By Topic

Security and Privacy, 1988. Proceedings., 1988 IEEE Symposium on

Date 18-21 Apr 1988

Filter Results

Displaying Results 1 - 25 of 25
  • Implementing commercial data integrity with secure capabilities

    Publication Year: 1988, Page(s):130 - 139
    Cited by:  Papers (10)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (348 KB)

    The author examines the model of D.D. Clark and D.R. Wilson (1987) for commercial data integrity and proposes an implementation based on his own secure capability architecture. He shows how secure capabilities and protected subsystems are ideal for implementing commercial data integrity, but also indicates areas where the Clark-Wilson model may have difficulties in actual use. The level of formal ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Proceedings of the 1988 IEEE Symposium on Security and Privacy (Cat. No.88CH2558-5)

    Publication Year: 1988
    Request permission for commercial reuse | PDF file iconPDF (60 KB)
    Freely Available from IEEE
  • Noninterference and the composability of security properties

    Publication Year: 1988, Page(s):177 - 186
    Cited by:  Papers (75)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (612 KB)

    The problem of composability of multilevel security properties, particularly the noninterference property and some of its generalizations, is discussed. Examples are used to show that some of these security properties do not compose; it is possible to connect two systems, both of which are judged to be secure, so that the composite system is not secure. A property called restrictiveness is introdu... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security specifications

    Publication Year: 1988, Page(s):14 - 23
    Cited by:  Papers (13)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (660 KB)

    A security and specification-oriented semantics for systems is given. The semantic model is derived from that for the trace model of C.A.R. Hoare's (1980) communicating sequential processes and is used to define various security concepts, such as multilevel secure systems, trusted users and integrity. It is indicated how implementations of secure systems can be derived from their specifications View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Reverification of a microprocessor

    Publication Year: 1988, Page(s):166 - 176
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (604 KB)

    The FM8501 microprocessor was defined and verified by W.A. Hunt (1986) using the Boyer-Moore theorem-prover. The authors have carried out a reverification of the machine using the State Delta Verification System. Their work correlates strongly with work done by Hunt, demonstrating that the verification community is capable of supporting its own results, drawing on the diversification of proof tool... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A fault tolerance approach to computer viruses

    Publication Year: 1988, Page(s):52 - 58
    Cited by:  Papers (15)  |  Patents (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (488 KB)

    Extensions of program flow monitors and n-version programming can be combined to provide a solution to the detection and containment of computer viruses. The consequence is that a computer can tolerate both deliberate faults and random physical faults by one common mechanism. Specifically, the technique detects control flow errors due to physical faults as well as the presence of viruses View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Concerning `modeling' of computer security

    Publication Year: 1988, Page(s):8 - 13
    Cited by:  Papers (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (544 KB)

    The author examines the notion of modeling, first as it applies to physical sciences, and then with reference to computer security. He identifies two undesirable aspects of models in general, which he calls incompleteness and inapplicability. A model of security given by D.E. Bell and L.J. La Padula (1975) is examined in light of the criticism that a model is a definition of that which it models; ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Cascaded authentication

    Publication Year: 1988, Page(s):156 - 163
    Cited by:  Papers (20)  |  Patents (18)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (736 KB)

    The author addresses a problem that has arisen in building distributed systems in which incomplete trust exists and program composition is necessary. The problem is to permit authentication for both access control and accounting when cascading invocations. The problem can be identified as one of providing cascaded authentication. The author has developed a mechanism she calls passports that are pa... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Extended discretionary access controls

    Publication Year: 1988, Page(s):39 - 49
    Cited by:  Papers (6)  |  Patents (31)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (912 KB)

    A discretionary access control mechanism proposed for a secure distributed operating system (DOS) being designed at BBN Laboratories is presented. The DOS is an object-oriented system that uses access control lists to authorize access to objects. Discretionary controls are implemented in a type-specific manner inside the managers of objects. Several extensions to conventional access control lists ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security policy modeling for the next-generation packet switch

    Publication Year: 1988, Page(s):212 - 216
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (400 KB)

    The general problem of protection in a network, focusing on its modeling in a packet-switch context, is considered. A general network interpretation of a standard computer security model is applied to the next-generation packet switch. The situation requires modeling at both the network and individual packet switch levels of discourse, using different interpretations View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The algebra of security

    Publication Year: 1988, Page(s):2 - 7
    Cited by:  Papers (24)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (484 KB)

    A general framework is developed in which various mandatory access control security models that allow changes in security levels can be formalized. These models form a Boolean algebra. The framework is expanded to include models that allow n-person rules necessary for discretionary access controls in an industrial security setting. The resulting framework is a distributive lattice View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The trusted path between SMITE and the user

    Publication Year: 1988, Page(s):146 - 155
    Cited by:  Papers (3)  |  Patents (24)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (600 KB)

    If signaling channels can only be driven by a trusted path, they cannot be exploited by trojan horses in untrusted software. To this end, the SMITE secure computer system provides a general-purpose trusted path, based on a screen editor, which would act as the users' normal interface to the system. The feasibility of the approach relies on the use of a sympathetic computer architecture, which supp... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A bandwidth computation model for covert storage channels and its applications

    Publication Year: 1988, Page(s):108 - 121
    Cited by:  Papers (12)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (960 KB)

