INTEGRITY AND INTERNAL CONTROL IN INFORMATION SYSTEMS VI

Similar documents
DATABASE AND APPLICATION SECURITY XV

PERSPECTIVES AND POLICIES ON ICT IN SOCIETY

The 11th International Conference on Artificial Intelligence Applications and Innovations (AIAI'15)

THE RISE OF INTERACTIVE GOVERNANCE AND QUASI-MARKETS

Morality Politics in Western Europe

A FRAMEWORK FOR MONETARY STABILITY

Statutes and Rules of Procedure

Handbook of the. Sociology of the Military

JOSEPH ALOIS SCHUMPETER

CHANGE AND DEVELOPMENT IN THE GULF

ECONOMIC POLICY IN SWITZERLAND

NOTE from : Governing Board of the European Police College Article 36 Committee/COREPER/Council Subject : CEPOL annual work programme for 2002

The World Trade Organization...

Measuring Human Trafficking

Changes in Leisure Time: The Impact on Tourism

ANNOTATED LEADING CASES OF INTERNATIONAL CRIMINAL TRIBUNALS

EEA and Swiss national. Children and their rights to British citizenship

EUROPEAN SOCIETY FOR EXPERIMENTAL MECHANICS (EuraSEM)

Newsletter No. 84 Special Issue December 2008

THE KEYNESIAN REVOLUTION

BULGARIAN SURVEYORS AND F I G

Complaints and appeals procedure

English is not an official language of Switzerland. This translation is provided for information purposes only and has no legal force.

Citation for published version (APA): Ankersmit, F. R. (1981). Narrative logic. A semantic analysis of the historian's language s.n.

CHARTER INTERNATIONALLY UNITED COMMERCIAL AGENTS AND BROKERS (IUCAB)

CVPR Conference Charter

Dilemmas of the Welfare Mix. The New Structure of Welfare in an Era of Privatization

TISPOL PERSPECTIVES TO THE EUROPEAN ROAD SAFETY HOW TO SAVE LIVES AND REDUCE INJURIES ON EUROPEAN ROADS?

ECONOMICS OF INFORMATION

Translating Agency Reform

European Agreement. Volume I. applicable as from 1 January Concerning the International Carriage of Dangerous Goods by Road

European Project Leaders Network Society (EPL) ACTIVITY REPORT Lisbon

UNITED NATIONS CONVENTION ON THE LAW OF THE SEA 1982 A COMMENTARY

MIGRATION POLICIES IN EUROPE AND THE UNITED STATES

Economic and Social Council

ECONOMICS AS A SCIENCE OF HUMAN BEHAVIOUR

Conferences, Symposia and Workshops endorsed by the ISSMGE. Publication and Open Access Policy

Migration in China and Asia

Global and Asian Perspectives on International Migration

Justice in Funding Adaptation under the International Climate Change Regime

2018 CONSTITUTION OF THE EUROPEAN TENNIS FEDERATION

Character of the series

ANNOTATED LEADING CASES OF INTERNATIONAL CRIMINAL TRIBUNALS

1-5 December December 1997 Original: ENGLISH DECISION

Electronic Funds Transfers and Payments: The Public Policy Issues

DRAFT RECOMMENDATION ON THE PROMOTION AND USE OF MULTILINGUALISM AND UNIVERSAL ACCESS TO CYBERSPACE OUTLINE

CONSTITUTION OF THE Mountain Interstate Foreign Language Association (Last amended 10/06/18)

Second Meeting of the Regional Committee of United Nations. Global Geospatial Information Management for Arab States. (UN-GGIM: Arab States)

Foreign Assistance Policy Framework 2010 The future of aid effectiveness in Pakistan

Borders in the Baltic Sea Region

KOF Index of Globalization 2013 Slight Recovery of Economic Globalization

Litigation Strategies in Europe MIP Global IP & Innovation Summit

Section 1 - RPEC Recruitment and Retention Policy. Introduction

Libraries' contribution to social inclusion: Supporting migrants to strengthen their multilingual and ICT skills

Competition Law Newsletter. Settlement with the Competition Authority

PROBLEMATIZING RELIGIOUS FREEDOM

The Political Economy of Globalization

Engineers Without Borders Registered Student Organization Constitution Last Amended 2/8/2016

ISFRI Congress Congress of the International Society of Forensic Radiology and May 14-15, 2012, Zurich, Switzerland....

