Scheduled Maintenance on March 25th, 2017:
Single article purchases and IEEE account management will be unavailable from 4:00 AM until 6:30 PM (ET). We apologize for the inconvenience.
By Topic

Tenth Annual Computer Security Applications Conference

5-9 Dec. 1994

Filter Results

Displaying Results 1 - 25 of 33
  • Tenth Annual Computer Security Applications Conference

    Publication Year: 1994
    Request permission for commercial reuse | PDF file iconPDF (51 KB)
    Freely Available from IEEE
  • Organizing MLS databases from a data modelling point of view

    Publication Year: 1994, Page(s):96 - 105
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (776 KB)

    The conceptual and logical design of multilevel secure (MLS) database applications are treated in an integrated way. For the conceptual design, a powerful semantic data model is suggested in order to represent the data and security semantics of the application domain. For the logical design, a two-phase approach is developed. Phase one consists of the transformation of the database conceptualizati... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Editorial: why bad things happen to good systems, and what to do about it

    Publication Year: 1994, Page(s):306 - 307
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (164 KB)

    Perfection in large software systems is improbable; therefore, it is prudent to enhance security by anticipating failures and preparing for contingencies. We propose an analogy with medicine, supporting curative as well as preventive action. Information technology (IT) security needs to allocate resources to contingency resolution mechanisms that can be used to complement prevention mechanisms View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A practical approach to user authentication

    Publication Year: 1994, Page(s):108 - 116
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (592 KB)

    A method for user authentication is presented which analyzes keystroking data as the user types his or her name. This study utilizes the ADALINE (ADAptive LINear Element) and backpropagation neural nets to identify the typing pattern characteristic of a particular user. A simple measure of geometric distance is also used for comparison. This paper provides a brief introduction to this type of neur... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Automated detection of vulnerabilities in privileged programs by execution monitoring

    Publication Year: 1994, Page(s):134 - 144
    Cited by:  Papers (55)  |  Patents (28)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (888 KB)

    Presents a method for detecting exploitations of vulnerabilities in privileged programs by monitoring their execution using audit trails, where the monitoring is with respect to specifications of the security-relevant behavior of the programs. Our work is motivated by the intrusion detection paradigm, but is an attempt to avoid ad hoc approaches to codifying misuse behavior. Our approach is based ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Editorial: a view of cryptography in TCSEC products

    Publication Year: 1994, Page(s):308 - 309
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (196 KB)

    The U.S. National Computer Security Center (NCSC) recently announced a change in its historical policy of not accepting encryption of any kind as a protection mechanism for TCSEC evaluated products. This editorial presents an view of this change from a vendor's perspective and raises some of the issues associated with the new policy View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security concerns for distributed systems

    Publication Year: 1994, Page(s):12 - 20
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (704 KB)

    One of the stated purposes of the Trusted Computer System Evaluation Criteria (TCSEC) is “to provide a standard to manufacturers as to what security features to build into their new and planned commercial products in order to provide widely available systems that satisfy trust requirements (with particular emphasis on preventing the disclosure of data) for sensitive applications”. The ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Audit reduction and misuse detection in heterogeneous environments: framework and application

    Publication Year: 1994, Page(s):117 - 125
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (768 KB)

    Audit data analysis is a non-invasive method for security assurance that may be used to detect computer misuse and mitigate security risks in large, distributed, open architecture environments. In most real-world environments, the heterogeneous nature of the available audit data combined with environment-specific detection requirements makes it difficult to integrate re-usable detection mechanisms... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A validated security policy modeling approach

    Publication Year: 1994, Page(s):189 - 200
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1032 KB)

    The paper presents a security policy modeling approach that can be applied to many types of systems, including networks and distributed systems. The approach is driven by security requirements and by system architecture. It is compatible with the modeling principles offered by recent modeling guidelines and the TCSEC modeling requirements at the B1-A1 assurance levels. The approach has been valida... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The MITRE security perimeter

    Publication Year: 1994, Page(s):212 - 218
    Cited by:  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (596 KB)

    To protect MITRE's unclassified computing resources from unauthorized use, MITRE maintains a network firewall between the MITRE corporate network and the Internet, and limits dial-in to three modem pools. The firewall limits Internet connectivity to a small set of computer systems called boundary hosts. The boundary hosts and the modem pools use a smartcard-based user authentication scheme to ensu... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • System-of-systems security engineering

    Publication Year: 1994, Page(s):228 - 235
    Cited by:  Papers (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (704 KB)

    There is an increasing trend to treat a collection of individual systems that support a common mission as a single entity and to perform systems engineering activities for that entity. A security engineering process is proposed for systems-of-systems. This process addresses such issues as how to identify and mitigate risks resulting from connectivity, how to integrate security into a target archit... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Networked information discovery and retrieval tools: security capabilities and needs

    Publication Year: 1994, Page(s):145 - 153
    Cited by:  Patents (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (760 KB)

    The Internet is a rapidly growing global network of networks. Users employ the Internet to search for and retrieve information, access remote resources, and collaborate with other users. More and more information is becoming available on the Internet. Networked information discovery and retrieval (NIDR) tools, such as Gopher, Wide Area Information Server (WAIS) and World Wide Web (WWW), have been ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Applying the Abadi-Lamport composition theorem in real-world secure system integration environments

    Publication Year: 1994, Page(s):44 - 53
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (904 KB)

