Proceedings 12th Annual Computer Security Applications Conference

9-13 Dec. 1996

Filter Results

Displaying Results 1 - 25 of 30
  • Security Applications Conference [front matter]

    Publication Year: 1996, Page(s):iii - vii
    Request permission for commercial reuse | PDF file iconPDF (186 KB)
    Freely Available from IEEE
  • Common Criteria Activities And Alternative Assurance

    Publication Year: 1996, Page(s): 65
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (73 KB)

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Sse-CMM Pilot Results

    Publication Year: 1996, Page(s): 67
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (68 KB)

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security And The National Telecommunications Infrastructure

    Publication Year: 1996, Page(s): 138
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (69 KB)

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Index of authors

    Publication Year: 1996, Page(s): 249
    Request permission for commercial reuse | PDF file iconPDF (43 KB)
    Freely Available from IEEE
  • Operation chain link: the deployment of a firewall at Hanscom Air Force Base

    Publication Year: 1996, Page(s):170 - 177
    Cited by:  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (608 KB)

    In March 1995, the Electronic Systems Center (ESC) based at the Hanscom Air Force Base (AFB), Massachusetts, commissioned the development and installation of a firewall around its unclassified network. Heightened awareness of Internet threats, concern over results of recent network security assessments, and a hacker break-in at a sister Air Force installation prompted this action. The paper addres... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Innovative secure payments on the Internet using the German electronic purse

    Publication Year: 1996, Page(s):88 - 93
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (484 KB)

    In this paper, an innovative and secure method for payments on the Internet is described which uses the German electronic purse. We describe how the method of payment using the German electronic purse is used today at off-line terminals at the merchant's site. The security mechanisms of the payment system are described in detail. We discuss the adaption of this method to secure payments on the Int... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security measures for the Austrian “PAYCHIP” electronic purse application

    Publication Year: 1996, Page(s):69 - 77
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (736 KB)

    Shows a management-oriented description of the background, design principles and security measures of the Austrian nationwide electronic purse scheme (“QUICK”), as well as an experience report about the ongoing process of stating a national security policy and evaluating the level of security for the electronic purse. The considerations address decision-makers and experts interested in... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A case study of two NRL Pump prototypes

    Publication Year: 1996, Page(s):32 - 43
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (856 KB)

    As computer systems become more open and interconnected, the need for reliable and secure communication also increases. The NRL (Naval Research Laboratory) Pump was introduced by Kang and Moskowitz (1993) to balance the requirements of reliability, congestion control, fairness and good performance against those of threats from covert channels and denial-of-service attacks. In this paper, we descri... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • SIGMA: security for distributed object interoperability between trusted and untrusted systems

    Publication Year: 1996, Page(s):158 - 168
    Cited by:  Papers (2)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1084 KB)

    The SIGMA project is researching the integration and interoperation of security technologies into distributed computing environments based on CORBA, the Common Object Request Broker Architecture. The architectural results described in the paper are focused on security technologies that allow controlled, selective exchange of object oriented services among separate distributed systems that differ i... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using a proxy X server to facilitate COTS application integration

    Publication Year: 1996, Page(s):185 - 190
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (496 KB)

    The paper documents the development of a proxy X Window System server, XPatch, that facilitates integration of COTS applications on systems with trusted X Window system implementations. The XPatch design and architecture are described, portability issues addressed, and accreditation issues identified View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A comparison of multilevel structured query language (SQL) implementations

    Publication Year: 1996, Page(s):192 - 202
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (836 KB)

    The current commercial multilevel secure (MLS) database management system (DBMS) products provide extensions to SQL to support multilevel database applications. However, the DBMS vendors have implemented a variety of mechanisms that are both difficult to understand and ineffective in addressing a number of application concerns. The paper documents and compares the SQL extensions for Informix Onlin... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On the design of secure electronic payment schemes for Internet

    Publication Year: 1996, Page(s):78 - 87
    Cited by:  Papers (1)  |  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (828 KB)

    Considers the design of secure electronic credit card based payment schemes for the Internet, and reveals some of the issues that have not been adequately addressed in the proposed protocols to date. This paper proposes additional mechanisms that need to be incorporated as part of the design phase of the scheme to deal efficiently with the disputes that can arise. The design methods described in t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Internet rules but the emperor has no clothes

    Publication Year: 1996, Page(s):XIV - XIX
    Cited by:  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (540 KB)

    Today's Internet is a virtually free resource. Its existence is based upon end-users freely communicating in an open environment. However, this free and open environment does not imply any value beyond the ability to communicate. Thus most of the information currently being exchanged is not deemed “valuable” in the business sense. However, as more and more business-related information ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A role-based secure database design tool