Passports culture of identity

BEYOND ELECTORAL DEMOCRACY: FOREIGN AID AND THE CHALLENGE OF DEEPENING DEMOCRACY IN BENIN. Mamoudou Gazibo

Where are the Middle Class in OECD Countries? Nathaniel Johnson (CUNY and LIS) David Johnson (University of Michigan)

BYLAWS OF THE UNIVERSITY OF ILLINOIS EXTENSION ILLINOIS GRAND PRAIRIE MASTER NATURALISTS ARTICLE I. NAME ARTICLE II.

M.P.A. Multicultural Psychology Association Constitution (revised November, 1994)

1. CIGR STATUTES. (Effective from 1st January 2017)

The Buddy System. A Distributed Reputation System Based On Social Structure 1

84 th EUROCONSTRUCT Summary Report

Globalization, Export-oriented Employment and Social Policy

COMMUNISTS AND NATIONAL SOCIALISTS

East-West European Economic Interaction

STATUTES CHAPTER I GENERAL

SMART VOTING. Bhuvanapriya.R#1, Rozil banu.s#2, Sivapriya.P#3 Kalaiselvi.V.K.G# /17/$31.00 c 2017 IEEE ABSTRACT:

Planning and Market Relations

Draft Resolution concerning the Establishment of a Steering Group on Representation at Meetings of International Organisations

Council of the European Union Brussels, 24 April 2018 (OR. en)

INTERNATIONAL COUNCIL ON MONUMENTS AND SITES STATUTES ICOMOS (PAKISTAN)

CROSSLINK PUBLISHING CONTRACT

Fact or Fiction? U.S. Government Surveillance in a Post-Snowden World

SOVIET POLmCAL SCIENTISTS AND AMERICAN POLITICS

United Nations Crime and Justice Information Network: Providing Information to and from Developing Countries. A Resource Book

Liaisons Report by the BIML Additional information

Terms of Reference and accreditation requirements for membership in the Network of European National Healthy Cities Networks Phase VI ( )

INTERNATIONAL GOVERNANCE ON ENVIRONMENTAL ISSUES

CORENET GLOBAL CHAPTER: MEMORANDUM OF UNDERSTANDING

STATUTES CHAPTER I GENERAL

Articles of Association

Let the People Rule? Direct Democracy in the Twenty-First Century. Edited by Saskia P. Ruth, Yanina Welp and Laurence Whitehead

REFUGEES, CITIZENSHIP AND SOCIAL POLICY IN EUROPE

International Business and Political Economy

The Belgian Electoral System: Open list system, political parties and individual candidates

The State of Europe (with reference to RUC)

United States. Congress. House. Committee on Science - Business & Economics - Reauthorization of the Steel and Aluminum Energy Conservation

Decentralized Control Obligations and permissions in virtual communities of agents

Previous books by author

Asthma, Allergy and Immunology

IEEE ComSoc Technical Committee on Power Line Communications. ISPLC 2007, Committee Meeting. Pisa, March 26, 2007

Critical Security Studies and World Politics

UNITED NATIONS EDUCATIONAL, SCIENTIFIC AND CULTURAL ORGANISATION

The Revised WTO Agreement on Government Procurement (GPA): an Emerging Pillar of Twenty-first Century Trade and Development

The Participation of the EU in International Dispute Settlement

Transcription:

