ISSE/SECURE 2007 Securing Electronic Business Processes

Transcription

1 Norbert Pohlmann Helmut Reimer Wolfgang Schneider ISSE/SECURE 2007 Securing Electronic Business Processes Highlights of the Information Security Solutions Europe/SECURE 2007 Conference With 140 illustrations vieweg

2 Preface xi About this Book xiii Welcome xv Microsoft: A Trustworthy Vision for Computing xvii Legal, Technical and Social Aspects of Security ^_ 1 Regulating Information Security: A Matter of Principle? 3.Andreas Mitrakas Silvia Portesi ISTPA Operational Analysis of International Privacy Requirements 18 John T. Sabp The Legal Conflict between Security and Privacy in Addressing Crime and Terrorism on the Internet ' ' 26 Murdoch Watney Data Encryption on File Servers 38 Janusz Gebusia Setting up an Effective'Information Security Awareness Programme 49 Dirk De Maeyer Saferinternet.pl Project - Educational Activities for Internet Safety in Poland 59 Anna Rywczyriska Agnieszka Wrzesieh Is Cyber Tribalism Winning Online Information Warfare? 65 Godfried Williams Johnnes Arreymbi

3 Phishing Across Interaction Channels: Methods, Experience and Best Practice 73 Philip Hoyer IT-Security Beyond Borders - an Assessment of Trust Levels Across Europe 82 Christian Wernberg-Tougaard Analyzing and Improving the Security of Internet Elections ' 93 Adam Wierzbicki Krzystof Pietrzak Remote Access Mechanics as a Source of Threats to Enterprise Network Infrastructure. 102 Paulina Januszkiewicz Marek Pyka "Private Investigation" in the Computer Environment: Legal Aspects 110 Arkadiusz Lach Identity, Information Security and Rights Management 115 Design Rationale behind the Identity Metasystem Architecture 117 Kim Cameron Michael B. Jones Federated ID Management - Tackling Risk and Credentialing Users 130 Marc Speltens Patrick Patterson Information Security Governance for Executive Management, 136 Yves Le Roux Model Driven Security for Agile SOA-Style Environments 147 Ulrich Lang Rudolf Schreiner v The Business Perspective on Roles Including Root Causes of Implementation Problems ^ 157 Marc Sel ' A Security Architecture for Enterprise Rights Management 166 Ammar Alkassar Rani Husseiki Christian Stiible Michael Hartmann

4 vii Rights Management Technologies: A Good Choice for Securing Electronic Health Records? 178 Milan Petkovic Stefan Katzenbeisser Klaus Kursawe Case Studies from Fuzzing Bluetooth, WiFi and WiMAX 188 Sami Petajasoja Ari Takaneh Mikko Varpiola Heikki Kortti Evaluation of the Possible Utilization of anti-spam Mechanisms Against spit 196 Christian Dietrich Malte Hesse Modeling Trust Management and Security of Information 207 Anna Felkner Tomasz Jordan Kruk Smart Tokens, eld Cards, Infrastructure Solutions and Interoperability 217 Infrastructure for Trusted Environment: In Search of a Solution., 219 Claire Vishik Simon Johnson David Hoffman Integrity Check of Remote Computer SystemsTrusted Network Connect 228 Marian Jungbauer Norbert Pohlmann Technical Guidelines for Implementation and Utilization of RFID-based Systems Cord Bartels Harald Kelter High Density Smart Cards:New Security Challenges and Applications 251 Helena Handschuh Elena Trichina ID Cards in Practice ^ 260 Detlef Houdeau Large Scale Fingerprint Applications: Which Technology Should be Used? _ 266 Andreas M. Wolf

5 From the ecard-api-framework Towards a Comprehensive eld-framework for Europe 276 Detlef Huhnlein Manuel Bach ; j Making Digital Signatures Work across National Borders 287 Jon 0lnes Anette Andresen Leif Buene Olga Cerrato Havard Grindheim Financial Fraud Information Sharing ; Sharon Boeyen Enterprise Key Management Infrastructure " 306 Arshad Noor Intrinsic Physical Unclonable Functions in Field Programmable Gate Arrays '"' '" '' "'- ; ' ' " "''''- ' 313 Jorge Guajardo Sandeep S. Kumar Klaus Kursawe Geert-Jan Schrijen Pirn Tuyls Security Evaluation and Testing - Past, Present and Future 322 Peter Fischer Economics of Security and PKI Applications 329 Managing Information Security in Small and Medium Sized Enterprises: A Holistic Approach 331 Anas Tawileh Jeremy Hilton Stephen Mclntosh, EKIAS - Success Criteria of PKI Implementations / 340 Anja Beyer Sophie Hellmann Malte Hesse Friedrich Holl Peter Morcinek SachanPaulus Helmut Reimer Embedded PKI in Industrial Facilities 347 Marcus Hanke SIM-enabled Open Mobile Payment System Based on Nation-wide PKI. 355 Elena Trichina Konstantin Hypponen Marko Hassinen

6 Evidence Record Syntax 367 Tobias Gondrom PKI and Entitlement 376 Guido v. d. Heidt Reinhard Schoepf Future Diffusion of PKI-Technology - A German Delphi Study 386 Michael Gaude The Introduction of Health Telematics in Germany 396 Dirk Drees The German Identity Card - Concepts and Applications 401 Andreas Reisen Infrastructures for Identification and Identity Documents 405 Walter Landvogt The Security Infrastructure of the German Core Application in Public Transportation 411 Joseph Lutgen Applications of Citizen Portals 419 Hannes Ziegler Virtual Post Office in Practice _, 427 Wilhelm Weisweber Frank Planitzer Index 437