By Topic

[1989 Proceedings] Fifth Annual Computer Security Applications Conference

4-8 Dec. 1989

Filter Results

Displaying Results 1 - 25 of 62
  • A summary of the Unisys experience with GEMSOS

    Publication Year: 1989
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (31 KB)

    Summary form only given. In 1984, the Unisys Corporation was awarded a government contract to design and develop a multilevel secure communications system. This system contains multilevel administrative hosts that manage the connectivity between users on a network. The connectivity was driven by mandatory and discretionary policies. An early decision was made to use GEMSOS (Gemini Standard Operati... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Assessment of security requirements for sensitive systems

    Publication Year: 1989
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (44 KB)

    Summary form only given. A methodology for using a risk assessment approach to determine security and control requirements for sensitive systems is described. The assessment considers two categories of risk criteria: (1) pervasive risk and (2) specific risk. The final risk measure (or score) is calculated from the overall assessed risk ratings and weight factors assigned to these criteria. The fin... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Challenges faced today by computer security practitioners

    Publication Year: 1989
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (43 KB)

    Summary form only given. It is noted that computer security practitioners still experience difficulty in: educating management and users at all levels; securing cooperation from other security professionals and auditors; making proper use of available security technology; accurately assessing the threats, vulnerabilities, and adequacy of safeguards; and persuading management of the importance of t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Computer security and air traffic automation

    Publication Year: 1989
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (41 KB)

    Summary form only given. The author addresses the problem of whether it is possible to have an advanced automated air traffic system and still meet the safety concerns of both the controllers and system engineers as well as the computer security demands of the new Public Law 100-235, the Computer Security Act of 1987. Security has been an integral part of the planning for the advanced automation s... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Auditing: a relevant contribution to trusted database management systems

    Publication Year: 1989
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (40 KB)

    Summary form only given. An ongoing study of audit issues in the context of trusted database management systems (TDBMSs) is discussed. The study consists of a survey of the state of the art, an analysis of issues raised, and an assessment of future relevant research. The scope of the study is broad, and includes a variety of security policies and TDBMS architectures intended for commercial and def... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Fifth Annual Computer Security Applications Conference (Cat. No.89TH0287-3)

    Publication Year: 1989
    Request permission for commercial reuse | PDF file iconPDF (104 KB)
    Freely Available from IEEE
  • Security model consistency in secure object-oriented systems

    Publication Year: 1989, Page(s):290 - 298
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (740 KB)

    Examines three techniques for evaluating the logical consistency of an object-oriented Database security model. The first technique consists of judging the model with respect to a set of general consistency properties for database security models. The second technique compares the SODA model against two other database security models. The third technique consists of defining a set of entities and ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A model of security monitoring

    Publication Year: 1989, Page(s):46 - 52
    Cited by:  Papers (3)  |  Patents (11)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (532 KB)

    A formal model of security monitoring that distinguishes two different methods of recording information (logging) and two different methods of analyzing information (auditing) is presented. From this model, implications for the design and use of security monitoring mechanisms are drawn. The model is then applied to security mechanisms for statistical databases, monitoring mechanisms for computer s... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Chinese wall security policy-an aggressive model

    Publication Year: 1989, Page(s):282 - 289
    Cited by:  Papers (39)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (300 KB)

    In Brewer and Nash's Chinese Wall security policy model, there is a very strong implicit assumption that the `conflict of interest' is an equivalence relation. It is called the BN-axiom. Such axiom is valid only for some very special circumstances. By modifying their formulation, a modified Brewer and Nash model without BN-axiom is defined. Such model turns out to be rather `conservative' in the s... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Intrusion and anomaly detection in trusted systems

    Publication Year: 1989, Page(s):39 - 45
    Cited by:  Papers (6)  |  Patents (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (612 KB)

    A real-time network and host security monitor that allows both interactive and automatic audit trail analysis is described. Audit records, i.e. tokens of actual user behavior, are examined in the context of user profiles, i.e. measures of expected behavior. This system combines a set of statistical tools for both interactive and automatic analysis of audit data, an expert system that works in conj... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Issues in distributed database security

    Publication Year: 1989, Page(s):196 - 203
    Cited by:  Papers (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (528 KB)

    The requirements for multilevel security have been shown to conflict with some database integrity and consistency properties. The authors examine the data consistency requirements for a distributed database system, consider the effects of multilevel security on meeting those requirements, and consider architecture for achieving them. They discuss the problem of providing serializability in a singl... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Considerations on TCB subsetting

    Publication Year: 1989, Page(s):105 - 106
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (116 KB)

    The hierarchical trusted computing base (TCB) subsetting architecture, which is intended to allow database management systems (DBMSs) to take advantage of the effort expended in producing and evaluating trusted multilevel operating systems, is discussed. The advantages and disadvantages that result from the use of this security architecture are explored. Another architecture, functional modulariza... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Integrity panel position paper

    Publication Year: 1989
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (56 KB)

