[1989 Proceedings] Fifth Annual Computer Security Applications Conference

4-8 Dec. 1989

Filter Results

Displaying Results 1 - 25 of 62
  • A summary of the Unisys experience with GEMSOS

    Publication Year: 1989
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (31 KB)

    Summary form only given. In 1984, the Unisys Corporation was awarded a government contract to design and develop a multilevel secure communications system. This system contains multilevel administrative hosts that manage the connectivity between users on a network. The connectivity was driven by mandatory and discretionary policies. An early decision was made to use GEMSOS (Gemini Standard Operati... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Assessment of security requirements for sensitive systems

    Publication Year: 1989
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (44 KB)

    Summary form only given. A methodology for using a risk assessment approach to determine security and control requirements for sensitive systems is described. The assessment considers two categories of risk criteria: (1) pervasive risk and (2) specific risk. The final risk measure (or score) is calculated from the overall assessed risk ratings and weight factors assigned to these criteria. The fin... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Challenges faced today by computer security practitioners

    Publication Year: 1989
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (43 KB)

    Summary form only given. It is noted that computer security practitioners still experience difficulty in: educating management and users at all levels; securing cooperation from other security professionals and auditors; making proper use of available security technology; accurately assessing the threats, vulnerabilities, and adequacy of safeguards; and persuading management of the importance of t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Computer security and air traffic automation

    Publication Year: 1989
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (41 KB)

    Summary form only given. The author addresses the problem of whether it is possible to have an advanced automated air traffic system and still meet the safety concerns of both the controllers and system engineers as well as the computer security demands of the new Public Law 100-235, the Computer Security Act of 1987. Security has been an integral part of the planning for the advanced automation s... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Auditing: a relevant contribution to trusted database management systems

    Publication Year: 1989
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (40 KB)

    Summary form only given. An ongoing study of audit issues in the context of trusted database management systems (TDBMSs) is discussed. The study consists of a survey of the state of the art, an analysis of issues raised, and an assessment of future relevant research. The scope of the study is broad, and includes a variety of security policies and TDBMS architectures intended for commercial and def... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Fifth Annual Computer Security Applications Conference (Cat. No.89TH0287-3)

    Publication Year: 1989
    Request permission for commercial reuse | PDF file iconPDF (104 KB)
    Freely Available from IEEE
  • Development of a multi level data generation application for GEMSOS

    Publication Year: 1989, Page(s):86 - 90
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (280 KB)

    The Gemini computer, which uses the Gemini Multiprocessing Secure Operating System (GEMSOS), is one of only a handful of computers which are designed to meet A1 level requirements. Martin Marietta's approach to using the Gemini computer as a process, device, and memory manager is discussed. An example application which was developed in 25 man-days with 125 lines of trusted code is presented. The e... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security audit for embedded avionics systems

    Publication Year: 1989, Page(s):78 - 84
    Cited by:  Papers (1)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (340 KB)

    The design of security audit subsystems for real-time embedded avionics systems is described. The selection criteria of auditable events and the design of the audit functions are described. The data storage requirements and the data compression features of embedded avionics systems are analyzed. Two data compression algorithms applicable to avionics systems are described. Huffman encoding is optim... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Report from the second RADC database security workshop

    Publication Year: 1989, Page(s):310 - 313
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (256 KB)

    The second RADC (Rome Air Development Center) Invitational Database Security Workshop (held May 15-18 in Bethlehem, New Hampshire) focused on multilevel security issues for Class B3 or A1 database systems. The workshop participants discussed operating system support for secure database systems; database system process privilege; mandatory, discretionary, and need-to-know requirements; modeling iss... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Multi-party conflict: the problem and its solutions

    Publication Year: 1989, Page(s):222 - 231
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (732 KB)

    Currently there is a great deal of interest concerning polyinstantiation in database management systems (DBMSs). However, polyinstantiation is a specific solution to a problem faced by all secure systems, and the problem itself is not well characterized. The problem stems from the interference between subjects of different security compartments. The authors focus on this problem, which they call m... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The CALS Data Protection and Integrity Industry Working Group

    Publication Year: 1989, Page(s):10 - 11
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (92 KB)

    The CALS (Computer-aided Acquisition and Logistics Support) Data Protection and Integrity (DP&I) Industry Working Group (WG) has been addressing security issues associated with the CALS initiative. The group's mission, structure, composition, activities, accomplishments, and future plans are described. The CALS initiative is a cooperative effort between the Department of Defense and industry t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Protection of call detail records data in federal telecommunications

    Publication Year: 1989, Page(s):70 - 77
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (400 KB)

    Techniques for protection of the call detail records (CDR) in US federal government telecommunications systems, such as the FTS2000 and agency PABXs, are identified. CDR data flow, its use in telecommunication, and its protection requirements are described. Descriptions of threats and countermeasures are provided. Recommendations for handling and protection of the CDR database are made for the fol... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Secure database design: an implementation using a secure DBMS

    Publication Year: 1989
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (64 KB)

