By Topic

[Proceedings 1988] Fourth Aerospace Computer Security Applications

12-16 Sept. 1988

Filter Results

Displaying Results 1 - 25 of 52
  • Fourth Aerospace Computer Security Applications Conference (IEEE Cat. No.CH2619-5)

    Publication Year: 1988
    Request permission for commercial reuse | PDF file iconPDF (558 KB)
    Freely Available from IEEE
  • Security modeling in the Ulysses environment

    Publication Year: 1988, Page(s):386 - 392
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (528 KB)

    The authors give an overview of how the Ulysses system can be used for security modeling. The default theory of security permits the security analysis of complex designs by decomposing them into their parts. System specifications may be made by using a specialized graphical language interface and a textual interface. In addition, there are a number of support tools which aid the modeler. One of th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Embedding cryptography into a Trusted Mach system

    Publication Year: 1988, Page(s):379 - 383
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (400 KB)

    An embedded network security prototype is being developed to research issues associated with embedding cryptography into a trusted computer system. Trusted Information Systems (TIS) is implementing SP4, mail, and key management secure data network systems (SDNS) protocols in the Trusted Mach operating system using unclassified cryptography. The TIS prototype uses transport control protocol/interne... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Implementation design for a kernelized trusted DBMS

    Publication Year: 1988, Page(s):91 - 98
    Cited by:  Papers (1)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (708 KB)

    The implementation design of the Mitre kernelized trusted database management system (TDBMS) prototype is described. The prototype is intended to be a compartmented-mode DBMS, based on the Naval Surveillance DBMS security model. The TDBMS has been implemented by retrofitting security functionality onto the Mistress commercial database product. The TDBMS security kernel controls read and write acce... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A multi-level secure message switch with minimal TCB: architectural outline and security analysis

    Publication Year: 1988, Page(s):242 - 249
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (624 KB)

    The authors describe an architectural outline for a generic secure message switch. They highlight key security issues germane to the structure and functionality of a switch for routing messages of multiple sensitivity levels over communication media with multiple security levels. The design strives to minimize the trusted computing base (TCB) in order to facilitate formal and informal verification... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An interpretation of a refined Bell-La Padula model for the TMach kernel

    Publication Year: 1988, Page(s):368 - 378
    Cited by:  Papers (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (848 KB)

    The author discusses an interpretation of the Bell-La Padula (BLP) model (1973) for the Trusted Mach (TMach) kernel. The BLP model is reviewed along with specific refinements to the discretionary-security property, *-property, the notion of trusted subjects and activation. A correspondence between the revised BLP model and the abstractions provided by the TMach kernel was demonstrated View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Exploring computer viruses

    Publication Year: 1988
    Cited by:  Papers (2)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (396 KB)

    The author presents some thoughts on viruses and explores the anatomy of a sample computer virus. He details, using C language programs, some of the fundamental parts associated with viruses and how these viruses can be detected. It is concluded that the final decision for virus control rests with risk management. It is suggested that, at the very least, contingency plans for virus recovery along ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Identifying and representing the security semantics of an application

    Publication Year: 1988, Page(s):125 - 130
    Cited by:  Papers (9)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (600 KB)

    The author approaches database security from the semantic level. He identifies the need to classify outputs from multilevel secure database systems at a level which accurately reflects the contents. Specifically, he addresses the question of what really makes information classified, that is, the security semantics of an application. A multidimensional taxonomy of generic secrecy constraints is pre... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Making databases secure with TRUDATA technology

    Publication Year: 1988, Page(s):82 - 90
    Cited by:  Papers (3)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (820 KB)

    Trusted database (TRUDATA) technology injects multilevel security (MLS) policy enforcement features and assurances into existing relational database management system (DBMS) products. TRUDATA technology consists of a data model, a security policy model, system architecture, and implementation approach which, together, define a trusted MLS DBMS. The result of applying TRUDATA technology to existing... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A model for secure distributed computations in a heterogeneous environment

    Publication Year: 1988, Page(s):233 - 241
    Cited by:  Papers (2)  |  Patents (15)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (756 KB)

    The author presents a model for secure distributed computations in a multilevel security, heterogeneous environment, called the multimember session model. This model does not place any restrictions on the computations using it, nor does it require any modification of security policies of local secure operating systems. It provides isolation between unrelated computations, and it ensures that the i... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Ensuring software integrity

    Publication Year: 1988, Page(s):323 - 330
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (492 KB)

    The authors describe an approach to ensuring the integrity of software during development. The approach minimizes the need for a physically secure computing facility by allowing much of the software development to take place in an `open' environment. The approach relies on the strict enforcement of a set of procedures to effectively counter threats (Trojan Horse insertion, attacks on secure storag... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security issues of the Trusted Mach system

    Publication Year: 1988, Page(s):362 - 367
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (484 KB)

    Trusted Mach (TMach) is a message-passing, server-oriented system being targeted at the B3 level of the Trusted Computer System Evaluation Criteria (TCSEC). The authors present a rationale for why these characteristics, and the TMach architecture that implements and embodies them, are compatible with B3 requirements. It is shown that the TMach TCB (trusted computer base), composed of a kernel (whi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Maintaining correctness, availability, and unambiguity in trusted database management systems

    Publication Year: 1988, Page(s):106 - 110
    Cited by:  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (452 KB)

