By Topic

Research in Security and Privacy, 1992. Proceedings., 1992 IEEE Computer Society Symposium on

Date 4-6 May 1992

Filter Results

Displaying Results 1 - 23 of 23
  • Proceedings. 1992 IEEE Computer Society Symposium on Research in Security and Privacy (Cat. No.92CH3157-5)

    Publication Year: 1992, Page(s): 0_1
    Request permission for commercial reuse | PDF file iconPDF (46 KB)
    Freely Available from IEEE
  • BLACKER: security for the DDN examples of A1 security engineering trades

    Publication Year: 1992, Page(s):286 - 292
    Cited by:  Papers (10)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (548 KB)

    BLACKER is the name given by the US Department of Defense (DoD) to a long-term project to build an integrated suite of devices to secure the US Defense Data Network (DDN). There are four devices which together provide a secure system applique to DDN designed to achieve A1 security certification. The issues reported fall into two groups: A1 security techniques and A1 program management. The first g... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On message integrity in cryptographic protocols

    Publication Year: 1992, Page(s):85 - 104
    Cited by:  Papers (23)  |  Patents (10)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1560 KB)

    An operational model for message integrity in cryptographic protocols is presented, message integrity requirements are discussed, and message structures that satisfy those requirements are suggested. A message splicing/decomposition invariant of the cipher block chaining (CBC) mode of encryption is derived and used to identify heretofore-unknown vulnerabilities of well-known protocols. The suggest... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On inter-realm authentication in large distributed systems

    Publication Year: 1992, Page(s):2 - 17
    Cited by:  Papers (7)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1216 KB)

    A policy for propagation of authentication trust across realm boundaries is defined and rationalized. This policy helps limit global security exposures that ensue whenever an authentication service is compromised. The policy is based on a hierarchical model of inter-realm authentication and can be supported by both public key and secret key systems. As an example, a simple protocol which selects i... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A resource allocation model for denial of service

    Publication Year: 1992, Page(s):137 - 147
    Cited by:  Papers (14)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (780 KB)

    A denial-of-service protection base (DPB) is characterized as a resource monitor closely related to a TCB, supporting a waiting-time policy for benign processes. Resource monitor algorithms and policies can be stated in the context of a state-transition model of a resource allocation system. Probabilistic waiting-time policies are suggested in addition to the finite- and maximum-waiting-time polic... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The influence of delay upon an idealized channel's bandwidth

    Publication Year: 1992, Page(s):62 - 67
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (396 KB)

    An optimization problem in calculating the bandwidth of a covert timing channel is discussed. In particular, the question of how dependent the bandwidth is on the magnitude of the modulation is addressed. A generalization of that covert channel is presented and its bandwidth (capacity) is studied. Attention is given to how the delay that HIGH uses to signal LOW affects the bandwidth. Increasing th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Roles in cryptographic protocols

    Publication Year: 1992, Page(s):105 - 119
    Cited by:  Papers (9)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (896 KB)

    In protocols for the distribution of symmetric keys, a principal will usually either take on the role as a session key provider or as a session key user. A principal taking on the role as session key user may also act as the master or the slave. Methods for the analysis of cryptographic protocols that fail to properly handle multiple roles are demonstrated to yield undependable results. A protocol... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Integrating security in a group oriented distributed system

    Publication Year: 1992, Page(s):18 - 32
    Cited by:  Papers (10)  |  Patents (12)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1288 KB)

    A distributed security architecture is proposed for incorporation into group oriented distributed systems, and in particular, into the Isis distributed programming toolkit. The primary goal of the architecture is to make common group-oriented abstractions robust in hostile settings in order to facilitate the construction of high-performance distributed applications that can tolerate both component... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Non-monotonic transformation of access rights

    Publication Year: 1992, Page(s):148 - 161
    Cited by:  Papers (5)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (924 KB)

    It is known that monotonic transformations unify a number of diverse access control mechanisms such as amplification, copy flags, separation of duties, and synergistic authorization. The importance and expressive power of nonmonotonic transformations is demonstrated. A formal model, called nonmonotonic transform (NMT), is defined. A distributed implementation of NMT is proposed using a client-serv... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A multilevel transaction problem for multilevel secure database systems and its solution for the replicated architecture

    Publication Year: 1992, Page(s):192 - 203
    Cited by:  Papers (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (916 KB)

    A definition of multilevel transaction for multilevel secure databases is proposed, and a notion of correctness that is consistent with the traditional idea of correctness of replicated systems is defined. To demonstrate the applicability of these ideas, an algorithm for correct transaction processing within this framework is presented for replicated architecture multilevel databases View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A `natural' decomposition of multi-level relations

    Publication Year: 1992, Page(s):273 - 284
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (744 KB)

    It is shown that the analysis of functional dependencies is useful when one wants to decompose a multilevel relation in a collection of single-level relations. The decomposition of a multilevel relation into a collection of fourth normal form (4NF) relations according to various functional dependencies is studied. These decompositions are compared to the decomposition algorithms in single-level re... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Encrypted key exchange: password-based protocols secure against dictionary attacks

    Publication Year: 1992, Page(s):72 - 84
    Cited by:  Papers (187)  |  Patents (113)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (920 KB)

