By Topic

Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy

7-9 May 1990

Filter Results

Displaying Results 1 - 25 of 35
  • Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy (Cat. No.90CH2884-5)

    Publication Year: 1990
    Request permission for commercial reuse | PDF file iconPDF (1146 KB)
    Freely Available from IEEE
  • Specification and verification of the ASOS kernel

    Publication Year: 1990, Page(s):61 - 74
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (956 KB)

    The Army Secure Operating System (ASOS) program is providing a family of operating systems for tactical data system applications in Ada. Two members of the ASOS family have been developed: a dedicated secure operating system intended for the TCSEC (the DoD Trusted Computer System Evaluation Criteria) C2 level, and a multilevel secure operating system intended for the TCSEC A1 level. An overview is... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Army Secure Operating System

    Publication Year: 1990, Page(s):50 - 60
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (876 KB)

    The Army Secure Operating System (ASOS) is a family of operating systems intended to serve the tactical needs of the US Army. It currently comprises two systems designed to be certifiable to classes C2 and A1 of the DoD Trusted Computer System Evaluation Criteria (TCSEC). Both operating systems provide a common user interface, support real-time applications written in Ada, and are configurable and... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • SP3 peer identification

    Publication Year: 1990, Page(s):41 - 48
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (636 KB)

    SP3 is a network layer protocol that has been designed to provide security services for network service users. It is assumed that the network service users reside in different private internetworks and must traverse a public internetwork to communicate. It is further assumed that SP3 services are being provided by intermediate systems that reside at the internetwork boundaries. The problem is that... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Auditing the use of covert storage channels in secure systems

    Publication Year: 1990, Page(s):285 - 295
    Cited by:  Papers (7)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (812 KB)

    Requirements for auditing covert storage channels are defined, and some fundamental problems which appear in most computer systems are illustrated. It is argued that audit subsystems designed to minimally satisfy the TCSEC (the DoD Trusted Computer System Evaluation Criteria) requirement are unable to detect many instances of covert channel use, and hence require major design and implementation ch... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Practical authentication for distributed computing

    Publication Year: 1990, Page(s):31 - 40
    Cited by:  Papers (9)  |  Patents (14)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (804 KB)

    Issues related to authentication in a distributed computing environment are discussed. Authentication approaches used in Digital Equipment Corporation's Distributed System Security Architecture (DSSA) are described. Node, user, and process granularity authentication concerns are considered. Authentication is based on a global hierarchic naming structure and public-key cryptography. Directory-resid... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A security architecture and mechanism for data confidentiality in TCP/IP protocols

    Publication Year: 1990, Page(s):249 - 259
    Cited by:  Papers (2)  |  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (700 KB)

    A method of providing data confidentiality service for secure data communication between two end users through Transmission Control Protocol/Internet Protocol (TCP/IP) protocols is presented. The system call functions of the socket compatibility interface and transport level interface libraries are used for connection establishment, data transfer, and connection release between two TCP/IP end user... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Verifying a hardware security architecture

    Publication Year: 1990, Page(s):333 - 344
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (700 KB)

    The verification work reported had three goals: (1) to develop a method for specifying components, which may be either software processes or hardware components, in terms of their possible event histories (also called traces); (2) to develop a method of verifying systems built from such components; and (3) to use these techniques to prove security properties about a realistic and substantial desig... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Constructively using noninterference to analyze systems

    Publication Year: 1990, Page(s):162 - 169
    Cited by:  Papers (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (588 KB)

    An algorithm that can be used to construct a definition of state equivalence that is meaningful in a security context is discussed. It the algorithm is followed, then at the completion of the algorithm, it has either been demonstrated that the system is secure in the sense that there can be no information flow from a higher level to a lower level, or an exploitation scenario for a covert channel h... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A little knowledge goes a long way: faster detection of compromised data in 2-D tables

    Publication Year: 1990, Page(s):86 - 94
    Cited by:  Papers (2)  |  Patents (20)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (620 KB)

    A reexamination is made of the problem of protecting sensitive data in an n by n table of integer statistics, when the nonsensitive data are made public along with the row and column sums for the table. Consideration is given to the problem of computing the tightest upper bounds on the values of sensitive (undisclosed) cells. These bounds, together with tightest lower bounds (whi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Adaptive real-time anomaly detection using inductively generated sequential patterns

    Publication Year: 1990, Page(s):278 - 284
    Cited by:  Papers (40)  |  Patents (57)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (484 KB)

    A time-based inductive learning approach to the problem of real-time anomaly detection is described. This approach uses sequential rules that characterize a user's behavior over time. A rulebase is used to store patterns of user activities, and anomalies are reported whenever a user's activity deviates significantly from those specified in the rules. The rules in the rulebase characterize either t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Polyinstantiation integrity in multilevel relations

    Publication Year: 1990, Page(s):104 - 115
    Cited by:  Papers (22)  |  Patents (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (820 KB)

    Polyinstantiation integrity (PI) as defined in the Sea View multilevel relational data model consists of a functional dependency component and a multivalued dependency component. It is shown that the latter component rules out many practically useful relations and is therefore unduly restrictive. This leads the authors to propose that PI be defined to consist only of the functional dependency comp... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An architecture for practical delegation in a distributed system

    Publication Year: 1990, Page(s):20 - 30
    Cited by:  Papers (58)  |  Patents (42)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (952 KB)