    The various kinds of threats to integrity and security that arise in multilevel secure database systems are examined. The authors consider the various kinds of integrity constraints on a database and describe the conflicts between security and the various general integrity properties. They then consider an example of a trusted DBMS (database management system), in the spirit of R. Burns' `homework... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Design and implementation of a secure terminal gateway

    Publication Year: 1988, Page(s):262 - 268
    Cited by:  Papers (1)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (652 KB)

    The authors address some of the issues involved in developing applications to run in a multilevel secure security kernel. They detail their experience working with Gemini Computers Inc. machines, including their implementation of a secure terminal gateway (STG). They discuss some of the restrictions inherent in writing applications for secure computers, and how they designed the STG to best arrive... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Query processing in LDV: a secure database system

    Publication Year: 1988, Page(s):118 - 124
    Cited by:  Papers (2)  |  Patents (15)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (668 KB)

    An overview is given of the query processing of the multilevel secure database management system (MLS/DBMS), LOCK Data Views (LDV), for the secure distributed Data Views contract. The authors summarize design issues such as data distribution, polyinstantiation, and response assembly. They show the need for a security policy for a database system that builds on the classical security policies for o... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Characterizing network covert storage channels

    Publication Year: 1988, Page(s):275 - 279
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (424 KB)

    A novel characterization is presented for covert channels in stand-alone systems. This characterization is used to examine the nature of covert channels in computer networks. Most network covert channels are shown to reduce to covert channels in standalone systems. The remaining identified network covert channels are identified to be examples of a more general Trojan horse leakage problem. The sea... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • UNIX Guardians: active user intervention in data protection

    Publication Year: 1988, Page(s):199 - 204
    Cited by:  Papers (1)  |  Patents (12)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (452 KB)

    The GUARDNIX system is tailored for user participation in the protection of data. The system, an enhanced 4.2 BSD Unix, utilizes a special class of processes called Guardians to change normally passive files into active objects. Multiple processors are used to physically separate normal processes from the main operating system kernel. Data is provided additional protection by using cryptography. T... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Developing secure systems: issues and solutions

    Publication Year: 1988, Page(s):183 - 190
    Cited by:  Patents (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (732 KB)

    Specific issues associated with the development of secure systems are described. The authors focus on what an application of a mathematically-based development method means, within the constraints of a traditional development process. They then describe their experiences in the development of a secure internet system, the Multinet Gateway System. The description outlines the solutions developed in... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A mandatory access control mechanism for the Unix file system

    Publication Year: 1988, Page(s):173 - 177
    Cited by:  Patents (18)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (364 KB)

    The design of a mandatory access control (MAC) mechanism for the Unix file system is described. The design is simple, compatible with AT&T's Systems V and Berkeley's BSD Unix with Sun Microsystem's Network File System support, and it avoids some of the deficiencies present in approaches done to date. The MAC design introduces the concept of file name hiding. The design eliminates the need for ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Toward a multilevel relational data language

    Publication Year: 1988, Page(s):72 - 79
    Cited by:  Papers (3)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (624 KB)

    An implementation-dependent multilevel query language called MSQL (multilevel structured query language) for defining and manipulating (multilevel relations) is defined. The MSQL language includes an access class data type, integrity constraints, primary keys, and provision for specification of classification domains for attributes of multilevel relations. The near-term SeaView design includes an ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Encryption using random keys-a scheme for secure communications

    Publication Year: 1988, Page(s):410 - 412
    Cited by:  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (220 KB)

    An encryption scheme using a random key generator with memory is presented. This system generates a random sequence of encryption/decryption keys. A feedback mechanism is used to endow the key generator with memory, thereby making it difficult to infer the random key sequence from a partial sequence of keys. The random key sequence is independent of the encrypting algorithm and is particularly sui... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An alternative implementation of the reference monitor concept [military messaging, secure]

    Publication Year: 1988, Page(s):159 - 166
    Cited by:  Papers (1)  |  Patents (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (608 KB)

    Research into the multilevel secure automated exchange of military messages is reported. This work represents approaches to `designed-in security that are not based on the security kernal and Bell/LaPadula model approaches that have dominated military message systems and the industry. Instead, the approach is based on the concept of a network of communicating finite-state machines. The resulting p... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Integrity controls for military and commercial applications

    Publication Year: 1988, Page(s):298 - 322
    Cited by:  Papers (4)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (2028 KB)

    Because it is generally not possible to prevent the destruction or alteration of data when objects are stored or transmitted outside the security perimeter of a TCB (trusted computer base), the emphasis is placed on detecting any illicit data, including the results of computer viruses and Trojan Horse programs, using cryptographic checksums and digital signature techniques. It is concluded that a ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • System security in the Space Flight Operations Center

    Publication Year: 1988, Page(s):426 - 430
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (480 KB)

    The Space Flight Operations Center is a networked system of workstation-class computers that will provide ground support for NASA's (US National Aeronautics and Space Administration's) next generation of deep-space missions. The author recounts the development of the SFOC system security policy and discusses the various management and technology issues involved. Particular attention is given to ri... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Implications of multilevel systems on the data dictionary of a secure relational DBMS

    Publication Year: 1988, Page(s):58 - 65
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (448 KB)

    The security policy of a secure DBMS (database management system) states how users may access the database. The author concludes that the same security policies, enforced for access to user data are applicable to the data dictionary. A data dictionary that is subject to the rules of a general security policy is presented as an example. The semantics of associating a sensitivity label with informat... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.