modeling and Simulation in Cyber Warfare.- Interactive Selection of ISO 27001 Controls under Multiple Objectives.- Feasibility of Automated Information Security Compliance Auditing.- Software Licence Protection and Management for Organisations.- A Vulnerability Prioritization System Using A Fuzzy Risk Analysis Approach.- ASTRA : A Security Analysis Method Based on Asset Tracking.- A Knowledge-Based Bayesian Model for Analyzing a System after an Insider Attack.- Portable User-Centric Identity Management.- Ubiquitous Privacy-Preserving Identity Managment.- Facilitating Privacy Related Decisions in Different Privacy Contexts on the Internet by Evaluating Trust in Recipients of Private Data.- Using Virtualization to Create and Deploy Computer Security Lab Exercises.- DigForNet: Digital Forensic in Networking.- A Live Digital Forensic system for Windows networks.- HoneyID : Unveiling Hidden Spywares by Generating Bogus Events.- A Security Protocol for Self-Organizing Data Storage.- Protecting Financial Institutions from Brute-Force Attacks.- Agency Theory: Can it be Used to Strengthen IT Governance?.- A new Accounting Mechanism for Modern and Future AAA Services.- A user survey on the sense of security, Anshin.- Multi-Layer Encryption for Multi-Level Access Control in Wireless Sensor Networks.- A Comparative Study of Anomaly Detection Techniques in Web Site Defacement Detection.- Managing the lifecycle of XACML delegation policies in federated environments.- Assessing the Likelihood of Privacy Policy Compliance.- Classification features for detecting Server-side and Client-side Web attacks.