Proceedings. 1989 IEEE Symposium on Security and Privacy

1-3 May 1989

Filter Results

Displaying Results 1 - 25 of 34
  • Proceedings 1989 IEEE Symposium on Security and Privacy (Cat. No.89CH2703-7)

    Publication Year: 1989
    Request permission for commercial reuse | PDF file iconPDF (54 KB)
    Freely Available from IEEE
  • A framework for expressing models of security policy

    Publication Year: 1989, Page(s):229 - 239
    Cited by:  Papers (8)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (908 KB)

    The authors first describe some issues that arise from the interplay between the security requirements for an integrated project support environment (IPSE) for the development of a trusted system, and the security requirements of the trusted system itself. All of these issues derive from security policy and the modeling of security policy. A framework is then presented which allows security polici... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A `new' security policy model

    Publication Year: 1989, Page(s):215 - 228
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1000 KB)

    A model of security is presented which integrates notions of confidentiality and integrity. This model has been developed to fulfil the needs of the RSRE SMITE project because existing modeling approaches proved to be inadequate. The authors introduce the model and subsequently compare and contrast it with existing approaches. Both an inductive confidentiality property and a noninductive integrity... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Aggregation and inference: facts and fallacies

    Publication Year: 1989, Page(s):102 - 109
    Cited by:  Papers (33)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (684 KB)

    The author examines inference and aggregation problems that can arise in multilevel relational database systems and points out some fallacies in current thinking about these problems that may hinder real progress from being made toward their solution. She distinguishes several different types of aggregation and inference problems and shows that the different types of problems are best addressed by... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Chinese Wall security policy

    Publication Year: 1989, Page(s):206 - 214
    Cited by:  Papers (223)  |  Patents (14)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (568 KB)

    The authors explore a commercial security policy (the Chinese Wall) which represents the behavior required of those persons who perform corporate analysis for financial institutions. It can be distinguished from Bell-LaPadula-like policies by the way that a user's permitted accesses are constrained by the history of his previous accesses. It is shown that the formal representation of the policy co... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • LOCK trek: navigating uncharted space

    Publication Year: 1989, Page(s):167 - 175
    Cited by:  Papers (14)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (636 KB)

    The design principles of the logical coprocessing kernel (LOCK) project are considered. LOCK is an advanced development of hardware-based computer security and cryptographic service modules. Much of the design and some of the implementation specifications are complete. The formal top level specification (FTLS) also is complete and the advanced noninterference proofs are beginning. This hardware-ba... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A security policy for an A1 DBMS (a trusted subject)

    Publication Year: 1989, Page(s):116 - 125
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (688 KB)

    A security policy for a multilevel secure relational database management system (DBMS) is stated. The DBMS is implemented as a trusted subject that can be hosted on any of a variety of secure operating systems. Accordingly, the policy is stated in two parts: (1) a generic policy for the operating-system TCB (trusted computing base) layer that states requirements that any operating system must meet... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The incorporation of multi-level IPC into Unix

    Publication Year: 1989, Page(s):94 - 99
    Cited by:  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (428 KB)

    The author discusses the design, interface, and implementation issues that need to be addressed for Unix to support multilevel synchronized file access, pipes (FIFOs), messages, and semaphores. It is shown that, by changing some of Unix's underlying mechanisms and by making additions to system calls and the run-time library, it is possible architecturally to support more flexible sharing and commu... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The hierarchical model of distributed system security

    Publication Year: 1989, Page(s):194 - 203
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (672 KB)

    A description is given of the hierarchical model (HM), an access matrix-based model used to define nondisclosure in distributed multilevel secure applications such as secure file systems, secure switches, and secure upgrade downgrade facilities. The HM explicitly encodes access rights, synchronization primitives, and indirection in its state matrix. Serializability of concurrent commands is formal... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Symbol security condition considered harmful

    Publication Year: 1989, Page(s):20 - 46
    Cited by:  Papers (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (2328 KB)

    The author identifies. interprets, and examines the requirements in the Department of Defense trusted computer system evaluation criteria (TCSEC) for the application of formal methods to the system design. The requirements are placed in their historical context to trace their origin. The TCSEC is found to have eliminated some widely-accepted, and critical, security assurance and analysis processes... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Formal model of a trusted file server

    Publication Year: 1989, Page(s):157 - 166
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (712 KB)

    The authors present a formal, mathematical model for a trusted file server (TFS) for a multilevel secure distributed computer system. The goal is to produce formal verification from the top-level specification down through code for the entire system of which a TFS is one component. By viewing the TFS as a black box, it is possible to specify its security as a relation that must hold invariantly be... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A formal model for Unix setuid

    Publication Year: 1989, Page(s):73 - 83
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (632 KB)

    The Unix setuid (set user identification) mechanism is described in the context of the GEMSOS architecture. Motivation for modeling setuid is given, and modeling and policy requirements for the control of the setuid mechanism are presented. The GEMSOS formal security policy model is compared with the Bell and LaPadula model. The Bell and LaPadula model is shown not to admit the actions of a setuid... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Detection of anomalous computer session activity

    Publication Year: 1989, Page(s):280 - 289
    Cited by:  Papers (42)  |  Patents (43)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (720 KB)

