Bøger af Elisa Bertino

This book explores machine learning (ML) defenses against the many cyberattacks that make our workplaces, schools, private residences, and critical infrastructures vulnerable as a consequence of the dramatic increase in botnets, data ransom, system and network denials of service, sabotage, and data theft attacks. The use of ML techniques for security tasks has been steadily increasing in research and also in practice over the last 10 years. Covering efforts to devise more effective defenses, the book explores security solutions that leverage machine learning (ML) techniques that have recently grown in feasibility thanks to significant advances in ML combined with big data collection and analysis capabilities. Since the use of ML entails understanding which techniques can be best used for specific tasks to ensure comprehensive security, the book provides an overview of the current state of the art of ML techniques for security and a detailed taxonomy of security tasks and corresponding ML techniques that can be used for each task. It also covers challenges for the use of ML for security tasks and outlines research directions. While many recent papers have proposed approaches for specific tasks, such as software security analysis and anomaly detection, these approaches differ in many aspects, such as with respect to the types of features in the model and the dataset used for training the models. In a way that no other available work does, this book provides readers with a comprehensive view of the complex area of ML for security, explains its challenges, and highlights areas for future research. This book is relevant to graduate students in computer science and engineering as well as information systems studies, and will also be useful to researchers and practitioners who work in the area of ML techniques for security tasks.

As data represent a key asset for today's organizations, the problem of how to protect this data from theft and misuse is at the forefront of these organizations' minds. Even though today several data security techniques are available to protect data and computing infrastructures, many such techniques -- such as firewalls and network security tools -- are unable to protect data from attacks posed by those working on an organization's "e;inside."e; These "e;insiders"e; usually have authorized access to relevant information systems, making it extremely challenging to block the misuse of information while still allowing them to do their jobs. This book discusses several techniques that can provide effective protection against attacks posed by people working on the inside of an organization. Chapter One introduces the notion of insider threat and reports some data about data breaches due to insider threats. Chapter Two covers authentication and access control techniques, and Chapter Three shows how these general security techniques can be extended and used in the context of protection from insider threats. Chapter Four addresses anomaly detection techniques that are used to determine anomalies in data accesses by insiders. These anomalies are often indicative of potential insider data attacks and therefore play an important role in protection from these attacks. Security information and event management (SIEM) tools and fine-grained auditing are discussed in Chapter Five. These tools aim at collecting, analyzing, and correlating -- in real-time -- any information and event that may be relevant for the security of an organization. As such, they can be a key element in finding a solution to such undesirable insider threats. Chapter Six goes on to provide a survey of techniques for separation-of-duty (SoD). SoD is an important principle that, when implemented in systems and tools, can strengthen data protection from malicious insiders. However, to date, very few approaches have been proposed for implementing SoD in systems. In Chapter Seven, a short survey of a commercial product is presented, which provides different techniques for protection from malicious users with system privileges -- such as a DBA in database management systems. Finally, in Chapter Eight, the book concludes with a few remarks and additional research directions. Table of Contents: Introduction / Authentication / Access Control / Anomaly Detection / Security Information and Event Management and Auditing / Separation of Duty / Case Study: Oracle Database Vault / Conclusion

This book deals with Private Information Retrieval (PIR), a technique allowing a user to retrieve an element from a server in possession of a database without revealing to the server which element is retrieved. PIR has been widely applied to protect the privacy of the user in querying a service provider on the Internet. For example, by PIR, one can query a location-based service provider about the nearest car park without revealing his location to the server. The first PIR approach was introduced by Chor, Goldreich, Kushilevitz and Sudan in 1995 in a multi-server setting, where the user retrieves information from multiple database servers, each of which has a copy of the same database. To ensure user privacy in the multi-server setting, the servers must be trusted not to collude. In 1997, Kushilevitz and Ostrovsky constructed the first single-database PIR. Since then, many efficient PIR solutions have been discovered. Beginning with a thorough survey of single-database PIR techniques, this text focuses on the latest technologies and applications in the field of PIR. The main categories are illustrated with recently proposed PIR-based solutions by the authors. Because of the latest treatment of the topic, this text will be highly beneficial to researchers and industry professionals in information security and privacy.