    G.W. Smith presented a homework problem at the second annual RADC (Rome Air Development Center) Database Security Workshop and challenged the workshop attendees to provide a prototype database design. In the present work, it is shown that most of the MLS (multilevel secure) design requirements in the homework problem could be implemented on the Sybase Secure SQL Server with no noticeable performan... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security model development environment

    Publication Year: 1989, Page(s):299 - 307
    Cited by:  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (788 KB)

    Introduces the Security Model Development Environment (SMDE); a suite of prototype tools for the development of secure systems. The development of the SMDE was performed under contract for the Rome Air Development Center and Strategic Defense Initiative. The SMDE is based on a methodology for the construction and analysis of security models, which supports the model developer via an iterative mode... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A security standard for LANs

    Publication Year: 1989
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (60 KB)

    The work of IEEE 802.10, the LAN Security Working Group, in developing the Standard for Interoperable LAN Security (SILS) is described. The areas for security standardization are: a protocol for the secure exchange of data at the data link layer, the management of cryptographic keys at the application layer, and the specification of the network management objects associated with the secure data ex... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • TCB subsets: the next step

    Publication Year: 1989, Page(s):216 - 221
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (356 KB)

    The advantages of TCB (trusted computing base) subsetting for building multilevel database systems are discussed, and the architectural impact on the database system when the TCB subsetting approach is used in a real implementation is described. Particular attention is given to such areas of difficulty as concurrency controls, recovery management, and buffer management. In discussing implications ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Electronic information security in a digital environment

    Publication Year: 1989, Page(s):6 - 9
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (176 KB)

    The protection of sensitive, unclassified industrial information is considered. Context and background are described, and the objectives and objects of security processes are discussed. Common descriptors of data protection and information security applicable to the security of digital information, which the author entitles electronic information security (ELINFOSEC), are suggested. ELINFOSEC is t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security standards for open systems

    Publication Year: 1989, Page(s):64 - 67
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (32 KB)

    A panel on security standards for open systems is summarized. The topics discussed are ISO/IEC work on OSI (open systems interconnection) security standards, CCITT DAF (framework for the support of distributed applications) security, and ECMA security standards View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Process execution controls as a mechanism to ensure consistency

    Publication Year: 1989, Page(s):114 - 120
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (444 KB)

    A mechanism for ensuring that the changes to a system and its data occur in a consistent manner is presented. The mechanism, process execution controls, imposes restrictions on the method of access to the data, unlike access controls which impose restrictions upon which users can access the data. This mechanism imposes another layer to the currently existing access control restrictions, but one th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A summary of the LDV solution to the homework problem

    Publication Year: 1989
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (60 KB)

    At the 2nd RADC Database Security Workshop the requirements for a small secure application were presented as a homework problem. This paper highlights how LDV (LOCK Data Views, a prototype trusted DBMS from Honeywell) enforces the security requirements of this application. The results were simulated on a small LDV prototype written in LISP. Rather than present LDV's whole solution to the homework ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The trusted server approach to multilevel security

    Publication Year: 1989, Page(s):335 - 341
    Cited by:  Papers (1)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (460 KB)

    Suggests the trusted server as a means of injecting multilevel security into applications such as command control and intelligence systems. It presents an example trusted database server and a trusted gateway server. A taxonomy is presented for gateway servers. Finally, the paper argues that the trusted server is a gap filler, in that it can off load much of the security design, maintenance and di... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Access control by Boolean expression evaluation

    Publication Year: 1989, Page(s):131 - 139
    Cited by:  Papers (6)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (508 KB)

    An access control mechanism based on Boolean expression evaluation is presented. This mechanism allows the implementation of customer-specified, rather than vendor-specified, security policies. The mechanism makes it possible to easily implement such conventional mechanisms as access control lists, named access control lists, user groups, user attributes, user capability lists, and user roles. Add... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • RADC database security workshop oracle corporation homework problem solution

    Publication Year: 1989
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (64 KB)

    Oracle Corporation's solution to the second RADC (Rome Air Development Center) Database Security Workshop homework problem (a 22-page specification for a multilevel secure database) was designed and implemented on a prototype delivered to the National Computer Security Center in May 1989, and was submitted for evaluation at the C2 level. The solution utilized discretionary access control (DAC) fea... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Secure automated document delivery

    Publication Year: 1989, Page(s):348 - 356
    Cited by:  Papers (1)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (436 KB)

    A model for secure delivery of documents is proposed, and a prototype system based on earlier work on secure electronic mail and automated document delivery systems is described. In the proposed architecture, security protection is provided for both document requests and the actual documents delivered. Electronic mail protocols are used for document requests and delivery, although file transfer pr... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security model consistency in secure object-oriented systems

    Publication Year: 1989, Page(s):290 - 298
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (740 KB)

    Examines three techniques for evaluating the logical consistency of an object-oriented Database security model. The first technique consists of judging the model with respect to a set of general consistency properties for database security models. The second technique compares the SODA model against two other database security models. The third technique consists of defining a set of entities and ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.