[Proceedings 1988] Fourth Aerospace Computer Security Applications

12-16 Sept. 1988

Filter Results

Displaying Results 1 - 25 of 52
  • Fourth Aerospace Computer Security Applications Conference (IEEE Cat. No.CH2619-5)

    Publication Year: 1988
    Request permission for commercial reuse | |PDF file iconPDF (558 KB)
    Freely Available from IEEE
  • Query processing in LDV: a secure database system

    Publication Year: 1988, Page(s):118 - 124
    Cited by:  Papers (2)  |  Patents (15)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (668 KB)

    An overview is given of the query processing of the multilevel secure database management system (MLS/DBMS), LOCK Data Views (LDV), for the secure distributed Data Views contract. The authors summarize design issues such as data distribution, polyinstantiation, and response assembly. They show the need for a security policy for a database system that builds on the classical security policies for o... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Dual labels revisited [computer security]

    Publication Year: 1988, Page(s):167 - 172
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (492 KB)

    The utility and need for trusted labels used for functions other than access control is discussed. The author shows that information labels serve functions separate and distinct from that of sensitivity labels. In some instances, they function in capacities that are beyond the abilities of standard single-label-based systems. It is also shown that attempting to incorporate the marking function int... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Genesis of a secure application: a multilevel secure message preparation workstation demonstration

    Publication Year: 1988, Page(s):30 - 36
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (544 KB)

    A multilevel secure message preparation workstation is described as a prototypical secure application. Suggestions for the development of secure applications are introduced. Techniques have been developed and demonstrated that permit untrusted applications to be integrated with a highly secure trusted computer base (TCB). By using an existing TCB, and approximately the same level of resources as f... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Inference controls for frequency count tables: an update

    Publication Year: 1988, Page(s):112 - 117
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (360 KB)

    A synopsis of mathematical problems and results that have been obtained in establishing effective inference controls for frequency-count tables, is presented. This brings up-to-date a related article by L.H. Cox (see CIPHER, p.4-14, 1986). Particular attention is given to inference controls for two-way frequency count tables and generalization for sets of tables and higher dimensions View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An alternative implementation of the reference monitor concept [military messaging, secure]

    Publication Year: 1988, Page(s):159 - 166
    Cited by:  Papers (1)  |  Patents (8)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (608 KB)

    Research into the multilevel secure automated exchange of military messages is reported. This work represents approaches to `designed-in security that are not based on the security kernal and Bell/LaPadula model approaches that have dominated military message systems and the industry. Instead, the approach is based on the concept of a network of communicating finite-state machines. The resulting p... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Embedding cryptography into a Trusted Mach system

    Publication Year: 1988, Page(s):379 - 383
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (400 KB)

    An embedded network security prototype is being developed to research issues associated with embedding cryptography into a trusted computer system. Trusted Information Systems (TIS) is implementing SP4, mail, and key management secure data network systems (SDNS) protocols in the Trusted Mach operating system using unclassified cryptography. The TIS prototype uses transport control protocol/interne... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Denial of service flaws in SDI software-an initial assessment

    Publication Year: 1988, Page(s):22 - 29
    Cited by:  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (776 KB)

    The author provides a tutorial and survey into the denial-of-service aspect of computer security. Definitions from existing literature are presented, and several categorizations of potential denial-of-service flaws are provided with examples from actual cases. Methods for providing preventive resistance against denial-of-service threats as well as mechanisms for detection and recovery from denial-... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Implications of multilevel systems on the data dictionary of a secure relational DBMS

    Publication Year: 1988, Page(s):58 - 65
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (448 KB)

    The security policy of a secure DBMS (database management system) states how users may access the database. The author concludes that the same security policies, enforced for access to user data are applicable to the data dictionary. A data dictionary that is subject to the rules of a general security policy is presented as an example. The semantics of associating a sensitivity label with informat... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Minix security policy model

    Publication Year: 1988, Page(s):393 - 399
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (560 KB)

    The author describes how the Bell-La Padula model might be applied to the current, unrated Minix operating system. Also discussed are security issues pertaining to inherited accesses and the method used to characterize the Minix file permissions in terms of the more general access matrix model View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Toward a multilevel relational data language

    Publication Year: 1988, Page(s):72 - 79
    Cited by:  Papers (3)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (624 KB)

    An implementation-dependent multilevel query language called MSQL (multilevel structured query language) for defining and manipulating (multilevel relations) is defined. The MSQL language includes an access class data type, integrity constraints, primary keys, and provision for specification of classification domains for attributes of multilevel relations. The near-term SeaView design includes an ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Implementation design for a kernelized trusted DBMS

    Publication Year: 1988, Page(s):91 - 98
    Cited by:  Papers (1)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (708 KB)

    The implementation design of the Mitre kernelized trusted database management system (TDBMS) prototype is described. The prototype is intended to be a compartmented-mode DBMS, based on the Naval Surveillance DBMS security model. The TDBMS has been implemented by retrofitting security functionality onto the Mistress commercial database product. The TDBMS security kernel controls read and write acce... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Maintaining correctness, availability, and unambiguity in trusted database management systems

    Publication Year: 1988, Page(s):106 - 110
    Cited by:  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (452 KB)