    The author urges the thorough review and rapid adoption of the Trusted Critical Computer Systems Evaluation Criteria (TCCSEC) provided to the US Air Force. The TCCSEC is a modification to the Orange Book (TCSEC). The author notes that those who know and use the Orange Book should find it easy to understand and adapt to the following changes comprised by the TCCSEC: the idea of criticality replaces... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The role of vulnerability in risk management

    Publication Year: 1989, Page(s):32 - 38
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (388 KB)

    The treatment of vulnerability at the 1988 Risk Model Builders' Workshop is examined, and a definition of vulnerability that is intuitively satisfying and provides a foundation upon which mathematical models can be built is developed. Two vulnerability models that together appear to capture the general conceptualizations of vulnerability espoused by other authors are presented. The authors also di... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An extended cryptographic key generation scheme for multilevel data security

    Publication Year: 1989, Page(s):254 - 262
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (392 KB)

    S. Akl and P. Taylor (Proc. Crypto-82, p.237-250, 1982) proposed an elegant solution to the multilevel key distribution problem, using a cryptographic approach. In the present work, two problems associated with the Akl-Taylor scheme are considered. First, a time-memory tradeoff technique to overcome the problem of the extremely large memory space required by the Akl-Taylor scheme is proposed. Seco... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A risk driven process model for the development of trusted systems

    Publication Year: 1989, Page(s):184 - 192
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (620 KB)

    This paper presents the initial results of a DARPA-funded research effort to define a development paradigm for high-performance trusted systems in Ada. The paradigm is aimed at improving the construction process and the future products of Ada systems that require both broad trust and high performance. The need for a process model and the notions of trust and assurance are reviewed. The foundation ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security approach for rapid prototyping in multilevel secure systems

    Publication Year: 1989, Page(s):328 - 334
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (588 KB)

    Use of rapid prototyping to develop Multilevel Secure (MLS) systems requires that security be included in the rapid prototyping process. The literature shows some examples of rapid prototyping applied to secure components. However, little guidance is available for using a rapid prototype to develop an MLS system, consisting of multiple components, that can be accredited in the DOD environment. A m... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Does TCB subsetting enhance trust?

    Publication Year: 1989
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (60 KB)

    Trusted computing base (TCB) subsetting consists of subdividing a large TCB into smaller separate TCBs, each of which can be separately designed, implemented, and analyzed. The idea of TCB subsetting is attractive because it can simplify the difficult task of constructing TCBs. However, there are many unanswered questions, connected in particular with determinating the useful and meaningful ways o... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Access control by Boolean expression evaluation

    Publication Year: 1989, Page(s):131 - 139
    Cited by:  Papers (6)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (508 KB)

    An access control mechanism based on Boolean expression evaluation is presented. This mechanism allows the implementation of customer-specified, rather than vendor-specified, security policies. The mechanism makes it possible to easily implement such conventional mechanisms as access control lists, named access control lists, user groups, user attributes, user capability lists, and user roles. Add... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Multi-party conflict: the problem and its solutions

    Publication Year: 1989, Page(s):222 - 231
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (732 KB)

    Currently there is a great deal of interest concerning polyinstantiation in database management systems (DBMSs). However, polyinstantiation is a specific solution to a problem faced by all secure systems, and the problem itself is not well characterized. The problem stems from the interference between subjects of different security compartments. The authors focus on this problem, which they call m... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A perspective on integrity mechanisms

    Publication Year: 1989
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (72 KB)

    Accepting the common viewpoint that integrity is concerned with information modification rather than information disclosure or information availability, the author considers two views on what nondiscretionary controls are needed for information integrity: (1) Clark and Wilson's view that some separate mechanisms are required for enforcement of integrity policies, disjoint from those of the Orange ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • ADP security within the Customs Service

    Publication Year: 1989, Page(s):144 - 145
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (116 KB)

    Computer security within the US Customs Service is discussed. The structure and functions of the Office of Data Systems are outlined. Several cases are related that illustrate problems in the AIS (automated information system) security area. They involve customs employees who stole government funds View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Electronic messaging security: a comparison of three approaches

    Publication Year: 1989
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (64 KB)

    Three approaches to securing electronic mail are described and compared: the 1988 CCITT X.411 Recommendation, RFC 1113, and the Message Security Protocol (MSP). Each approach offers the same basic security services. The MSP approach is found to be the least invasive. Thus, the MSP approach is unable to provide additional security features such as protected reports from MTAs (mail transfer agents) ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Process execution controls as a mechanism to ensure consistency

    Publication Year: 1989, Page(s):114 - 120
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (444 KB)

    A mechanism for ensuring that the changes to a system and its data occur in a consistent manner is presented. The mechanism, process execution controls, imposes restrictions on the method of access to the data, unlike access controls which impose restrictions upon which users can access the data. This mechanism imposes another layer to the currently existing access control restrictions, but one th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Applying the TNI to system certification and accreditation

    Publication Year: 1989, Page(s):248 - 252
    Cited by:  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (400 KB)

    Department of Defense systems that process sensitive (including classified) information must undergo formal technical assessment and approval before they are allowed to operate. The technical assessment and approval processes are called certification and accreditation, respectively. The author presents issues involved in certifying and accrediting networks with respect to the two network views, th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.