Security and Privacy in the Age of Uncertainty

Security and Privacy in the Age of Uncertainty covers issues related to security and privacy of information in a wide range of applications including:
*Secure Networks and Distributed Systems;
*Secure Multicast Communication and Secure Mobile Networks;
*Intrusion Prevention and Detection;
*Access Control Policies and Models;
*Security Protocols;
*Security and Control of IT in Society.

This volume contains the papers selected for presentation at the 18th International Conference on Information Security (SEC2003) and at the associated workshops. The conference and workshops were sponsored by the International Federation for Information Processing (IFIP) and held in Athens, Greece in May 2003.

One Secure Networks and Distributed Systems.- Trust Mediation for Distributed Information Systems.- Concerning Enterprise Network Vulnerability to HTTP Tunneling.- Providing Voice Privacy Over Public Switched Telephone Networks.- A Multi-Party Non-Repudiation Protocol for Exchange of Different Messages.- Establishing Chain of Evidence as a Base for Non-Repudiation Services.- Two Content Protection.- Securing XML-based Multimedia Content.- Secure Audit Logging with Tamper-Resistant Hardware.- PCMHoDC.- Three Secure Multicast Communication and Secure Mobile Networks.- Using Keystroke Analysis as a Mechanism for Subscriber Authentication on Mobile Handsets.- Introducing PKI to Enhance Security in Future Mobile Networks.- A Time Driven Methodology for Key Dimensioning in Multicast Communications.- A Flexible Category-Based Collusion-Resistant Key Management Scheme for Multicast.- Four Security Management.- Content, Context, Process Analysis of IS Security Policy Formation.- Integrating Security into Systems Development.- Integrating Information Security into Corporate Governance.- Building an Enterprise IT Security Management System.- Information Security Management System: Processes and Products.- Five Intrusion Prevention and Detection.- Detecting Malicious Use with Unlabelled Data Using Clustering and Outlier Analysis.- E2xB: A Domain-Specific String Matching Algorithm for Intrusion Detection.- Intrusion Masking for Distributed Atomic Operations.- Using Fuzzy System to Manage False Alarms in Intrusion Detection.- An Experiment in Software Decoy Design.- Six Access Control Policies and Models.- A User Friendly Guard with Mobile Post-Release Access Control Policy.- Security Model for Health Care Computing and Communication Systems.- Constrained Role-based Delegation.- Seven Secure Information Systems.- CSAP - An Adaptable Security Module for the E-Government System Webocrat.- Perceptions of Security Contributing to the Implementation of Secure IS.- New Directions on IS Security Methods.- Secure Vickrey Auctions without a Trusted Third Party.- Eight Security Protocols.- Integrating Logics and Process Calculi for Cryptographic Protocol Analysis.- Flexible Delegation Security for Improved Distribution in Ubiquitous Environments.- Cooperative Defense Firewall Protocol.- How to turn a PIN into an Iron Beam.- Nine Workshop on Information Security Management.- World Framework for Security Benchmark Changes.- Information Security: Auditing the Behaviour of the Employee.- Priorities in the Deployment of Network Intrusion Detection Systems.- Bridging the Gap between Risk Analysis and Security Policies.- Framework and Architecture for Secure Mobile Business Applications.- ISO 17799 and Australian Healthcare Organisations.- Ten Workshop on Privacy and Anonymity in Network & Distributed Systems.- Statistical Disclosure Attacks.- On the Anonymity of Timed Pool Mixes.- Privacy in Content Distribution Networks.- Eleven Workshop on Small Systems Security.- Security, Fault-Tolerance and their Verification for Ambient Systems.- Hidden Layer Authentication using Smart Card for WEP-based WLANS.- PINPAS: A Tool for Power Analysis of Smartcards.- Assessing Security in Energy-Efficient Sensor Networks.- From Finite State Machines to Provably Correct Java Card Applets.- Security Characteristics of E-Collaboration Environments.- Roadmap for Securing Handheld Devices.- Twelve Workshop on Security and Control of IT in Society.- Lawful Cyber Decoy Policy.- Electronic Signature as a part of Information Society Infrastructure.