    The authors discusses Wisdom and Sense (W&S), a computer security anomaly detection system. W&S is statistically based. It automatically generates rules from historical data and, in terms of those rules, identifies computer transactions that are at variance with historically established usage patterns. Issues addressed include how W&S generates rules from a necessarily small sample of ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • With microscope and tweezers: an analysis of the Internet virus of November 1988

    Publication Year: 1989, Page(s):326 - 343
    Cited by:  Papers (36)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1260 KB)

    In early November 1988 the Internet, a collection of networks consisting of 60,000 host computers implementing the TCP/IP protocol suite, was attacked by a virus, a program which broke into computers on the network and which spread from one machine to another. The authors present a detailed analysis of the virus program. The describe the lessons that this incident has taught the Internet community... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On the derivation of secure components

    Publication Year: 1989, Page(s):242 - 247
    Cited by:  Papers (25)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (392 KB)

    The author discusses the problems in deriving a system from its specification when that specification includes simple trace-based information-flow security properties as well as safety properties. He presents two fundamental theorems of information-flow security which describe the inherent difficulties of deriving secure implementations and considers the implications of these results. It is conclu... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A security model for object-oriented databases

    Publication Year: 1989, Page(s):110 - 115
    Cited by:  Papers (12)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (352 KB)

    An authorization model for object-oriented databases is developed. This model consists of a set of policies, a structure for authorization rules, and an algorithm to evaluate access requests against the authorization rules. The model is illustrated by a specific database system intended for CAD/CAM (computer-aided design/manufacturing) applications, and incorporates knowledge rules with a database... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Tea and I: an allergy [computer security]

    Publication Year: 1989, Page(s):178 - 182
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (452 KB)

    Problems associated with the application of the connectivity approach to computer system security are addressed. The failure of trusted connectivity to protect computer systems is indicated. The work is presented in the form of an allergy View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On the cell suppression by merging technique in the lattice model of summary tables

    Publication Year: 1989, Page(s):126 - 135
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (452 KB)

    The authors investigate the suitability of the cell suppression by merging (CSM) technique as an SDB (statistical database) protection mechanism, and give various heuristic algorithms for the minimum information loss. They first revise the definition for the information loss when query probabilities are taken into account. This definition reflects the actual utilization of cells in the lattice. Th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Network security: the parts of the sum

    Publication Year: 1989, Page(s):2 - 9
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (536 KB)

    Attention is given to the three basic elements of network security, i.e. encryption, network protocols, and trusted computer system protocols. It is noted that each of these measures is needed to achieve overall network security and yet frequently the advocates of individual measures ignore the others for a variety of technical and/or doctrinal reasons. The author attempts to convey the importance... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • New methods for immediate revocation

    Publication Year: 1989, Page(s):48 - 55
    Cited by:  Papers (2)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (516 KB)

    The author introduces two techniques for immediate revocation of access rights: revocation with event counts and revocation by chaining. The two algorithms are appropriate for shared and unshared page tables, respectively, and can be used for both access control list and capability-based systems. The proposed techniques are much simpler to implement and more efficient in operation than previous re... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Policy vs. mechanism in the Secure TUNIS operating system

    Publication Year: 1989, Page(s):84 - 93
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (636 KB)

    The trusted computing base (TCB) of a secure operating system can have its security policy enforced by a small, provably correct security manager. The design of the Secure TUNIS (Toronto University system) operating system divides security concerns into policy (implemented by its security manager) and mechanism (implemented by the rest of the operating system). It is shown that this separation is ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Layering central authentication on existing distributed system terminal services

    Publication Year: 1989, Page(s):290 - 299
    Cited by:  Papers (1)  |  Patents (10)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (896 KB)

    An approach to the secure logon problem in distributed systems managed by a single authority is considered in which central authentication is layered onto existing terminal services. This approach suggests itself when a large installed base of computer systems that do not support central authentication already exists. Work to assess the feasibility of this approach was carried out. The results dem... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A model for secure information flow

    Publication Year: 1989, Page(s):248 - 258
    Cited by:  Papers (10)  |  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (600 KB)

    A model that characterizes systems that restrict information flow is proposed. The model, called the confinement model, provides greater flexibility in the binding of entities to their security classes than the current static case. A consequence of the nature of security class binding in the confinement model is its ability to enforce nontransitive information-flow policies. A framework of informa... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security issues in policy routing

    Publication Year: 1989, Page(s):183 - 193
    Cited by:  Papers (3)  |  Patents (10)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (780 KB)

    Most routing protocols, including proposed policy routing protocols, focus on environments where detection of an attack after it has taken place is sufficient. The authors explore the design of policy routing mechanisms for sensitive environments where more aggressive preventative measures are mandated. In particular, they detail the design of four secure protocol versions that prevent abuse by cr... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using narrowing in the analysis of key management protocols

    Publication Year: 1989, Page(s):138 - 147
    Cited by:  Papers (20)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (888 KB)

    The author develops methods for analyzing cryptographic protocols using techniques developed for the solutions of equations in a term rewriting system. In particular, she describes a model of a class of cryptographic protocols and possible attacks on those protocols as term rewriting systems. She also describes a software tool based on the narrowing algorithm that can be used in the analysis of su... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.