Critical Information Infrastructures Security, 2008 Second International Workshop, CRITIS 2007, Benalmadena-Costa, Spain, October 3-5, 2007 Security and Cryptology Series

This volume contains the post-proceedings of the Second International Workshop on Critical Information Infrastructure Security (CRITIS 2007), that was held during October 3?5, 2007 in Benalmadena-Costa (Malaga), Spain, and was hosted by the University of Malaga, Computer Science Department. In response to the 2007 call for papers, 75 papers were submitted. Each paper was reviewed by three members of the Program Committee, on the basis of significance, novelty, technical quality and critical infrastructures relevance of the work reported therein. At the end of the reviewing process, only 29 papers were selected for pres- tation. Revisions were not checked and the authors bear full responsibility for the content of their papers. CRITIS 2007 was very fortunate to have four exceptional invited speakers: Adrian Gheorghe (Old Dominion University, USA), Paulo Veríssimo (Universidade de L- boa, Portugal), Donald Dudenhoeffer (Idaho National Labs, USA), and Jacques Bus (European Commission, INFSO Unit "Security"). The four provided a high added value to the quality of the conference with very significant talks on different and int- esting aspects of Critical Information Infrastructures. In 2007, CRITIS demonstrated its outstanding quality in this research area by - cluding ITCIP, which definitively reinforced the workshop. Additionally, the solid involvement of the IEEE community on CIP was a key factor for the success of the event. Moreover, CRITIS received sponsorship from Telecom Italia, JRC of the European Commission, IRRIIS, IFIP, and IABG, to whom we are greatly indebted.

Session 1: R&D Agenda.- Towards a European Research Agenda for CIIP: Results from the CI2RCO Project.- ICT Vulnerabilities of the Power Grid: Towards a Road Map for Future Research.- Session 2: Communication Risk and Assurance I.- An Analysis of Cyclical Interdependencies in Critical Infrastructures.- A Framework for 3D Geospatial Buffering of Events of Interest in Critical Infrastructures.- Designing Information System Risk Management Framework Based on the Past Major Failures in the Japanese Financial Industry.- Advanced Reaction Using Risk Assessment in Intrusion Detection Systems.- Session 3: Communication Risk and Assurance II.- Managing Critical Infrastructures through Virtual Network Communities.- The Structure of the Sense of Security, Anshin.- Securing Agents against Malicious Host in an Intrusion Detection System.- Session 4: Code of Practice and Metrics.- UML Diagrams Supporting Domain Specification Inside the CRUTIAL Project.- Expert System CRIPS: Support of Situation Assessment and Decision Making.- Using Dependent CORAS Diagrams to Analyse Mutual Dependency.- A Methodology to Estimate Input-Output Inoperability Model Parameters.- Session 5: Information Sharing and Exchange.- Efficient Access Control for Secure XML Query Processing in Data Streams.- An Approach to Trust Management Challenges for Critical Infrastructures.- Session 6: Continuity of Services and Resiliency.- Detecting DNS Amplification Attacks.- LoRDAS: A Low-Rate DoS Attack against Application Servers.- Intra Autonomous System Overlay Dedicated to Communication Resilience.- A Proposal for the Definition of Operational Plans to Provide Dependability and Security.- Session 7: SCADA and Embedded Security.- Application of Kohonen Maps to Improve Security Tests on Automation Devices.- Ideal Based Cyber Security Technical Metrics for Control Systems.- Designing Critical Infrastructure Cyber Security Segmentation Architecture by Balancing Security with Reliability and Availability.- Session 8: Threats and Attacks Modeling.- A General Model and Guidelines for Attack Manifestation Generation.- A Survey on Detection Techniques to Prevent Cross-Site Scripting Attacks on Current Web Applications.- Attack Modeling of SIP-Oriented SPIT.- A Malware Detector Placement Game for Intrusion Detection.- Session 9: Information Exchange and Modelling.- Modeling and Simulating Information Security Management.- Design of a Platform for Information Exchange on Protection of Critical Infrastructures.- Towards a Standardised Cross-Sector Information Exchange on Present Risk Factors.