By Topic

Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy

7-9 May 1990

Filter Results

Displaying Results 1 - 25 of 35
  • Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy (Cat. No.90CH2884-5)

    Publication Year: 1990
    Request permission for commercial reuse | PDF file iconPDF (1146 KB)
    Freely Available from IEEE
  • Beyond the pale of MAC and DAC-defining new forms of access control

    Publication Year: 1990, Page(s):190 - 200
    Cited by:  Papers (31)  |  Patents (33)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1108 KB)

    Examples of DoD/intelligence data protection requirements are described that cannot be handled through traditional mandatory (MAC) or discretionary (DAC) access controls, and two new forms of access controls to respond to these problems are proposed. First, a user attribute-based access control for enforcement of dissemination controls is introduced. Second, a type of access control known as owner... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Naming and grouping privileges to simplify security management in large databases

    Publication Year: 1990, Page(s):116 - 132
    Cited by:  Papers (31)  |  Patents (13)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1388 KB)

    An extension is described to ANSI SQI that simplifies security management by reducing the complexity of the access controls on database objects and by providing users with the flexibility to define administrative roles (like auditor or security administrator) that match their requirements for the separation of duties. The benefit of simplified security management is improved security. The main fea... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A network security monitor

    Publication Year: 1990, Page(s):296 - 304
    Cited by:  Papers (71)  |  Patents (37)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (724 KB)

    This study concentrates on the security-related issues in a single broadcast LAN (local area network) such as Ethernet. The authors formalize various possible network attacks. Their basic strategy is to develop profiles of usage of network resources and then compare current usage patterns with the historical profile to determine possible security violations. Thus, the work is similar to the host-b... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security models and information flow

    Publication Year: 1990, Page(s):180 - 187
    Cited by:  Papers (74)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (692 KB)

    A theory of information flow is developed that differs from that of nondeducibility, which is seen to be a theory of information sharing. The theory is used to develop a flow-based security model (FM) and to show that the proper treatment of security-relevant causal factors in such a framework is very tricky. Using FM as a standard for comparison, an examination is made of interference, generalize... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Polyinstantiation integrity in multilevel relations

    Publication Year: 1990, Page(s):104 - 115
    Cited by:  Papers (22)  |  Patents (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (820 KB)

    Polyinstantiation integrity (PI) as defined in the Sea View multilevel relational data model consists of a functional dependency component and a multivalued dependency component. It is shown that the latter component rules out many practically useful relations and is therefore unduly restrictive. This leads the authors to propose that PI be defined to consist only of the functional dependency comp... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Verifying a hardware security architecture

    Publication Year: 1990, Page(s):333 - 344
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (700 KB)

    The verification work reported had three goals: (1) to develop a method for specifying components, which may be either software processes or hardware components, in terms of their possible event histories (also called traces); (2) to develop a method of verifying systems built from such components; and (3) to use these techniques to prove security properties about a realistic and substantial desig... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Information privacy issues for the 1990s

    Publication Year: 1990, Page(s):394 - 400
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (620 KB)

    Information privacy deals with protecting individuals against potential violations of their rights due to collection, storage, and use of personal information by the government and private sector organizations. The privacy protection laws enacted in the 1970s are inadequate and limited in scope. New applications of computer-communications technology involving personal information are now emerging ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Auditing the use of covert storage channels in secure systems

    Publication Year: 1990, Page(s):285 - 295
    Cited by:  Papers (7)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (812 KB)

    Requirements for auditing covert storage channels are defined, and some fundamental problems which appear in most computer systems are illustrated. It is argued that audit subsystems designed to minimally satisfy the TCSEC (the DoD Trusted Computer System Evaluation Criteria) requirement are unable to detect many instances of covert channel use, and hence require major design and implementation ch... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Probabilistic interference

    Publication Year: 1990, Page(s):170 - 179
    Cited by:  Papers (32)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (748 KB)

    D. McCullough's (1988) state machine formulism and definition of restrictiveness are restated. An example system is presented which illustrates the problem of probabilistic interference. An extension to McCullough's work that solves the problem of probabilistic interference is developed. A series of examples are presented which are designed to show the application of this extension. An example whi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Extending the Brewer-Nash model to a multilevel context

    Publication Year: 1990, Page(s):95 - 102
    Cited by:  Papers (14)  |  Patents (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (596 KB)

    It is shown how the Brewer-Nash Chinese wall model can be extended to a policy for handling the aggregation problem in a multilevel context. A lattice-based information flow policy that can be integrated into both the multilevel and Drewer-Nash context is derived. This information flow policy is used to develop a security policy described in terms of labeled subjects accessing labeled objects that... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Formal construction of provably secure systems with Cartesiana

    Publication Year: 1990, Page(s):319 - 332
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (888 KB)

    Cartesiana is a system to support the construction of software on the basis of formal methods. It is currently being used for the development of a provably secure system in a pilot project in West Germany. The quality criteria applied go beyond A1 and include program level verification. The Cartesiana approach to meet these criteria emphasizes constructive techniques. Proof rules are used to deriv... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Transaction processing in multilevel-secure databases using replicated architecture

    Publication Year: 1990, Page(s):360 - 368
    Cited by:  Papers (23)  |  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (708 KB)

    In a multilevel secure database management system based on the replicated architecture, there is a separate database management system to manage data at or below each security level, and lower-level data are replicated in all databases containing higher-level data. The issue of transaction processing in such a system is addressed. A synchronization protocol is given that guarantees one-copy serial... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Modeling security-relevant data semantics

