Tenth Annual Computer Security Applications Conference

5-9 Dec. 1994

Filter Results

Displaying Results 1 - 25 of 33
  • Tenth Annual Computer Security Applications Conference

    Publication Year: 1994
    Request permission for commercial reuse | |PDF file iconPDF (51 KB)
    Freely Available from IEEE
  • Where we stand in multilevel security (MLS): requirements, approaches, issues, and lessons learned

    Publication Year: 1994, Page(s):304 - 305
    Cited by:  Papers (1)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (160 KB)

    Many government planners and trusted system vendors have an oversimplified view of actual user needs for multilevel security (MLS). The purpose of this paper is to improve insight into what users really need and want in the name of MLS. This paper is primarily derived from work performed under Contract DAAB07-94-C-H601 for the Defense Information Systems Agency (DISA) View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Ops/Intel interface lessons learned: the integrator's perspective

    Publication Year: 1994, Page(s):268 - 277
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (888 KB)

    This paper describes our experiences in integrating and fielding the Operations/Intelligence (Ops/Intel) Interface. The Ops/Intel Interface integrates secure commercial off-the-shelf (COTS) technology with untrusted applications to produce a trusted Ops/Intel workstation. The Ops/Intel Interface enables the intelligence analyst to bridge the gap between the Sensitive Compartmented Information and ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Editorial: why bad things happen to good systems, and what to do about it

    Publication Year: 1994, Page(s):306 - 307
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (164 KB)

    Perfection in large software systems is improbable; therefore, it is prudent to enhance security by anticipating failures and preparing for contingencies. We propose an analogy with medicine, supporting curative as well as preventive action. Information technology (IT) security needs to allocate resources to contingency resolution mechanisms that can be used to complement prevention mechanisms View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A secure Email gateway (building an RCAS external interface)

    Publication Year: 1994, Page(s):202 - 211
    Cited by:  Papers (1)  |  Patents (47)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (852 KB)

    Fielding secure computer systems requires tradeoffs between functionality, flexibility, and security to meet the users' needs. Multilevel secure (MLS) computer systems provide better control over classified information than traditional systems and allow users from a diverse population access to information they need while protecting sensitive data. Users want the functionality of non-MLS computer ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Role-based access control: a multi-dimensional view

    Publication Year: 1994, Page(s):54 - 62
    Cited by:  Papers (19)  |  Patents (11)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (648 KB)

    Recently there has been considerable interest in role-based access control (RBAC) as an alternative, and supplement, to the traditional discretionary and mandatory access controls (DAC and MAC) embodied in the Orange Book. The roots of RBAC can be traced back to the earliest access control systems. Roles have been used in a number of systems for segregating various aspects of security and system a... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A practical approach to high assurance multilevel secure computing service

    Publication Year: 1994, Page(s):2 - 11
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (968 KB)

    Current projects aimed at providing MLS computing services rarely seem to exploit advances in related fields. Specifically, the concepts of data distribution, replication, and interoperation are currently receiving much attention in the commercial database system sector but have yet to be applied to the delivery of MLS computing services. This paper explains how these concepts might kelp deliver M... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using security models to investigate CMW design and implementation

    Publication Year: 1994, Page(s):278 - 287
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (912 KB)

    Some new security models are presented as a means of understanding the complexities of the Compartmented Mode Workstation dual-label design and the different implementations that are available. The security models, which are based upon a realistic abstraction of a computer, have floating security labels. The models are pessimistic, in that they assume that if information is potentially able to flo... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The effects of trusted technology on distributed applications

    Publication Year: 1994, Page(s):246 - 255
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (928 KB)

    The paper examines the effect of trusted technology on a distributed application being transitioned to a trusted system. Two styles of operation are examined: restricting the operation of all components of the application to a single sensitivity level and allowing the user interface components of the application to operate across a range of sensitivity levels. Within these operational styles, the ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Editorial: a view of cryptography in TCSEC products

    Publication Year: 1994, Page(s):308 - 309
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (196 KB)

    The U.S. National Computer Security Center (NCSC) recently announced a change in its historical policy of not accepting encryption of any kind as a protection mechanism for TCSEC evaluated products. This editorial presents an view of this change from a vendor's perspective and raises some of the issues associated with the new policy View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Property-based testing of privileged programs

    Publication Year: 1994, Page(s):154 - 163
    Cited by:  Papers (8)  |  Patents (19)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (820 KB)

    Addresses the problem of testing security-relevant software, especially privileged (typically, setuid root) and daemon programs in UNIX. The problem is important, since it is these programs that are the source of most UNIX security flaws. For some programs, such as the UNIX sendmail program, new security flaws are still being discovered, despite being in use for many years. For special-purpose sys... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The MITRE security perimeter

    Publication Year: 1994, Page(s):212 - 218
    Cited by:  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (596 KB)

    To protect MITRE's unclassified computing resources from unauthorized use, MITRE maintains a network firewall between the MITRE corporate network and the Internet, and limits dial-in to three modem pools. The firewall limits Internet connectivity to a small set of computer systems called boundary hosts. The boundary hosts and the modem pools use a smartcard-based user authentication scheme to ensu... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security concerns for distributed systems

    Publication Year: 1994, Page(s):12 - 20
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (704 KB)

    One of the stated purposes of the Trusted Computer System Evaluation Criteria (TCSEC) is “to provide a standard to manufacturers as to what security features to build into their new and planned commercial products in order to provide widely available systems that satisfy trust requirements (with particular emphasis on preventing the disclosure of data) for sensitive applications”. The ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Benchmarking multilevel secure database systems using the MITRE benchmark