    A practical technique for delegation is described. It provides both cryptographic assurance that a delegation was authorized and authentication of the delegated systems, thereby allowing reliable access control as well as precise auditing of the systems involved in every access. It goes further than other approaches for delegation in that it also provides termination of a delegation on demand (as ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Reasoning about belief in cryptographic protocols

    Publication Year: 1990, Page(s):234 - 248
    Cited by:  Papers (157)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1004 KB)

    A mechanism is presented for reasoning about belief as a systematic way to understand the working of cryptographic protocols. The mechanism captures more features of such protocols than that given by M. Burrows et al. (1989) to which the proposals are a substantial extension. The notion of possession incorporated in the approach assumes that principles can include in messages data they do not beli... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Formal construction of provably secure systems with Cartesiana

    Publication Year: 1990, Page(s):319 - 332
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (888 KB)

    Cartesiana is a system to support the construction of software on the basis of formal methods. It is currently being used for the development of a provably secure system in a pilot project in West Germany. The quality criteria applied go beyond A1 and include program level verification. The Cartesiana approach to meet these criteria emphasizes constructive techniques. Proof rules are used to deriv... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Information flow in nondeterministic systems

    Publication Year: 1990, Page(s):144 - 161
    Cited by:  Papers (88)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1236 KB)

    An analysis of some recent combinatorial theories of computer security is presented from the perspective of information theory. The theories analyzed are information-flow theories based on the concept of nondeducibility. They are intended to be applicable to nondeterministic systems that may be networked View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The role of trust in protected mail

    Publication Year: 1990, Page(s):210 - 215
    Cited by:  Papers (1)  |  Patents (14)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (588 KB)

    TMail is a privacy-enhanced electronic mail system on a trusted operating system base. A description is given of the TMail cryptographic processes that protect the mail in transit from disclosure, detect modification, and assure source authentication. The trusted operating system is used to protect the mail and the cryptographic modules on the host system. The trust requirements for the system are... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Integrating an object-oriented data model with multilevel security

    Publication Year: 1990, Page(s):76 - 85
    Cited by:  Papers (27)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (732 KB)

    A security model is presented for object-oriented database systems. This model is a departure from the traditional security models based on the passive-object active-subject paradigm. The model is a flow model whose main elements are objects and messages. An object combines the properties of a passive information repository with those of an active agent. Messages are the main instrument of informa... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A network security monitor

    Publication Year: 1990, Page(s):296 - 304
    Cited by:  Papers (71)  |  Patents (37)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (724 KB)

    This study concentrates on the security-related issues in a single broadcast LAN (local area network) such as Ethernet. The authors formalize various possible network attacks. Their basic strategy is to develop profiles of usage of network resources and then compare current usage patterns with the historical profile to determine possible security violations. Thus, the work is similar to the host-b... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The auditing facility for a VMM security kernel

    Publication Year: 1990, Page(s):262 - 277
    Cited by:  Papers (4)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1072 KB)

    The VAX security kernel, a prototype security kernel implemented as a virtual machine monitor (VMM) for the VAX architecture, is capable of emulating one or more virtual machines (VMs) on a single physical machine allowing multiple copies of virtual machine operating systems to execute concurrently. The system supports both VMS and ULTRIX as virtual machine operating systems. A fundamental compone... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A hierarchical methodology for verifying microprogrammed microprocessors

    Publication Year: 1990, Page(s):345 - 357
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (968 KB)

    To date, several microprocessors have been verified using formal methods. The only successful verification efforts, however, have been on relatively simple microprocessor architectures (fewer than 32 words of micro instruction store, small instruction set, limited features for supporting operating systems, etc.). The goal of the research reported is to develop methodologies for verifying much larg... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Probabilistic interference

    Publication Year: 1990, Page(s):170 - 179
    Cited by:  Papers (32)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (748 KB)

    D. McCullough's (1988) state machine formulism and definition of restrictiveness are restated. An example system is presented which illustrates the problem of probabilistic interference. An extension to McCullough's work that solves the problem of probabilistic interference is developed. A series of examples are presented which are designed to show the application of this extension. An example whi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Extending the Brewer-Nash model to a multilevel context

    Publication Year: 1990, Page(s):95 - 102
    Cited by:  Papers (14)  |  Patents (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (596 KB)

    It is shown how the Brewer-Nash Chinese wall model can be extended to a policy for handling the aggregation problem in a multilevel context. A lattice-based information flow policy that can be integrated into both the multilevel and Drewer-Nash context is derived. This information flow policy is used to develop a security policy described in terms of labeled subjects accessing labeled objects that... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Naming and grouping privileges to simplify security management in large databases

    Publication Year: 1990, Page(s):116 - 132
    Cited by:  Papers (31)  |  Patents (13)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1388 KB)

    An extension is described to ANSI SQI that simplifies security management by reducing the complexity of the access controls on database objects and by providing users with the flexibility to define administrative roles (like auditor or security administrator) that match their requirements for the separation of duties. The benefit of simplified security management is improved security. The main fea... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A VMM security kernel for the VAX architecture

    Publication Year: 1990, Page(s):2 - 19
    Cited by:  Papers (18)  |  Patents (102)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1516 KB)

    The development of a virtual-machine monitor (VMM) security kernel for the VAX architecture is described. Particular focus is on how the system's hardware, microcode, and software are aimed at meeting A1-level security requirements while maintaining the standard interfaces and applications of the VMS and ULTRIX-32 operating systems. The VAX security kernel supports multiple concurrent virtual mach... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.