    Publication Year: 1996, Page(s):203 - 212
    Cited by:  Papers (2)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1136 KB)

    Starting from some previous proposals of extensions for database design methodologies, we have realised a secure database design tool. The work is based on a secure database design methodology that extends the entity relationship conceptual data model with a role based security model. The described tool features an analysis algorithm that can help detect potential security design mistakes, and a t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Case-based reasoning for intrusion detection

    Publication Year: 1996, Page(s):214 - 223
    Cited by:  Papers (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (728 KB)

    Recently there has been significant interest in applying artificial intelligence (AI) techniques to the intrusion detection problem. Attempts have been made to develop rule based and model based expert systems for intrusion detection. Although these systems have been useful for detecting intruders, they face difficulties in acquiring and representing the knowledge. We present and describe a case b... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An authenticated camera

    Publication Year: 1996, Page(s):24 - 30
    Cited by:  Papers (5)  |  Patents (12)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (532 KB)

    We develop protocols for an authenticated camera that allows people to verify that a given digital image was taken by a specific camera at a specific time and specific place. These protocols require interaction between the camera and base station both before and after a series of images are taken View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security issues in an EDI environment

    Publication Year: 1996, Page(s):129 - 136
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (732 KB)

    EDI (Electronic Data Interchange) means electronic transmission, processing, and storage of commercial, business, or trade related documents. The paper surveys the security threats posed to an EDI system, and outlines the techniques and services used to counter these threats. Most importantly, the paper has gone into great depth to address an EDI specific security requirement-non repudiation of re... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Mandatory protection for Internet server software

    Publication Year: 1996, Page(s):178 - 184
    Cited by:  Papers (1)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (608 KB)

    Server software on the Internet is today's high point for software at risk. Ongoing reports of security flaws suggest that conventional Internet server software packages are intrinsically vulnerable to “server overrun”, an attack that subverts the server's behavior and causes it to run attack code instead. The attack code then penetrates other portions of the server host or site unless... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Proxies for anonymous routing

    Publication Year: 1996, Page(s):95 - 104
    Cited by:  Papers (15)  |  Patents (35)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (920 KB)

    Using traffic analysis, it is possible to infer who is talking to whom over a public network. This paper describes a flexible communications infrastructure, called onion routing, which is resistant to traffic analysis. Onion routing lies just beneath the application layer, and is designed to interface with a wide variety of unmodified Internet services by means of proxies. Onion routing has been i... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Asymmetric isolation

    Publication Year: 1996, Page(s):44 - 54
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1156 KB)

    Examines a surprisingly simple application of unidirectional security that supports essentially risk-free MLS (multi-level security). It is an unusual environment because security rules can be absolutely enforced. Not only security violations, but also multi-level communication handshaking and most downgrading is not simply disallowed, but prevented. Experiments conducted using hardware multiple s... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An evaluation of the Java security model

    Publication Year: 1996, Page(s):2 - 14
    Cited by:  Papers (2)  |  Patents (10)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1284 KB)

    Java is a new programming language that has been developed by Sun Microsystems. They claim that Java has a number of advantages over traditional programming languages. One of these advantages is the ability to execute untrusted programs in a secure environment. After a brief introduction to the Java language this paper investigates the problems that would arise when running untrusted programs with... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A modular covert channel analysis methodology for trusted DG/UXTM

    Publication Year: 1996, Page(s):224 - 235
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (988 KB)

    The covert channel analysis (CCA) approach presented in the paper leverages off of the subsystem architecture of the DG/UX kernel. The kernel is structured so that each of the elements of the system state is under the control of a single subsystem. That is, these elements can only be referenced or modified by functions of the controlling subsystem; thus, each subsystem can be thought of as an abst... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using Fortezza for transparent file encryption

    Publication Year: 1996, Page(s):140 - 147
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (676 KB)

    SISTex's Assure(R) Basic product provides security features including access controls and transparent file encryption (using the Data Encryption Standard) in a DOS/Windows environment. To meet the needs of certain customers, we converted the DES based file encryption to use NSA's Fortezza card, which uses the Skipjack algorithm. Despite our expectations, Fortezza was not a clean replacement for DE... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Design choices for symmetric key based inter-domain authentication protocols in distributed systems

    Publication Year: 1996, Page(s):105 - 116
    Cited by:  Patents (13)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (844 KB)

    Authentication is a key requirement in the establishment of secure interactions between network entities. Several authentication and key establishment protocols have been proposed in recent years. Most of these protocols were designed for an intra-domain environment (i.e. one where the communicating parties reside in a single domain) and then extrapolated to the inter-domain environment. In this p... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.