CRUTIAL: The Blueprint of a Reference Critical Information Infrastructure Architecture -- Experiment Based Validation of CIIP -- Security Requirements Model for Grid Data Management Systems -- Assessing the Risk of an Information Infrastructure Through Security Dependencies -- Modelling Risk and Identifying Countermeasure in Organizations -- Modelling and Analysing Network Security Policies in a Given Vulnerability Setting -- A Framework for Conceptualizing Social Engineering Attacks -- An Overview of R&D Activities in Europe on Critical Information Infrastructure Protection (CIIP) -- Intelligent Network-Based Early Warning Systems -- Can an Early Warning System for Home Users and SMEs Make a Difference? A Field Study -- Protection of Components Based on a Smart-Card Enhanced Security Module -- Revisiting Colored Networks and Privacy Preserving Censorship -- PROSEARCH: A Protocol to Simplify Path Discovery in Critical Scenarios -- Applying Key Infrastructures for Sensor Networks in CIP/CIIP Scenarios -- Trust Establishment in Ad Hoc and Sensor Networks -- Enforcing Trust in Pervasive Computing with Trusted Computing Technology -- Proposals on Assessment Environments for Anomaly-Based Network Intrusion Detection Systems -- High-Speed Intrusion Detection in Support of Critical Infrastructure Protection -- Rational Choice of Security Measures Via Multi-parameter Attack Trees -- Multidomain Virtual Security Negotiation over the Session Initiation Protocol (SIP) -- Vulnerabilities and Possible Attacks Against the GPRS Backbone Network -- A Framework for Secure and Verifiable Logging in Public Communication Networks.

Key sectors of modern economies depend highly on ICT. The information flowing through the resulting technological super-infrastructure as well as the information being processed by the complex computing systems that underpin it becomes crucial because its disruption, disturbance or loss can lead to high financial, material and, sometimes, human loss. As a consequence, the security and dependability of this infrastructure become critical and its protection a major objective for governments, companies and the research community. CRITIS has been born as an event that aims to bring together researchers and professionals from universities, private companies and public administrations interested or involved in all security-related heterogeneous aspects of critical information infrastructures. This volume contains the proceedings of the 1st International Workshop on Critical Information Infrastructure Security (CRITIS 2006), that was held between August 31 and September 1, 2006 on Samos, Greece, and was hosted by the University of the Aegean, Department of Information and Communication Systems Engineering, Laboratory of Information and Communication Systems Security (Info-Sec-Lab). In response to the CRITIS 2006 call for papers, 57 papers were submitted. Each paper was reviewed by three members of the Program Committee, on the basis of significance, novelty, technical quality and relevance to critical infrastructures. At the end of the reviewing process, only 22 papers were selected for presentation, resulting in an acceptance rate of 38%. Revisions were not checked and the authors bear full responsibility for the content of their papers.