    Publication Year: 1994, Page(s):86 - 95
    Cited by:  Papers (1)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (804 KB)

    Multilevel secure (MLS) DBMSs are subject to a number of security-related architectural and functional factors that affect performance. These factors include, among others, the distribution of data among security levels, the session levels at which queries are run, and how the database is physically partitioned into files. In this paper, we present a benchmark methodology, a test database design, ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Performance analysis of a method for high level prevention of traffic analysis using measurements from a campus network

    Publication Year: 1994, Page(s):288 - 297
    Cited by:  Papers (14)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (824 KB)

    We provide cost estimates for achieving spatial neutrality under realistic network traffic conditions using two methods. Measurements done on the University of Florida campus wide backbone network (UFNET) provide us with considerable experience to model an actual network better. Simulation results show that the algorithm's improvement over padding alone is greater for a sparse traffic matrix than ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Availability: theory and fundamentals for practical evaluation and use

    Publication Year: 1994, Page(s):258 - 264
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (480 KB)

    What the currently available security criteria are still missing is a functional structure of the concept of availability. The intention of the article is to define a functional structure of the concept of availability in terms of basic functions, similar to the Generic Headings in the ITSEC (IT Security Criteria). The article gives the basic definitions and terms as well as a terminological intro... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A validated security policy modeling approach

    Publication Year: 1994, Page(s):189 - 200
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (1032 KB)

    The paper presents a security policy modeling approach that can be applied to many types of systems, including networks and distributed systems. The approach is driven by security requirements and by system architecture. It is compatible with the modeling principles offered by recent modeling guidelines and the TCSEC modeling requirements at the B1-A1 assurance levels. The approach has been valida... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Applying the Abadi-Lamport composition theorem in real-world secure system integration environments

    Publication Year: 1994, Page(s):44 - 53
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (904 KB)

    This paper describes research that addresses application of the Abadi Lamport Composition theorem to the integration of real-world systems. The Formal Development Methodology (FDM) was used to describe system and component security properties, including access control, label consistency, and communications constraints. These descriptions were then used as input to the FDM theorem prover to prove t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • AOS: an avionics operating system for multi-level secure real-time environments

    Publication Year: 1994, Page(s):236 - 245
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (824 KB)

    In parallel with advances in the design of real-time systems there is an increasing need for real-time systems that can provide multilevel security. This need is highlighted by the DOD's endorsed move towards integrated avionics to enable real-time avionics and tactical applications to share a common processing platform. A generic Integrated Avionics Platform (IAP) is a heterogeneous distributed s... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Networked information discovery and retrieval tools: security capabilities and needs

    Publication Year: 1994, Page(s):145 - 153
    Cited by:  Patents (6)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (760 KB)

    The Internet is a rapidly growing global network of networks. Users employ the Internet to search for and retrieve information, access remote resources, and collaborate with other users. More and more information is becoming available on the Internet. Networked information discovery and retrieval (NIDR) tools, such as Gopher, Wide Area Information Server (WAIS) and World Wide Web (WWW), have been ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Architectural impact on performance of a multilevel database system

    Publication Year: 1994, Page(s):76 - 85
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (680 KB)

    Since protection and assurance are the primary concerns in multilevel secure (MLS) databases, performance has often been sacrificed in some known MLS database approaches. Motivated by performance concerns, a replicated architecture approach which uses a physically distinct back-end database management system for each security level is being investigated. This is a report on the behavior and perfor... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A prototype multilevel-secure DoD directory

    Publication Year: 1994, Page(s):180 - 188
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (684 KB)

    The US Department of Defense (DoD) has begun to plan for the implementation of a DoD Directory capability based on the CCITT X.500 series recommendations, which define the data communication network directory. The DoD Directory statement of requirements has established the need to hold data of different classifications (UNCLASSIFIED to SECRET) and to serve users with different clearances. We descr... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • System-of-systems security engineering

    Publication Year: 1994, Page(s):228 - 235
    Cited by:  Papers (8)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (704 KB)

    There is an increasing trend to treat a collection of individual systems that support a common mission as a single entity and to perform systems engineering activities for that entity. A security engineering process is proposed for systems-of-systems. This process addresses such issues as how to identify and mitigate risks resulting from connectivity, how to integrate security into a target archit... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Automated detection of vulnerabilities in privileged programs by execution monitoring

    Publication Year: 1994, Page(s):134 - 144
    Cited by:  Papers (56)  |  Patents (29)
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (888 KB)

    Presents a method for detecting exploitations of vulnerabilities in privileged programs by monitoring their execution using audit trails, where the monitoring is with respect to specifications of the security-relevant behavior of the programs. Our work is motivated by the intrusion detection paradigm, but is an attempt to avoid ad hoc approaches to codifying misuse behavior. Our approach is based ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Secure system composition: five practical initiatives

    Publication Year: 1994, Page(s):67 - 73
    Request permission for commercial reuse | Click to expandAbstract |PDF file iconPDF (560 KB)

    Standards profiles, goal security architectures, core products, the Multilevel Information Systems Security Initiative (MISSI), and security profiles are important ongoing INFOSEC initiatives. This paper considers them as varying practical attempts to solve the problem of secure system composition (i.e., of how to produce a secure system from secure components). The strategy used by each to solve ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.