    Classic cryptographic protocols based on user-chosen keys allow an attacker to mount password-guessing attacks. A combination of asymmetric (public-key) and symmetric (secret-key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced. In particular, a protocol relying on the counter-intuitive moti... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The typed access matrix model

    Publication Year: 1992, Page(s):122 - 136
    Cited by:  Papers (40)  |  Patents (26)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1008 KB)

    The typed access matrix (TAM) model is defined by introducing the notion of strong typing into the Harrison, Ruzzo, and Ullman model (HRU) (M. H. Harrison et al., 1978). It is shown that monotonic TAM (MTAM) has decidable, but NP-hard, safety for its acyclic creation cases. It is further shown that ternary MTAM has polynomial time safety analysis for its acyclic cases, even though it is, in genera... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Lattice scheduling and covert channels

    Publication Year: 1992, Page(s):52 - 61
    Cited by:  Papers (22)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (748 KB)

    The lattice scheduler is a process scheduler that reduces the performance penalty of certain covert-channel countermeasures by scheduling processes using access class attributes. The lattice scheduler was developed as part of the covert-channel analysis of the VAX security kernel. The VAX security kernel is a virtual-machine monitor security kernel for the VAX architecture designed to meet the req... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using traces based on procedure calls to reason about composability

    Publication Year: 1992, Page(s):177 - 188
    Cited by:  Papers (9)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1012 KB)

    Information flow models are usually conceived in terms of requirements on system traces, while verification that a system satisfies information flow requirements is usually done in terms of a state machine specification. The necessary translation from one model to another may result in a loss of understandability and expressiveness. J. McLean (JACM, Vol.31, no.3, pp.600-627, July 1984) showed how ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security for object-oriented database systems

    Publication Year: 1992, Page(s):260 - 272
    Cited by:  Papers (7)  |  Patents (32)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (948 KB)

    A design approach for a secure multilevel object-oriented database system is proposed by which a multilevel object-oriented system can be implemented on a conventional mandatory security kernel. Each object is assigned a single security level that applies to all its contents (variables and methods). The informal security policy model includes properties such as compatibility of security level assi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Authorization in distributed systems: a formal approach

    Publication Year: 1992, Page(s):33 - 50
    Cited by:  Papers (13)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1136 KB)

    It is argued that authorization is an independent semantic concept that must be separated from implementation mechanisms and given a precise semantics. A logical approach to representing and evaluating authorization is proposed. Specifically, a language for specifying policy bases is introduced. A policy base encodes a set of authorization requirements and is given a precise semantics based on a f... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A logical approach to multilevel security of probabilistic systems

    Publication Year: 1992, Page(s):164 - 176
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1040 KB)

    A second-order modal logic for reasoning about multilevel security in probabilistic systems is proposed. A possible world semantics is presented, and it is proved that the logic is sound with respect to it. The semantics is novel in treating probability measures themselves as possible worlds. After giving a syntatic definition of security, it is shown that the semantic interpretation of the syntac... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An optimal solution to the secure reader-writer problem

    Publication Year: 1992, Page(s):251 - 258
    Cited by:  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (596 KB)

    A synchronization mechanism that communicates information from a writer to a reader without permitting information flow in the reverse direction is presented. The synchronization mechanism takes advantage of a priori knowledge of the semantics of communicated information and is optimal because it does not require blocking, busy wait states, an unbounded number of rereads of data, or inefficient us... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A neural network component for an intrusion detection system

    Publication Year: 1992, Page(s):240 - 250
    Cited by:  Papers (83)  |  Patents (49)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (892 KB)

    An approach toward user behavior modeling that takes advantage of the properties of neural algorithms is described, and results obtained on preliminary testing of the approach are presented. The basis of the approach is the IDES (Intruder Detection Expert System) which has two components, an expert system looking for evidence of attacks on known vulnerabilities of the system and a statistical mode... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Evolution of a trusted B3 window system prototype

    Publication Year: 1992, Page(s):226 - 239
    Cited by:  Papers (3)  |  Patents (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1332 KB)

    The early issues, obstacles, and ultimate achievements of Phase II of the US DARPA Advanced Computing Systems project to develop a proof-of-concept prototype for a B3 X-Window system on a TMach base are described. The present work defines initial project goals, presents an overview of X, and describes system objectives. The major implications of meeting the B3 trust criteria and the constraints of... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Alternative correctness criteria for concurrent execution of transactions in multilevel secure databases

    Publication Year: 1992, Page(s):216 - 224
    Cited by:  Papers (12)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (700 KB)

    Two different areas related to the concurrency control in multilevel secure, multiversion databases are considered. First, the issue of correctness criteria that are weaker than one-copy serializability are explored. The requirements for a weaker correctness criterion are that it should preserve database consistency in some meaningful way, and moreover, it should be implementable in a way that doe... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A two snapshot algorithm for concurrency control in multi-level secure databases

    Publication Year: 1992, Page(s):204 - 215
    Cited by:  Papers (5)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (912 KB)

    A concurrency control algorithm for replicated, secure, multilevel databases is presented. Multiversion and replicated databases can avoid starvation problems without introducing indirect channels by maintaining stable copies of old low-level data values for use by high-level transactions. The algorithm presented improves on two comparable techniques, a direct multiversion approach of T. F. Keefe ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.