    This paper describes research that addresses application of the Abadi Lamport Composition theorem to the integration of real-world systems. The Formal Development Methodology (FDM) was used to describe system and component security properties, including access control, label consistency, and communications constraints. These descriptions were then used as input to the FDM theorem prover to prove t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security for the Common Object Request Broker Architecture (CORBA)

    Publication Year: 1994, Page(s):21 - 30
    Cited by:  Papers (1)  |  Patents (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (840 KB)

    Over the last several years, there has been an emphasis on distributed client/server computing in business as well as government. A useful means of achieving this capability is through the use of object technology. Distributed object systems offer many benefits, such as downsizing and right sizing, resulting in a trend toward small, modular, commercial or government off-the-shelf components as a m... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Availability: theory and fundamentals for practical evaluation and use

    Publication Year: 1994, Page(s):258 - 264
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (480 KB)

    What the currently available security criteria are still missing is a functional structure of the concept of availability. The intention of the article is to define a functional structure of the concept of availability in terms of basic functions, similar to the Generic Headings in the ITSEC (IT Security Criteria). The article gives the basic definitions and terms as well as a terminological intro... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Benchmarking multilevel secure database systems using the MITRE benchmark

    Publication Year: 1994, Page(s):86 - 95
    Cited by:  Papers (1)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (804 KB)

    Multilevel secure (MLS) DBMSs are subject to a number of security-related architectural and functional factors that affect performance. These factors include, among others, the distribution of data among security levels, the session levels at which queries are run, and how the database is physically partitioned into files. In this paper, we present a benchmark methodology, a test database design, ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Where we stand in multilevel security (MLS): requirements, approaches, issues, and lessons learned

    Publication Year: 1994, Page(s):304 - 305
    Cited by:  Papers (1)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (160 KB)

    Many government planners and trusted system vendors have an oversimplified view of actual user needs for multilevel security (MLS). The purpose of this paper is to improve insight into what users really need and want in the name of MLS. This paper is primarily derived from work performed under Contract DAAB07-94-C-H601 for the Defense Information Systems Agency (DISA) View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The design of an audit trail analysis tool

    Publication Year: 1994, Page(s):126 - 132
    Cited by:  Papers (1)  |  Patents (23)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (516 KB)

    Discusses the design of a tool that automatically removes security-sensitive information from intruder activity log files collected at a compromised site. The sanitization of sensitive information enables researchers to study the log files without further compromising the security of the affected sites. This paper begins with a brief discussion of the importance of such a tool and a description of... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A practical approach to high assurance multilevel secure computing service

    Publication Year: 1994, Page(s):2 - 11
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (968 KB)

    Current projects aimed at providing MLS computing services rarely seem to exploit advances in related fields. Specifically, the concepts of data distribution, replication, and interoperation are currently receiving much attention in the commercial database system sector but have yet to be applied to the delivery of MLS computing services. This paper explains how these concepts might kelp deliver M... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A prototype multilevel-secure DoD directory

    Publication Year: 1994, Page(s):180 - 188
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (684 KB)

    The US Department of Defense (DoD) has begun to plan for the implementation of a DoD Directory capability based on the CCITT X.500 series recommendations, which define the data communication network directory. The DoD Directory statement of requirements has established the need to hold data of different classifications (UNCLASSIFIED to SECRET) and to serve users with different clearances. We descr... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A secure Email gateway (building an RCAS external interface)

    Publication Year: 1994, Page(s):202 - 211
    Cited by:  Papers (1)  |  Patents (46)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (852 KB)

    Fielding secure computer systems requires tradeoffs between functionality, flexibility, and security to meet the users' needs. Multilevel secure (MLS) computer systems provide better control over classified information than traditional systems and allow users from a diverse population access to information they need while protecting sensitive data. Users want the functionality of non-MLS computer ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • EINet: a secure, open network for electronic commerce

    Publication Year: 1994, Page(s):219 - 226
    Cited by:  Patents (31)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (740 KB)

    Corporate users are by far the most rapidly growing segment of the Internet community, supplementing the existing base of government and academic users. Both corporate and government organizations want to use the Internet to “integrate” their enterprises, and foresee using the Internet to conduct electronic commerce as well. However, the lack of security services on the Internet deters... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The effects of trusted technology on distributed applications

    Publication Year: 1994, Page(s):246 - 255
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (928 KB)

    The paper examines the effect of trusted technology on a distributed application being transitioned to a trusted system. Two styles of operation are examined: restricting the operation of all components of the application to a single sensitivity level and allowing the user interface components of the application to operate across a range of sensitivity levels. Within these operational styles, the ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Architectural impact on performance of a multilevel database system

    Publication Year: 1994, Page(s):76 - 85
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (680 KB)

    Since protection and assurance are the primary concerns in multilevel secure (MLS) databases, performance has often been sacrificed in some known MLS database approaches. Motivated by performance concerns, a replicated architecture approach which uses a physically distinct back-end database management system for each security level is being investigated. This is a report on the behavior and perfor... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Performance analysis of a method for high level prevention of traffic analysis using measurements from a campus network

    Publication Year: 1994, Page(s):288 - 297
    Cited by:  Papers (13)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (824 KB)

    We provide cost estimates for achieving spatial neutrality under realistic network traffic conditions using two methods. Measurements done on the University of Florida campus wide backbone network (UFNET) provide us with considerable experience to model an actual network better. Simulation results show that the algorithm's improvement over padding alone is greater for a sparse traffic matrix than ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.