    Publication Year: 1990, Page(s):384 - 391
    Cited by:  Papers (12)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (812 KB)

    A database system must have knowledge of the semantics (the properties) of the data it manages to accomplish its tasks. For a multilevel secure database system to provide effective multilevel support to users, it must have knowledge of the security-relevant data semantics. The use of an extended data model that represents both integrity and secrecy aspects of data is presented. The technique can b... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Army Secure Operating System

    Publication Year: 1990, Page(s):50 - 60
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (876 KB)

    The Army Secure Operating System (ASOS) is a family of operating systems intended to serve the tactical needs of the US Army. It currently comprises two systems designed to be certifiable to classes C2 and A1 of the DoD Trusted Computer System Evaluation Criteria (TCSEC). Both operating systems provide a common user interface, support real-time applications written in Ada, and are configurable and... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Practical authentication for distributed computing

    Publication Year: 1990, Page(s):31 - 40
    Cited by:  Papers (9)  |  Patents (14)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (804 KB)

    Issues related to authentication in a distributed computing environment are discussed. Authentication approaches used in Digital Equipment Corporation's Distributed System Security Architecture (DSSA) are described. Node, user, and process granularity authentication concerns are considered. Authentication is based on a global hierarchic naming structure and public-key cryptography. Directory-resid... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Adaptive real-time anomaly detection using inductively generated sequential patterns

    Publication Year: 1990, Page(s):278 - 284
    Cited by:  Papers (40)  |  Patents (54)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (484 KB)

    A time-based inductive learning approach to the problem of real-time anomaly detection is described. This approach uses sequential rules that characterize a user's behavior over time. A rulebase is used to store patterns of user activities, and anomalies are reported whenever a user's activity deviates significantly from those specified in the rules. The rules in the rulebase characterize either t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Constructively using noninterference to analyze systems

    Publication Year: 1990, Page(s):162 - 169
    Cited by:  Papers (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (588 KB)

    An algorithm that can be used to construct a definition of state equivalence that is meaningful in a security context is discussed. It the algorithm is followed, then at the completion of the algorithm, it has either been demonstrated that the system is secure in the sense that there can be no information flow from a higher level to a lower level, or an exploitation scenario for a covert channel h... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A little knowledge goes a long way: faster detection of compromised data in 2-D tables

    Publication Year: 1990, Page(s):86 - 94
    Cited by:  Papers (2)  |  Patents (20)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (620 KB)

    A reexamination is made of the problem of protecting sensitive data in an n by n table of integer statistics, when the nonsensitive data are made public along with the row and column sums for the table. Consideration is given to the problem of computing the tightest upper bounds on the values of sensitive (undisclosed) cells. These bounds, together with tightest lower bounds (whi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A VMM security kernel for the VAX architecture

    Publication Year: 1990, Page(s):2 - 19
    Cited by:  Papers (17)  |  Patents (100)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1516 KB)

    The development of a virtual-machine monitor (VMM) security kernel for the VAX architecture is described. Particular focus is on how the system's hardware, microcode, and software are aimed at meeting A1-level security requirements while maintaining the standard interfaces and applications of the VMS and ULTRIX-32 operating systems. The VAX security kernel supports multiple concurrent virtual mach... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A security architecture and mechanism for data confidentiality in TCP/IP protocols

    Publication Year: 1990, Page(s):249 - 259
    Cited by:  Papers (2)  |  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (700 KB)

    A method of providing data confidentiality service for secure data communication between two end users through Transmission Control Protocol/Internet Protocol (TCP/IP) protocols is presented. The system call functions of the socket compatibility interface and transport level interface libraries are used for connection establishment, data transfer, and connection release between two TCP/IP end user... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Some conundrums concerning separation of duty

    Publication Year: 1990, Page(s):201 - 207
    Cited by:  Papers (34)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (648 KB)

    An examination is made of questions concerning commercial computer security integrity policies. An example is given of a dynamic separation of duty policy which cannot be implemented by mechanisms based on TCSEC based mechanisms alone, yet occurs in the real commercial world and can be implemented efficiently in practice. A commercial computer security product in wide use for ensuring the integrit... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Referential secrecy

    Publication Year: 1990, Page(s):133 - 142
    Cited by:  Papers (4)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (716 KB)

    A referential secrecy model is presented that simplifies automatic data classification within a relational database. The model captures the secrecy semantics that reflect the dependencies among foreign key references. These dependencies form the basis for specifying classification constraints, without the complexity of rule-based or view-based mechanisms. The secrecy semantics are expressed within... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The deductive theory manager: a knowledge based system for formal verification

    Publication Year: 1990, Page(s):306 - 318
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (820 KB)

    Formal verification tools and techniques are difficult and expensive to apply. To make verification of large, complex systems more practical, TRW is developing the deductive theory manager (DTM). A knowledge-based tool that integrates with the Gypsy verification environment (GVE), the DTM supports the construction of deductive theories and applies them to proofs. Knowledge bases applicable to a va... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A hierarchical methodology for verifying microprogrammed microprocessors

    Publication Year: 1990, Page(s):345 - 357
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (968 KB)

    To date, several microprocessors have been verified using formal methods. The only successful verification efforts, however, have been on relatively simple microprocessor architectures (fewer than 32 words of micro instruction store, small instruction set, limited features for supporting operating systems, etc.). The goal of the research reported is to develop methodologies for verifying much larg... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.