THE ISC INTERNATIONAL JOURNAL OF INFORMATION SECURITY
Year:2013 | Volume:5 | Issue:2 |Papers Count:7

On behalf of the ISeCure editorial board, I am pleased to welcome you to the second issue of the fifthvolume of the journal. In this issue, we publish six papers, as well as a single page per paper incorporatingthe translation of the title and abstract in Persian, to be used by Persian indexing centers...

Access control in open and dynamic Pervasive Computing Environments (PCEs)is a very complex mechanism and encompasses various new requirements. Infact, in such environments, context information should be used in access controldecision process; however, it is not applicable to gather all context informationcompletely and accurately all the time. Thus, a suitable access control modelfor PCEs not only should be context-aware, but also must be able to dealwith imperfect context information. In addition, due to the diversity andheterogeneity of resources and users and their security requirements in PCEs, supporting exception and default policies is a necessary requirement. In thispaper, we propose a Semantic-Aware Role-Based Access Control (SARBAC)model satisfying the aforementioned requirements using MKNF+. The maincontribution of our work is de ning an ontology for context information alongwith using MKNF+ rules to de ne context-aware role activation and permissionassignment policies. Dividing role activation and permission assignment policiesinto three layers and using abstract and concrete predicates not only makesecurity policy speci cation more exible and manageable, but also makede nition of exception and default polices possible. The expressive power of theproposed model is demonstrated through a case study in this paper.

The spread of rumors, which are known as unverified statements of uncertainorigin, may threaten the society and its controlling, is important for nationalsecurity councils of countries. If it would be possible to identify factors affectingspreading a rumor (such as agents’ desires, trust network, etc. ) then, this couldbe used to slow down or stop its spreading. Therefore, a computational modelthat includes rumor features, and the way rumor is spread among society’ smembers, based on their desires, is needed. Our research is focused on therelation between the homogeneity of the society and rumor convergence in it. Our result shows that the homogeneity of the society is a necessary condition forconvergence of the spread rumor.

Nowadays, the growth of virtual environments such as virtual organizations, social networks, and ubiquitous computing, have led to the adoption of trustconcept. One of the methods of making trust in such environments is to usea long-term relationship with a trusted partner. The main problem of thiskind of trust, which is based on personal experiences, is its limited domain. Moreover, both parties of such trust relationship will face big problems ofcollecting data and forming reasonable and reliable beliefs. Considering theconcept of \group" in modeling trust is a way to overcome the above mentionedproblems. Since, group-based trust is more suited with the nature of trust innew virtual environments. In this paper, a new trust model called \GTrust" isproposed in which trust is considered as a collective and shared feature of allgroup members. Therefore, group membership is used as the judgment criteriaregarding a person's expected behavior and how he can be a trustee. GTrustis based on Metagraphs which are graphical data structures for representinga collection of directed set-to-set mappings. We show that by using GTrust, large trust spaces between unknown individuals can be shaped e ectively. Theproposed model not only o ers a better description of human sense of trustwhen considering communities, but also provides the setting for evaluating thetrust of individuals whom we do not know, and therefore provides an extendedevaluation domain.

In Social networks, users need a proper estimation of trust in others to beable to initialize reliable relationships. Some trust evaluation mechanisms havebeen o ered, which use direct ratings to calculate or propagate trust values. However, in some web-based social networks where users only have binaryrelationships, there is no direct rating available. Therefore, a new method isrequired to infer trust values in these networks. To bridge this gap, this paperaims to propose a new method which takes advantage of user similarity topredict trust values without any need for direct ratings. In this approach, which is based on socio-psychological studies, user similarity is calculatedfrom the pro le information and the texts shared by the users via text-miningtechniques. Applying Ziegler ratios to our approach revealed that users aremore than 50% more similar to their trusted agents than to arbitrary peers, which proves the validity of the original idea of the study about inferring trustfrom language similarity. In addition, comparing the real assigned ratings, gathered directly from users, with the experimental results indicated that thepredicted trust values are su ciently acceptable (with a precision of 61%). Wehave also studied the bene ts of using context in inferring trust. In this regard, the analysis revealed that the precision of the predictions can be improved upto 72%. Besides the application of this approach in web-based social networks, the proposed technique can also be of much help in any direct rating mechanismto evaluate the correctness of trust values assigned by users, and increases therobustness of trust and reputation mechanisms against possible security threats.

A convertible limited (multi-) veri er signature (CL(M)VS) provides controlledveri ability and preserves the privacy of the signer. Furthermore, limitedveri er(s) can designate the signature to a third party or convert it into apublicly veri able signature upon necessity. In this proposal, we  rst presenta generic construction of convertible limited veri er signature (CLVS) intowhich the existing secure CLVS schemes  t. Afterwards, we extend thisgeneric construction to address the unsolved question of designing an e cientconstruction with more than two limited veri ers. To this e ect, two genericCLMVS constructions are presented, which are proven to be e cient in thatthey generate a unique signature for more than two limited veri ers. Giventhe  rst generic construction, each limited veri er checks the validity of thesignature solely, while in the second, cooperation of all limited veri ers isimperative. Thereupon, on the ground of our second generic construction, wepresent the  rst pairing-based CLMVS scheme secure in the standard model, which is of a strong con rmation property as well. Finally, we employ theproposed CLMVS scheme for one limited veri er (CLVS) so as to design a newelectronic voting protocol.

Arti cial Immune Systems (AIS) have long been used in the  eld of computersecurity and especially in Intrusion Detection systems. Intrusion detectionbased on AISs falls into two main categories. The  rst generation of AIS isinspired from adaptive immune reactions but, the second one which is calleddanger theory focuses on both adaptive and innate reactions to build a morebiologically-realistic model of Human Immune System. Two algorithms namedTLR and DCA are proposed in danger theory  eld that both of them aretrying to identify the antigens based on a simple identi er. Both of them su erfrom low accuracy and detection rate due to the fact that they are not takingthe structure of antigens into account. In this paper, we propose an algorithmcalled STLR (structural TLR), which is an extended form of TLR algorithm. STLR tries to model the interaction of adaptive and innate biological immunesystems and at the same time considers the structure of the antigens. Theexperimental results show that using the structural aspects of an antigen, STLR can lead to a great increase in the detection rate and accuracy.