Modeling and Reconfiguration of critical Business Processes for the purpose of a Business Continuity Management respecting Security Risk and Compliance requirements at Credit Suisse using Algebraic Graph Transformation

in Enterprise Distributed Object Computing Conference Workshops, 2009. EDOCW 2009. 13th, Proc. International Workshop on Dynamic and Declarative Business Processes (DDBP 2009) (2009)

Critical business processes can fail. Therefore, continuity processes are needed as backup solutions. At the same time business processes are required to comply with security, risk and compliance ... [more ▼]

Critical business processes can fail. Therefore, continuity processes are needed as backup solutions. At the same time business processes are required to comply with security, risk and compliance requirements. In the context discussed here, they should be modeled in a decentralized local and declarative way, including methodological support by tools. By discussing a simplified loan granting process in the context of a Business Continuity Management System at Credit Suisse, we show how algebraic graph transformation can contribute a methodologically sound solution being compatible with all these requirements in a coherent way. As a consequence significant benefits of automation and quality can be realized. The presented contribution is theoretically sound and implementable by the people in the field. [less ▲]

Slotted Packet Counting Attacks on Anonymity Protocols

in The proceedings of the Australasian Information Security Conference (2009)

In this paper we present a slotted packet counting attack against anonymity protocols. Common packet counting attacks make strong assumptions on the setup and can easily lead to wrong conclusions, as we ... [more ▼]

In this paper we present a slotted packet counting attack against anonymity protocols. Common packet counting attacks make strong assumptions on the setup and can easily lead to wrong conclusions, as we will show in our work. To overcome these limitations, we account for the variation of traffic load over time. We use correlation to express the relation between sender and receiver nodes. Our attack is applicable to many anonymity protocols. It assumes a passive attacker and works with partial knowledge of the network traffic. [less ▲]

Emergency Group Calls over Interoperable Networks

in Proceedings of the 11th IEEE International Conference on Computational Science and Engineering (2008)

Unlinkable Communication

in Privacy, Security and Trust, 2008. PST '08. Sixth Annual Conference on (2008)

In this paper we present a protocol for unlinkable communication, i.e. where an attacker cannot map the sender and receiver node of a communication. Existing anonymity protocols either do not guarantee ... [more ▼]

In this paper we present a protocol for unlinkable communication, i.e. where an attacker cannot map the sender and receiver node of a communication. Existing anonymity protocols either do not guarantee unlinkability (e.g. Tor and Mix networks), or produce huge overhead -- the dining cryptographers network causes quadratic number of messages. Our protocol needs only a linear number of messages while it still guarantees unlinkability. We introduce a measure of unlinkability and show that our protocol offers the highest possible degree of unlinkability. We show how to use the protocol in practice by adapting it to internet and ad hoc communication. [less ▲]