Data and Applications Security XXI

This volume contains the papers presented at the 21st Annual IFIP WG 11.3 Conference on Data and Applications Security (DBSEC) held July 811 in - dondo Beach, California, USA. The purpose of the DBSEC conference is to disseminate original research results and experience reports in data and app- cations security. In response to the call for papers, 44 submissions were received. Following a rigorousreviewingprocess,18high-qualitypaperswereacceptedforpresentation and publication. In addition, two short papers were selected for poster pres- tation. The conference program also included one invited talk and one panel discussion. We believe that the program includes a balanced mix of practical experiences and theoretical results that consolidate existing work and suggest emerging areas of interest for researchers in data and applications security. The continued success of the DBSEC conference is due to the e?orts of many individuals. We would like to thank all of the researchers that submitted - pers to DBSEC for consideration, and the Program Committee members and additional reviewers for making the review process fair and thorough, and for providing valuable suggestions on each submission. We are also indebted to the invited speakers and panelists for their contributions to the success of the c- ference.

Klappentext

This book constitutes the refereed proceedings of the 21st Annual Working Conference on Data and Applications Security held in Redondo Beach, CA, USA in July 2007.

The 18 revised full papers and 2 revised short papers presented were carefully reviewed and selected from 44 submissions. The papers are organized in topical sections on secure query evaluation, location-based security/mobile security, distributed security issues, cryptographic-based security, temporal access control and usage control, as well as system security issues.

Inhalt
Secure Query Evaluation.- Confidentiality Policies for Controlled Query Evaluation.- Provably-Secure Schemes for Basic Query Support in Outsourced Databases.- Authenticated Relational Tables and Authenticated Skip Lists.- Location-Based Security/Mobile Security.- Location Privacy Protection Through Obfuscation-Based Techniques.- Efficient Security Policy Enforcement in a Location Based Service Environment.- Reliable Delivery of Event Data from Sensors to Actuators in Pervasive Computing Environments.- Short Papers.- Privacy-Preserving Schema Matching Using Mutual Information.- The Interval Revocation Scheme for Broadcasting Messages to Stateless Receivers.- Distributed Security Issues.- Measuring the Overall Security of Network Configurations Using Attack Graphs.- Enforcing Honesty in Assured Information Sharing Within a Distributed System.- A Privacy-Enhanced Attribute-Based Access Control System.- Cryptographic-Based Security.- A Scalable and Secure Cryptographic Service.- gVault: A Gmail Based Cryptographic Network File System.- Design and Analysis of Querying Encrypted Data in Relational Databases.- Temporal Access Control and Usage Control.- Dynamic Event-Based Access Control as Term Rewriting.- A Spatio-temporal Role-Based Access Control Model.- Towards a Times-Based Usage Control Model.- System Security Issues.- New Paradigm of Inference Control with Trusted Computing.- Security Patterns for Physical Access Control Systems.- XACML Policies for Exclusive Resource Usage.