    A Markov model for bandwidth computation and its application to Secure Xenix are presented. The model can be used for computing the bandwidth of both individual channels and aggregated channels (i.e. serial and parallel aggregation). Using this model, a tool has been built and experiments conducted to determine the factors that affect the bandwidth of covert storage channels (noise, scheduling del... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A formal specification and verification method for the prevention of denial of service

    Publication Year: 1988, Page(s):187 - 202
    Cited by:  Papers (14)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1280 KB)

    The authors present a formal specification and verification method for the prevention of denial of service in absence of failures and integrity violations. They introduce the notion of user agreements and argue that lack of specifications for these agreements and for simultaneity conditions makes it impossible to demonstrate denial-of-service prevention, in spite of demonstrably fair service acces... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A secure distributed operating system

    Publication Year: 1988, Page(s):27 - 38
    Cited by:  Papers (6)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1132 KB)

    Some issues in distributed system security are discussed in the context of the design of a secure distributed operating system (SDOS). The design is targeted for an A1 rating. Some developments in formal verification methods are reported. Distributed system security is contrasted with single-host and network security, and described in the context of the Trusted Network Interpretation. Problems uni... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A prototype real-time intrusion-detection expert system

    Publication Year: 1988, Page(s):59 - 66
    Cited by:  Papers (40)  |  Patents (10)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (612 KB)

    The design and implementation of a prototype intrusion-detection expert system (IDES) are described. IDES is based on the concept that an intrusion manifests itself as a departure from expected behavior for a user. The prototype monitors users on a remote system, using audit records that characterize their activities. It adaptively learns the normal behavior of each user and detects and reports an... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The SeaView security model

    Publication Year: 1988, Page(s):218 - 233
    Cited by:  Papers (34)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1228 KB)

    A formal security policy model that uses basic view concepts for a secure multilevel relational database system is described. The model is formulated in two layers, one corresponding to a security kernel of reference monitor that enforces mandatory security, and the other defining multilevel relations and formalizing policies for labeling new and derived data, data consistency, discretionary secur... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Reasoning about knowledge in multilevel secure distributed systems

    Publication Year: 1988, Page(s):122 - 128
    Cited by:  Papers (10)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (668 KB)

    A method for reasoning about knowledge in multilevel secure distributed systems is introduced. This method, based on a behavioral semantics for operator nets, can be used to specify a variety of security properties such as nondisclosure, integrity, and authority systems. The major attributes of the method are the intuitive nature of the specifications and the expressibility of the model, which all... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An axiomatic basis of trust in distributed systems

    Publication Year: 1988, Page(s):204 - 211
    Cited by:  Papers (18)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (720 KB)

    He introduces basic notions about developing a logic or a theory, and shows that modal logics of belief, with their Kripe-style possible-worlds semantics, are appropriate for basing a theory of trust on. He reviews a modal logic of belief, and constructs a model of the distributed system so that the logic is sound and complete with respect to the model. Any sentences in the logic may then be added... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Views as the security objects in a multilevel secure relational database management system

    Publication Year: 1988, Page(s):70 - 84
    Cited by:  Papers (6)  |  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1048 KB)

    A mandatory security policy for a multilevel secure relational DBMS using views as the security objects is presented. The advantages and disadvantages of this approach are examined. A method of ensuring the completeness and consistency of the set of secure views is described, as well as an approach to implementing views as the security objects View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A near-term design for the SeaView multilevel database system

    Publication Year: 1988, Page(s):234 - 244
    Cited by:  Papers (26)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (944 KB)

    The SeaView formal security policy model admits a range of designs for a multilevel secure relational database system. The requirement for a near-term implementation suggests that the design should utilize existing technology to the extent possible. Thus the design uses an existing database management system ported to an existing TCB (trusted computing base) environment. A preprocessor translates ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • ASDViews [relational databases]

    Publication Year: 1988, Page(s):85 - 95
    Cited by:  Papers (9)  |  Patents (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (708 KB)

    A description is given of ASDViews, an implementation of views as the security object in a multilevel secure relational database management system (DBMS) that results in a small trusted computing base (TCB) as required to meet the criteria for evaluation class B2 and above. A general view is the result of a database query. Since most of the code which implements the DBMS is involved in processing ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Controlling logical inference in multilevel database systems

    Publication Year: 1988, Page(s):245 - 255
    Cited by:  Papers (28)  |  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (948 KB)

    The potential for logical inference of high-level information based on lower-level visible data presents a threat to multilevel security. The author proposes a framework for studying these inference control problems, describes a representation for relevant semantics of the application, develops criteria for safety and security of a system to prevent these problems, and describes the functionality ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using mandatory integrity to enforce `commercial' security

    Publication Year: 1988, Page(s):140 - 146
    Cited by:  Papers (23)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (484 KB)

    Government research, development, and standardization efforts in computer security have been repeatedly criticized as not being applicable to the commercial world. In particular, they have been criticized as not being able to support the kinds of security policies, such as separation of duties and well-formed transactions, used by the financial and other communities to control unauthorized changes... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Inference aggregation detection in database management systems

    Publication Year: 1988, Page(s):96 - 106
    Cited by:  Papers (24)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (756 KB)

    The author identifies inference aggregation and cardinality aggregation as two distinct aspects of the aggregation problem. He develops the concept of a semantic relationship graph to describe the relationships between data and then presents inference aggregation as the problem of finding alternative paths between vertices on the graph. He presents an algorithm for processing the semantic relation... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.