With decades of progress toward ubiquitous networks and systems, distributed computing systems have played an increasingly important role in the industry and society. However, not many distributed networks and systems are secure and reliable in the sense of defending against different attacks and tolerating failures automatically, thus guaranteeing properties such as performance, and offering security against intentional threats. This special issue focuses on securing distributed networks and systems. We are delighted to present to you nine technical papers dealing with cutting-edge research and technology related to this topic. These papers were selected out of 149 submissions from 30 countries in the third International Conference on Network and System Security (NSS 2009). The selection has been very rigorous and only the best papers in the conference were selected.
In the first paper, 'Specifying and Enforcing the Principle of Least Privilege in Role-Based Access Control' [1], Ma et al. formally define the basic principle of least privilege and present different variations, called the -approx principle of least privilege and the minimizing-approx principle of least privilege. They prove that all least privilege problems are NP-complete. They show that the principle of the least privilege problem can be reduced to minimal cost set covering (MCSC) problem.
In the second paper, 'Architecture Design of High Efficient and Non-memory AES Crypto Core for WPAN' [2], Chen et al. present the architecture design of a high efficient and non-memory Advanced Encryption Standard (AES) crypto core to fit WPAN security requirement. The proposed basis transformation approach from Galois Field (2 8 ) to Galois Field G F(((2 2 ) 2 ) 2 ) can significantly reduce the hardware complexity of the SubBytes Transformation (S-box).
In the third paper, 'Secure Mobile Agents with Controlled Resources' [3], Zhang et al. propose two schemes achieving host authentication with controlled resources, where only selected hosts can be included in the agent network. The second scheme offers a smaller data size. They also define security models and provide rigorous security proofs to the schemes.
In the fourth paper, 'Self-Similar Characteristics of Network Intrusion Attempts and the Implications for Predictability' [4], Wahid et al. observe that the persistence of hosts that attempt network intrusions obey a power-law relationship such that the overwhelming majority of hosts are shortlived while a small number are highly persistent. The distribution of hosts in the IP address space is broadly identical regardless of different categories of lifetimes and intrusion attempts. They find that there is a scale invariant diurnal cycle with long range dependence in the number of unique hosts observed per unit time.
In the fifth paper, 'A Generic Framework for Constructing Cross-Realm C2C-PAKA Protocols Based on the Smart Card' [5], Xu et al. present a generic framework for constructing a cross-realm C2CPAKA protocol from any secure smart card-based password authentication (PA-SC) protocol. The security proof of the construction can be derived from the underlying PA-SC protocol employing the same assumptions. Compared with similar protocols, the instantiation of this construction achieves improved efficiency.
In the sixth paper, 'A Cryptographically t-Private Auction System' [6], Hinkelmann et al present a cryptographically t-private protocol for electronic auctions whose low resource demands make it viable for practical use. This construction is based on Yao's garbled circuits and pseudorandom number generators (PRNG). This protocol involves a field of (t +1) 2 parties for the generation of the garbled circuit and permits an arbitrarily large number of bidders.
In the seventh paper, 'A Secure and Efficient Data Aggregation Scheme for Wireless Sensor Networks' [7], Zhu et al. propose a secure and efficient aggregation scheme, in which the base station composes a secret configuration matrix and each sensor node is pre-loaded with a limited part of the matrix known as a secret share containing certain local instructions. This scheme avoids