By Topic

Research in Security and Privacy, 1990. Proceedings., 1990 IEEE Computer Society Symposium on

Date 7-9 May 1990

Filter Results

Displaying Results 1 - 25 of 35
  • Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy (Cat. No.90CH2884-5)

    Publication Year: 1990
    Request permission for commercial reuse | PDF file iconPDF (1146 KB)
    Freely Available from IEEE
  • Integrating an object-oriented data model with multilevel security

    Publication Year: 1990, Page(s):76 - 85
    Cited by:  Papers (24)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (732 KB)

    A security model is presented for object-oriented database systems. This model is a departure from the traditional security models based on the passive-object active-subject paradigm. The model is a flow model whose main elements are objects and messages. An object combines the properties of a passive information repository with those of an active agent. Messages are the main instrument of informa... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A little knowledge goes a long way: faster detection of compromised data in 2-D tables

    Publication Year: 1990, Page(s):86 - 94
    Cited by:  Papers (2)  |  Patents (20)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (620 KB)

    A reexamination is made of the problem of protecting sensitive data in an n by n table of integer statistics, when the nonsensitive data are made public along with the row and column sums for the table. Consideration is given to the problem of computing the tightest upper bounds on the values of sensitive (undisclosed) cells. These bounds, together with tightest lower bounds (whi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Transaction processing in multilevel-secure databases using replicated architecture

    Publication Year: 1990, Page(s):360 - 368
    Cited by:  Papers (22)  |  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (708 KB)

    In a multilevel secure database management system based on the replicated architecture, there is a separate database management system to manage data at or below each security level, and lower-level data are replicated in all databases containing higher-level data. The issue of transaction processing in such a system is addressed. A synchronization protocol is given that guarantees one-copy serial... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Polyinstantiation integrity in multilevel relations

    Publication Year: 1990, Page(s):104 - 115
    Cited by:  Papers (17)  |  Patents (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (820 KB)

    Polyinstantiation integrity (PI) as defined in the Sea View multilevel relational data model consists of a functional dependency component and a multivalued dependency component. It is shown that the latter component rules out many practically useful relations and is therefore unduly restrictive. This leads the authors to propose that PI be defined to consist only of the functional dependency comp... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Reasoning about belief in cryptographic protocols

    Publication Year: 1990, Page(s):234 - 248
    Cited by:  Papers (123)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1004 KB)

    A mechanism is presented for reasoning about belief as a systematic way to understand the working of cryptographic protocols. The mechanism captures more features of such protocols than that given by M. Burrows et al. (1989) to which the proposals are a substantial extension. The notion of possession incorporated in the approach assumes that principles can include in messages data they do not beli... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Naming and grouping privileges to simplify security management in large databases

    Publication Year: 1990, Page(s):116 - 132
    Cited by:  Papers (20)  |  Patents (13)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1388 KB)

    An extension is described to ANSI SQI that simplifies security management by reducing the complexity of the access controls on database objects and by providing users with the flexibility to define administrative roles (like auditor or security administrator) that match their requirements for the separation of duties. The benefit of simplified security management is improved security. The main fea... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On the formal specification and verification of a multiparty session protocol

    Publication Year: 1990, Page(s):216 - 233
    Cited by:  Papers (9)  |  Patents (14)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1456 KB)

    The formal specification and verification of the multiparty session protocol discussed by the authors previously (1988) are presented. The notion of intruder processes is introduced to model intruder actions and countermeasures of the trusted computing bases. It is argued that multilevel network security can be achieved and verified formally independent of the specific transport-layer protocols ev... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Beyond the pale of MAC and DAC-defining new forms of access control

    Publication Year: 1990, Page(s):190 - 200
    Cited by:  Papers (23)  |  Patents (33)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1108 KB)

    Examples of DoD/intelligence data protection requirements are described that cannot be handled through traditional mandatory (MAC) or discretionary (DAC) access controls, and two new forms of access controls to respond to these problems are proposed. First, a user attribute-based access control for enforcement of dissemination controls is introduced. Second, a type of access control known as owner... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Referential secrecy

    Publication Year: 1990, Page(s):133 - 142
    Cited by:  Papers (4)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (716 KB)

    A referential secrecy model is presented that simplifies automatic data classification within a relational database. The model captures the secrecy semantics that reflect the dependencies among foreign key references. These dependencies form the basis for specifying classification constraints, without the complexity of rule-based or view-based mechanisms. The secrecy semantics are expressed within... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Verifying a hardware security architecture

    Publication Year: 1990, Page(s):333 - 344
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (700 KB)

    The verification work reported had three goals: (1) to develop a method for specifying components, which may be either software processes or hardware components, in terms of their possible event histories (also called traces); (2) to develop a method of verifying systems built from such components; and (3) to use these techniques to prove security properties about a realistic and substantial desig... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A VMM security kernel for the VAX architecture

    Publication Year: 1990, Page(s):2 - 19
    Cited by:  Papers (16)  |  Patents (99)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1516 KB)

    The development of a virtual-machine monitor (VMM) security kernel for the VAX architecture is described. Particular focus is on how the system's hardware, microcode, and software are aimed at meeting A1-level security requirements while maintaining the standard interfaces and applications of the VMS and ULTRIX-32 operating systems. The VAX security kernel supports multiple concurrent virtual mach... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A network security monitor

    Publication Year: 1990, Page(s):296 - 304
    Cited by:  Papers (59)  |  Patents (36)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (724 KB)

    This study concentrates on the security-related issues in a single broadcast LAN (local area network) such as Ethernet. The authors formalize various possible network attacks. Their basic strategy is to develop profiles of usage of network resources and then compare current usage patterns with the historical profile to determine possible security violations. Thus, the work is similar to the host-b... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Some conundrums concerning separation of duty

    Publication Year: 1990, Page(s):201 - 207
    Cited by:  Papers (29)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (648 KB)

    An examination is made of questions concerning commercial computer security integrity policies. An example is given of a dynamic separation of duty policy which cannot be implemented by mechanisms based on TCSEC based mechanisms alone, yet occurs in the real commercial world and can be implemented efficiently in practice. A commercial computer security product in wide use for ensuring the integrit... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Constructively using noninterference to analyze systems

    Publication Year: 1990, Page(s):162 - 169
    Cited by:  Papers (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (588 KB)

    An algorithm that can be used to construct a definition of state equivalence that is meaningful in a security context is discussed. It the algorithm is followed, then at the completion of the algorithm, it has either been demonstrated that the system is secure in the sense that there can be no information flow from a higher level to a lower level, or an exploitation scenario for a covert channel h... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Information flow in nondeterministic systems

    Publication Year: 1990, Page(s):144 - 161
    Cited by:  Papers (66)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1236 KB)

    An analysis of some recent combinatorial theories of computer security is presented from the perspective of information theory. The theories analyzed are information-flow theories based on the concept of nondeducibility. They are intended to be applicable to nondeterministic systems that may be networked View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Auditing the use of covert storage channels in secure systems

    Publication Year: 1990, Page(s):285 - 295
    Cited by:  Papers (4)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (812 KB)

    Requirements for auditing covert storage channels are defined, and some fundamental problems which appear in most computer systems are illustrated. It is argued that audit subsystems designed to minimally satisfy the TCSEC (the DoD Trusted Computer System Evaluation Criteria) requirement are unable to detect many instances of covert channel use, and hence require major design and implementation ch... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Multiversion concurrency control for multilevel secure database systems

    Publication Year: 1990, Page(s):369 - 383
    Cited by:  Papers (29)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1364 KB)

    Consideration is given to the application of multiversion schedulers in multilevel secure database management systems (MLS/DBMSs). Transactions are vital for MLS/DBMSs because they provide transparency to concurrency and failure. Concurrent execution of transactions may lead to contention among subjects for access to data, which in MLS/DBMSs may lead to security problems. Multiversion schedulers r... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The deductive theory manager: a knowledge based system for formal verification

    Publication Year: 1990, Page(s):306 - 318
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (820 KB)

    Formal verification tools and techniques are difficult and expensive to apply. To make verification of large, complex systems more practical, TRW is developing the deductive theory manager (DTM). A knowledge-based tool that integrates with the Gypsy verification environment (GVE), the DTM supports the construction of deductive theories and applies them to proofs. Knowledge bases applicable to a va... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Modeling security-relevant data semantics

    Publication Year: 1990, Page(s):384 - 391
    Cited by:  Papers (10)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (812 KB)

    A database system must have knowledge of the semantics (the properties) of the data it manages to accomplish its tasks. For a multilevel secure database system to provide effective multilevel support to users, it must have knowledge of the security-relevant data semantics. The use of an extended data model that represents both integrity and secrecy aspects of data is presented. The technique can b... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The role of trust in protected mail

    Publication Year: 1990, Page(s):210 - 215
    Cited by:  Patents (14)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (588 KB)

    TMail is a privacy-enhanced electronic mail system on a trusted operating system base. A description is given of the TMail cryptographic processes that protect the mail in transit from disclosure, detect modification, and assure source authentication. The trusted operating system is used to protect the mail and the cryptographic modules on the host system. The trust requirements for the system are... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Probabilistic interference

    Publication Year: 1990, Page(s):170 - 179
    Cited by:  Papers (24)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (748 KB)

    D. McCullough's (1988) state machine formulism and definition of restrictiveness are restated. An example system is presented which illustrates the problem of probabilistic interference. An extension to McCullough's work that solves the problem of probabilistic interference is developed. A series of examples are presented which are designed to show the application of this extension. An example whi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Adaptive real-time anomaly detection using inductively generated sequential patterns

    Publication Year: 1990, Page(s):278 - 284
    Cited by:  Papers (33)  |  Patents (54)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (484 KB)

    A time-based inductive learning approach to the problem of real-time anomaly detection is described. This approach uses sequential rules that characterize a user's behavior over time. A rulebase is used to store patterns of user activities, and anomalies are reported whenever a user's activity deviates significantly from those specified in the rules. The rules in the rulebase characterize either t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An architecture for practical delegation in a distributed system

    Publication Year: 1990, Page(s):20 - 30
    Cited by:  Papers (49)  |  Patents (41)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (952 KB)

    A practical technique for delegation is described. It provides both cryptographic assurance that a delegation was authorized and authentication of the delegated systems, thereby allowing reliable access control as well as precise auditing of the systems involved in every access. It goes further than other approaches for delegation in that it also provides termination of a delegation on demand (as ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Army Secure Operating System

    Publication Year: 1990, Page(s):50 - 60
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (876 KB)

    The Army Secure Operating System (ASOS) is a family of operating systems intended to serve the tactical needs of the US Army. It currently comprises two systems designed to be certifiable to classes C2 and A1 of the DoD Trusted Computer System Evaluation Criteria (TCSEC). Both operating systems provide a common user interface, support real-time applications written in Ada, and are configurable and... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.