INTEGRITY AND INTERNAL CONTROL IN INFORMATION SYSTEMS VI

IFIP The International Federation for Information Processing IFIP was founded in 1960 under the auspices of UNESCO, following the First World Computer Congress held in Paris the previous year. An umbrella organization for societies working in information processing, IFIP s aim is two-fold: to support information processing within its member countries and to encourage technology transfer to developing nations. As its mission statement clearly states, IFIP s mission is to be the leading, truly international, apolitical organization which encourages and assists in the development, exploitation and application of information technology for the benefit of all people. IFIP is a non-profitmaking organization, run almost solely by 2500 volunteers. It operates through a number of technical committees, which organize events and publications. IFIP s events range from an international congress to local seminars, but the most important are: The IFIP World Computer Congress, held every second year; Open conferences; Working conferences. The flagship event is the IFIP World Computer Congress, at which both invited and contributed papers are presented. Contributed papers are rigorously refereed and the rejection rate is high. As with the Congress, participation in the open conferences is open to all and papers may be invited or submitted. Again, submitted papers are stringently refereed. The working conferences are structured differently. They are usually run by a working group and attendance is small and by invitation only. Their purpose is to create an atmosphere conducive to innovation and development. Refereeing is less rigorous and papers are subjected to extensive group discussion. Publications arising from IFIP events vary. The papers presented at the IFIP World Computer Congress and at open conferences are published as conference proceedings, while the results of the working conferences are often published as collections of selected and edited papers. Any national society whose primary activity is in information may apply to become a full member of IFIP, although full membership is restricted to one society per country. Full members are entitled to vote at the annual General Assembly, National societies preferring a less committed involvement may apply for associate or corresponding membership. Associate members enjoy the same benefits as full members, but without voting rights. Corresponding members are not represented in IFIP bodies. Affiliated membership is open to non-national societies, and individual and honorary membership schemes are also offered.

INTEGRITY AND INTERNAL CONTROL IN INFORMATION SYSTEMS VI IFIP TC11 / WG11.5 Sixth Working Conference on Integrity and Internal Control in Information Systems (IICIS) 13 14 November 2003, Lausanne, Switzerland Edited by Sushil Jajodia George Mason University Fairfax, Virginia, USA Leon Strous De Nederlandsche Bank NV Amsterdam, The Netherlands KLUWER ACADEMIC PUBLISHERS NEW YORK, BOSTON, DORDRECHT, LONDON, MOSCOW

ebook ISBN: 1-4020-7901-X Print ISBN: 1-4020-7900-1 2004 Kluwer Academic Publishers New York, Boston, Dordrecht, London, Moscow Print 2004 Kluwer Academic Publishers Boston All rights reserved No part of this ebook may be reproduced or transmitted in any form or by any means, electronic, mechanical, recording, or otherwise, without written consent from the Publisher Created in the United States of America Visit Kluwer Online at: and Kluwer's ebookstore at: http://kluweronline.com http://ebooks.kluweronline.com

CONTENTS Preface Acknowledgements vii ix Part one. Refereed papers 1. Remote Integrity Checking Yves Deswarte, Jean-Jacques Quisquater, Ayda Saïdane 2. Automated Checking of SAP Security Permissions Sebastian Höhn, Jan Jürjens 3. A Formal Analysis of a Digital Signature Architecture David Basin, Kunihiko Miyazaki, Kazuo Takaragi 4. Using Parameterized UML to Specify and Compose Access Control Models Indrakshi Ray, Na Li, Dae-Kyoo Kim, Robert France 5. Enforcing Integrity in Multimedia Surveillance Naren B. Kodali, Csilla Farkas, Duminda Wijesekera 6. A Learning-based Approach to Information Release Control Claudio Bettini, X. Sean Wang, Sushil Jajodia 7. Information Security Governance using ISO 17799 and COBIT Elmari Pretorius, Basie von Solms 8. Tracing Attacks and Restoring Integrity with LASCAR Alexandre Aellig, Philippe Oechslin 9. A Secure Multi-sited Version Control System Indrajit Ray, Junxing Zhang 10. Integration of Integrity Constraints in Database Federations Herman Balsters, Bert de Brock 11. Reducing Disruption in Time-Tabled Condition Monitoring Binling Jin, Suzanne M. Embury 1 13 31 49 67 83 107 115 125 143 159

vi Integrity and Internal Control in Information Systems 12. A Service Oriented System Based Information Flow Model for Damage Assessment Yanjun Zuo, Brajendra Panda 177 13. An Efficient OODB Model for Ensuring the Integrity of User-defined Constraints Belal Zaqaibeh, Hamidah Ibrahim, Ali Mamat, Md. Nasir Sulaiman 195 Part two. Invited papers 14. 15. 16. From Security Culture to Effective E-security Solutions Solange Ghernaouti-Hélie Consistent Query Answering: Recent Developments and Future Directions Jan Chomicki Role of Certification in Meeting Organisation Security Requirements William List 209 219 241 Part three. Panel session 17. Grand Challenges in Data Integrity and Quality Bhavani Thuraisingham 249 Index of contributors Index of keywords 255 257