As a fast-evolving new area, RFID security and privacy has quickly grown from a hungry infant to an energetic teenager during recent years. Much of the exciting development in this area is summarized in this book with rigorous analyses and insightful comments. In particular, a systematic overview on RFID security and privacy is provided at both the physical and network level. At the physical level, RFID security means that RFID devices should be identified with assurance in the presence of attacks, while RFID privacy requires that RFID devices should be identified without disclosure of any valuable information about the devices. At the network level, RFID security means that RFID information should be shared with authorized parties only, while RFID privacy further requires that RFID information should be shared without disclosure of valuable RFID information to any honest-but-curious server which coordinates information sharing. Not only does this book summarize the past, but it also provides new research results, especially at the network level. Several future directions are envisioned to be promising for advancing the research in this area.

Distributed and Parallel Database Object Management brings together in one place important contributions and state-of-the-art research results in this rapidly advancing area of computer science. Distributed and Parallel Database Object Management serves as an excellent reference, providing insights into some of the most important issues in the field.

The Eighth International Conference on Extending Database Technology, EDBT 2002, was held in Prague, Czech Republic, March 25-27, 2002. It marks the 50th anniversary of Charles University's Faculty of Mathematics and Physics and is the most recent in a series of conferences dedicated to the dissemination and exchange of the latest advances in data management. Previous conferences occurred in Konstanz, Valencia, Avignon, Cambridge, Vienna, and Venice. The topical theme of this year's conference is Data Management in the New Millennium, which encourages the community to see beyond the management of massive databases by conventional database management systems and to extend database technology to support new services and application areas. The intention is to spur greater interest in more integrated solutions to user problems, which often implies the consideration of data management issues in entire information systems infrastructures. There is data (almost) everywhere, and data access is needed (almost) always and everywhere. New technologies, services, and app- cations that involve the broader notion of data management are emerging more rapidly than ever, and the database community has much to o?er. The call for papers attracted numerous submissions, including 207 research papers, which is a new record for EDBT. The program committee selected 36 research papers, 6 industrial and applications papers, 13 software demos, and 6 tutorials for presentation at the conference. In addition, the conference program includes three keynote speeches, by Jari Ahola, Ian Horrocks, and Hans-J*org Schek, and a panel.

The LNCS Journal on Data Semantics is devoted to the presentation of notable work that, in one way or another, addresses research and development on issues related to data semantics. Based on the highly visible publication platform Lecture Notes in Computer Science, this new journal is widely disseminated and available worldwide. The scope of the journal ranges from theories supporting the formal definition of semantic content to innovative domain-specific applications of semantic knowledge. The journal addresses researchers and advanced practitioners working on the semantic web, interoperability, mobile information services, data warehousing, knowledge representation and reasoning, conceptual database modeling, ontologies, and artificial intelligence.

The 9th International Conference on Extending Database Technology, EDBT 2004, was held in Heraklion, Crete, Greece, during March 14-18, 2004. The EDBT series of conferences is an established and prestigious forum for the exchange of the latest research results in data management. Held every two years in an attractive European location, the conference provides unique opp- tunities for database researchers, practitioners, developers, and users to explore new ideas, techniques, and tools, and to exchange experiences. The previous events were held in Venice, Vienna, Cambridge, Avignon, Valencia, Konstanz, and Prague. EDBT 2004 had the theme "new challenges for database technology," with the goal of encouraging researchers to take a greater interest in the current exciting technological and application advancements and to devise and address new research and development directions for database technology. From its early days, database technology has been challenged and advanced by new uses and applications, and it continues to evolve along with application requirements and hardware advances. Today's DBMS technology faces yet several new challenges. Technological trends and new computation paradigms, and applications such as pervasive and ubiquitous computing, grid computing, bioinformatics, trust management, virtual communities, and digital asset management, to name just a few, require database technology to be deployed in a variety of environments and for a number of di?erent purposes. Such an extensive deployment will also require trustworthy, resilient database systems, as well as easy-to-manage and ?exible ones, to which we can entrust our data in whatever form they are.

Elisa Bertino and her coauthors provide a comprehensive guide to security for Web services and SOA. They cover all standards addressing Web service security, as well as recent research on access control and advanced digital identity management techniques.

From these foundations, applications are developed in the fields of private information retrieval, private searching on streaming data, privacy-preserving data mining, electronic voting and cloud computing. This volume achieves a balance between the theoretical and the practical components of modern information security.

Digital identity can be defined as the digital representation of the information known about a specific individual or organization. This resource offers an in-depth understanding of how to design, deploy and assess identity management solutions. It also provides a comprehensive overview of the trends and future directions in identity management.