    The various kinds of threats to integrity and security that arise in multilevel secure database systems are examined. The authors consider the various kinds of integrity constraints on a database and describe the conflicts between security and the various general integrity properties. They then consider an example of a trusted DBMS (database management system), in the spirit of R. Burns' `homework... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Structuring trust in a large general purpose operating system

    Publication Year: 1988, Page(s):152 - 158
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (552 KB)

    A description is given of the approach taken by ICL to ameliorate the problem of evaluating the security of a large operating system in which the number of TCB (trusted computing base) and trusted process code procedures is large enough to make exhaustive detailed scrutinization more than exhausting. The approach is applicable to any structured large general-purpose system that enables a conventio... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Developing secure systems: issues and solutions

    Publication Year: 1988, Page(s):183 - 190
    Cited by:  Patents (6)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (732 KB)

    Specific issues associated with the development of secure systems are described. The authors focus on what an application of a mathematically-based development method means, within the constraints of a traditional development process. They then describe their experiences in the development of a secure internet system, the Multinet Gateway System. The description outlines the solutions developed in... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An interpretation of a refined Bell-La Padula model for the TMach kernel

    Publication Year: 1988, Page(s):368 - 378
    Cited by:  Papers (7)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (848 KB)

    The author discusses an interpretation of the Bell-La Padula (BLP) model (1973) for the Trusted Mach (TMach) kernel. The BLP model is reviewed along with specific refinements to the discretionary-security property, *-property, the notion of trusted subjects and activation. A correspondence between the revised BLP model and the abstractions provided by the TMach kernel was demonstrated View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The importance of high assurance computers for command, control, communications, and intelligence systems

    Publication Year: 1988, Page(s):331 - 342
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (1112 KB)

    The authors discuss the available alternatives for building multilevel secure automated command, control, communications, and intelligence systems (CCCI systems). It is concluded that the only way to have a high degree of confidence that the anticipated threat can be countered is to base a CCCI system on a TCB (trusted computer base) having a security kernel (i.e., on a Class B3 or A1 TCB rather t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Configuring a trusted system using the TNI

    Publication Year: 1988, Page(s):256 - 261
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (440 KB)

    The authors summarize a study performed to identify and evaluate alternatives for achieving an acceptable level of risk in a distributed system by utilizing computer components with the lowest TCSEC (trusted computer system evaluation criteria) ratings acceptable under DoD guidelines. The security implications of connecting equipments that handle differing sensitivity levels of data are examined t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Telling the goodguys: disseminating information on security holes

    Publication Year: 1988, Page(s):216 - 218
    Cited by:  Papers (1)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (200 KB)

    The author discusses what should be done by a software vendor when the product has a security flaw. One alternative, which the author discounts, is to hide the problem and hope it will not be discovered. The alternative, favored by the author, is to widely publicize the patch, hoping that `badguys' will not reverse engineer it to discover the hole. Several variations are proposed, including distri... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Privacy enhanced electronic mail

    Publication Year: 1988, Page(s):16 - 21
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (500 KB)

    The progress of work at University College of London in implementing a prototype model of a privacy-enhanced messaging (PEM) system is reported. The design of model is specified by the DARPANET IAB Privacy Task Force RFC 1040. The model is one which provides privacy, integrity, and authentication of messages transmitted in a typical electronic-mail system. The design and implementation experience ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Software security evaluation based on a top-down McCall-like approach

    Publication Year: 1988, Page(s):414 - 418
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (296 KB)

    The authors present a methodology for software security evaluation and certification. A systematic approach has been used to build software security throughout the whole life cycle. This leads to using specific development and certification techniques according to the initial risk and vulnerability analysis. In the security certification process, it is of prime importance to measure the specific s... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Identifying and representing the security semantics of an application

    Publication Year: 1988, Page(s):125 - 130
    Cited by:  Papers (10)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (600 KB)

    The author approaches database security from the semantic level. He identifies the need to classify outputs from multilevel secure database systems at a level which accurately reflects the contents. Specifically, he addresses the question of what really makes information classified, that is, the security semantics of an application. A multidimensional taxonomy of generic secrecy constraints is pre... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A mandatory access control mechanism for the Unix file system

    Publication Year: 1988, Page(s):173 - 177
    Cited by:  Patents (18)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (364 KB)

    The design of a mandatory access control (MAC) mechanism for the Unix file system is described. The design is simple, compatible with AT&T's Systems V and Berkeley's BSD Unix with Sun Microsystem's Network File System support, and it avoids some of the deficiencies present in approaches done to date. The MAC design introduces the concept of file name hiding. The design eliminates the need for ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Haystack: an intrusion detection system

    Publication Year: 1988, Page(s):37 - 44
    Cited by:  Papers (56)  |  Patents (23)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (568 KB)

    Haystack is a prototype system for the detection of intrusions in multiuser US Air Force computer systems. Haystack reduces voluminous system audit trails to short summaries of user behavior, anomalous events, and security incidents. This is designed to help the system security officer detect and investigate intrusions, particularly by insiders (authorized users). Haystacks's operation is based on... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security modeling in the Ulysses environment

    Publication Year: 1988, Page(s):386 - 392
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (528 KB)

    The authors give an overview of how the Ulysses system can be used for security modeling. The default theory of security permits the security analysis of complex designs by decomposing them into their parts. System specifications may be made by using a specialized graphical language interface and a textual interface. In addition, there are a number of support tools which aid the modeler. One of th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.