PREFACE The development and integration of integrity and internal control mechanisms into information system infrastructures is a challenge for researchers, IT personnel and auditors. Since its beginning in 1997, the IICIS international working conference has focused on the following questions: what precisely do business managers need in order to have confidence in the integrity of their information systems and their data and what are the challenges IT industry is facing in ensuring this integrity; what are the status and directions of research and development in the area of integrity and internal control; where are the gaps between business needs on the one hand and research / development on the other; what needs to be done to bridge these gaps. This sixth volume of IICIS papers, like the previous ones, contains interesting and valuable contributions to finding the answers to the above questions. We want to recommend this book to security specialists, IT auditors and researchers who want to learn more about the business concerns related to integrity. Those same security specialists, IT auditors and researchers will also value this book for the papers presenting research into new techniques and methods for obtaining the desired level of integrity. It is the hope of all who contributed to IICIS 2003 that these proceedings will inspire readers to join the organizers for the next conference on integrity and internal control in information systems. You are invited to take the opportunity to contribute to next year s debate with colleagues and submit a paper or attend the working conference. Check the websites given below regularly for the latest information. We thank all those who have helped to develop these proceedings and the conference. First of all, we thank all the authors who submitted papers as well as the keynote and invited speakers, and those who presented papers and participated in the panel. Finally, we would like to thank all conference participants, IFIP and the sponsors and supporters of this conference. January 2004 Sushil Jajodia Leon Strous

viii Integrity and Internal Control in Information Systems Websites: IFIP TC-11 Working group 11.5 IICIS 2004 http://www.cs.colostate.edu/~iicis04/ IFIP TC-11 Working group 11.5 http://csis.gmu.edu/faculty/tc11_5.html IFIP TC-11 http://www.ifip.tu-graz.ac.at/tc11 IFIP http://www.ifip.org Still available: IICIS 2002: IICIS 2001: IICIS 1999: IICIS 1998: IICIS 1997: Integrity and internal control in information systems V ed. Michael Gertz ISBN 1-4020-7473-5 Integrity, internal control and security in information systems: Connecting governance and technology ed. Michael Gertz, Erik Guldentops, Leon Strous ISBN 1-4020-7005-5 Integrity and internal control in information systems: Strategic views on the need for control ed. Margaret E. van Biene-Hershey, Leon Strous ISBN 0-7923-7821-0 Integrity and internal control in information systems ed. Sushil Jajodia, William List, Graeme McGregor, Leon Strous ISBN 0-412-84770-1 Integrity and internal control in information systems: Volume 1, Increasing the confidence in information systems ed. Sushil Jajodia, William List, Graeme McGregor, Leon Strous ISBN 0-412-82600-3

ACKNOWLEDGEMENTS Conference chairs: Stefano Spaccapietra, Swiss Federal Institute of Techn., Lausanne, CH Serge Vaudenay, Swiss Federal Institute of Technology, Lausanne, CH Programme Committee: Co-Chairs: Sushil Jajodia, George Mason University, USA Leon Strous, De Nederlandsche Bank, The Netherlands Members/reviewers: David Basin, ETH Zürich, Switzerland Sabrina de Capitani di Vimercati, University of Milan, Italy Michael Gertz, University of California at Davis, USA Erik Guldentops, University of Antwerp, Belgium Klaus Kursawe, IBM, Switzerland Detlef Kraus, SRC, Germany William List, William List & Co., UK Refik Molva, Eurecom, France David Naccache, GEMPLUS, France Philippe Oechslin, EPF Lausanne, Switzerland Indrakshi Ray, Colorado State University, USA Arnie Rosenthal, The MITRE Corporation, USA Adrian Spalka, University of Bonn, Germany Bhavani Thuraisingham, NSF, USA Organizing Committee Christelle Vangenot (chair) Marlyse Taric (secretariat) Swiss Federal Institute of Technology, Lausanne, Switzerland

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback