By Topic

Proceedings 1995 IEEE Symposium on Security and Privacy

8-10 May 1995

Filter Results

Displaying Results 1 - 21 of 21
  • Proceedings 1995 IEEE Symposium on Security and Privacy

    Publication Year: 1995
    Request permission for commercial reuse | PDF file iconPDF (67 KB)
    Freely Available from IEEE
  • Absorbing covers and intransitive non-interference

    Publication Year: 1995, Page(s):102 - 113
    Cited by:  Papers (21)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (784 KB)

    The paper gives necessary and sufficient conditions for a system to satisfy intransitive non-interference. Security is defined in terms of allowable flows of information among action domains as represented by an interferes relation ~>. We examine properties of special sets called basis elements generated from the relation ~> and introduce the notion of absorbing covers which is associated wi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Preserving privacy in a network of mobile computers

    Publication Year: 1995, Page(s):26 - 38
    Cited by:  Papers (15)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1084 KB)

    Even as wireless networks create the potential for access to information from mobile platforms, they pose a problem for privacy. In order to retrieve messages, users must periodically poll the network. The information that the user must give to the network could potentially be used to track that user. However, the movements of the user can also be used to hide the user's location if the protocols ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Formal methods in the THETA kernel

    Publication Year: 1995, Page(s):88 - 100
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1044 KB)

    THETA is a secure distributed operating system designed to run on a variety of hardware platforms. We are currently undertaking an effort to formally specify and implement a new THETA kernel to improve its security properties and to increase its portability. We used a number of “formal methods” tools in developing the specification and analyzing its implementation. The report presents ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Cryptographic credit control in pre-payment metering systems

    Publication Year: 1995, Page(s):15 - 23
    Cited by:  Papers (1)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (824 KB)

    We describe the successful introduction of cryptology into a new application area-protecting prepayment electricity meters from token fraud. These meters are used by a number of utilities from Scotland to South Africa, and they present some interesting security challenges View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An architecture for covert channel control in realtime networks and multiprocessors

    Publication Year: 1995, Page(s):155 - 168
    Cited by:  Papers (1)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1200 KB)

    The paper discusses a system architecture for controlling covert channels in multilevel real-time networks and multiprocessor systems. The concept is derived from a popular (non-secure) real-time architecture I refer to as a foreground/background system. I address the covert channel (confinement) problem in the real-time foreground. Covert channel control within this system architecture rests on t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A multilevel file system for high assurance

    Publication Year: 1995, Page(s):78 - 87
    Cited by:  Papers (6)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1004 KB)

    The designs of applications for multilevel systems cannot merely duplicate those of the untrusted world. When applications are built on a high assurance base, they will be constrained by the underlying policy enforcement mechanism. Consideration must be given to the creation and management of multilevel data structures by untrusted subjects. Applications should be designed to rely upon the TCB's s... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Interrogator model

    Publication Year: 1995, Page(s):251 - 260
    Cited by:  Papers (14)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (920 KB)

    The Interrogator is a protocol security analysis tool implemented in Prolog and based on a communicating-machine message transformation model with message modification threats. It supports a large and extendible class of symbolic encryption and data transformation operators with a novel equation-solving approach in the context of equational theories. The operator representation and equation-solvin... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The design and implementation of a secure auction service

    Publication Year: 1995, Page(s):2 - 14
    Cited by:  Papers (14)  |  Patents (55)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1140 KB)

    We present the design and implementation of a distributed service for performing sealed-bid auctions. This service provides an interface by which clients, or “bidders”, can issue secret bids to the service for an advertised auction. Once the bidding period has ended, the auction service opens the bids, determines the winning bid, and provides the winning bidder with a ticket for claimi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A network version of the Pump

    Publication Year: 1995, Page(s):144 - 154
    Cited by:  Papers (17)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (776 KB)

    A designer of reliable MLS networks must consider covert channels and denial of service attacks in addition to traditional network performance measures such as throughput, fairness, and reliability. We show how to extend the NRL data Pump to a certain MLS network architecture in order to balance the requirements of congestion control, fairness, good performance, and reliability against those of mi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Practical Domain and Type Enforcement for UNIX

    Publication Year: 1995, Page(s):66 - 77
    Cited by:  Papers (36)  |  Patents (21)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1124 KB)

    Type enforcement is a table-oriented mandatory access control mechanism well-suited for confining applications and restricting information flows. Although both flexible and strong, type enforcement alone imposes significant administrative costs and has not been widely adopted. Domain and Type Enforcement (DTE) is an enhanced version of type enforcement designed to provide needed simplicity and com... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Supporting security requirements in multilevel real-time databases

    Publication Year: 1995, Page(s):199 - 210
    Cited by:  Papers (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1124 KB)

    Database systems for real-time applications must satisfy timing constraints associated with transactions, in addition to maintaining data consistency. In addition to real-time requirements, security is usually required in many applications. Multilevel security requirements introduce a new dimension to transaction processing in real-time database systems. We argue that due to the conflicting goals ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Reasoning about accountability in protocols for electronic commerce

    Publication Year: 1995, Page(s):236 - 250
    Cited by:  Papers (22)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1456 KB)

    A new framework is proposed for the analysis of communication protocols that require accountability, such as those for electronic commerce. Informal arguments are presented to show that a heretofore un-explored property “provability” is pertinent to examine the potential use of communication protocols in the context of litigation, and in the context of audit. A set of postulates which ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • CSP and determinism in security modelling

    Publication Year: 1995, Page(s):114 - 127
    Cited by:  Papers (41)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1480 KB)

    We show how a variety of confidentiality properties can be expressed in terms of the abstraction mechanisms that CSP provides. We argue that determinism of the abstracted low-security viewpoint provides the best type of property. By changing the form of abstraction mechanism we are able to model different assumptions about how systems behave, including handling the distinction between input and ou... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Holding intruders accountable on the Internet

    Publication Year: 1995, Page(s):39 - 49
    Cited by:  Papers (85)  |  Patents (36)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1072 KB)

    This paper addresses the problem of tracing intruders who obscure their identity by logging through a chain of multiple machines. After discussing previous approaches to this problem, we introduce thumbprints which are short summaries of the content of a connection. These can be compared to determine whether two connections contain the same text and are therefore likely to be part of the same conn... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Version pool management in a multilevel secure multiversion transaction manager

    Publication Year: 1995, Page(s):169 - 182
    Cited by:  Papers (1)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1092 KB)

    The paper presents initial results of an ongoing project to develop an experimental prototype of a multilevel secure (MLS) database system (DBS) based upon a multiversion scheduling protocol. The purpose of the project is to explore design alternatives and demonstrate feasibility. The work focuses on the mechanisms needed to provide efficient access to multiple versions of data as required by the ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Intel 80×86 processor architecture: pitfalls for secure systems

    Publication Year: 1995, Page(s):211 - 222
    Cited by:  Papers (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1208 KB)

    An in-depth analysis of the 80×86 processor families identifies architectural properties that may have unexpected, and undesirable, results in secure computer systems. In addition, reported implementation errors in some processor versions render them undesirable for secure systems because of potential security and reliability problems. We discuss the imbalance in scrutiny for hardware protec... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The semantics and expressive power of the MLR data model

    Publication Year: 1995, Page(s):128 - 142
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1064 KB)

    We define the multilevel relational (MLR) data model for multilevel relations with element-level labeling. This model builds upon prior work of numerous authors in this area, and integrates ideas from a number of sources. A new data-based semantics is given to the MLR data model which combines ideas from SeaView, belief-based semantics and LDV model, and has the advantages of both eliminating ambi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Integrating security in CORBA based object architectures

    Publication Year: 1995, Page(s):50 - 61
    Cited by:  Papers (5)  |  Patents (24)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1040 KB)

    We propose a distributed security architecture for incorporation into object oriented distributed computing systems, and in particular, into OMG's CORBA based object architectures. The primary objective of the security architecture is to make CORBA resilient to both component failures and malicious attacks. The core of the architecture is the notion of secure ORB node-an ORB node enhanced with &ld... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Capacity estimation and auditability of network covert channels

    Publication Year: 1995, Page(s):186 - 198
    Cited by:  Papers (18)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1180 KB)

    Classical covert channel analysis has focused on channels available on a single computer: timing channels and storage channels. We characterize network covert channels. Potential network covert channels are exploited by modulating transmission characteristics. We distinguish between spatial covert channels, caused by a variation in the relative volume of communication between nodes in the network,... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Recent-secure authentication: enforcing revocation in distributed systems

    Publication Year: 1995, Page(s):224 - 235
    Cited by:  Papers (14)  |  Patents (16)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1040 KB)

    A general method is described for formally specifying and reasoning about distributed systems with any desired degree of immediacy for revoking authentication. To effect revocation, `authenticating entities' impose freshness constraints on credentials or authenticated statements made by trusted intermediaries. If fresh statements are not presented, then the authentication is questionable. Freshnes... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.