By Topic

Computer Security Applications Conference, 1996., 12th Annual

Date 9-13 Dec. 1996

Filter Results

Displaying Results 1 - 25 of 30
  • Security Applications Conference [front matter]

    Publication Year: 1996 , Page(s): iii - vii
    Save to Project icon | Request Permissions | PDF file iconPDF (186 KB)  
    Freely Available from IEEE
  • Common Criteria Activities And Alternative Assurance

    Publication Year: 1996 , Page(s): 65
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (73 KB)  

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Sse-CMM Pilot Results

    Publication Year: 1996 , Page(s): 67
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (68 KB)  

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security And The National Telecommunications Infrastructure

    Publication Year: 1996 , Page(s): 138
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (69 KB)  

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Index of authors

    Publication Year: 1996 , Page(s): 249
    Save to Project icon | Request Permissions | PDF file iconPDF (43 KB)  
    Freely Available from IEEE
  • SIGMA: security for distributed object interoperability between trusted and untrusted systems

    Publication Year: 1996 , Page(s): 158 - 168
    Cited by:  Papers (2)  |  Patents (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1084 KB)  

    The SIGMA project is researching the integration and interoperation of security technologies into distributed computing environments based on CORBA, the Common Object Request Broker Architecture. The architectural results described in the paper are focused on security technologies that allow controlled, selective exchange of object oriented services among separate distributed systems that differ in security policy, mechanisms, and assurance. A central goal for our work in this area is to identify and prototype techniques that enable CORBA based application interoperation between trusted and untrusted distributed systems View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using Fortezza for transparent file encryption

    Publication Year: 1996 , Page(s): 140 - 147
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (676 KB)  

    SISTex's Assure(R) Basic product provides security features including access controls and transparent file encryption (using the Data Encryption Standard) in a DOS/Windows environment. To meet the needs of certain customers, we converted the DES based file encryption to use NSA's Fortezza card, which uses the Skipjack algorithm. Despite our expectations, Fortezza was not a clean replacement for DES. The paper discusses some of the thorny technical problems encountered during product development View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On the design of secure electronic payment schemes for Internet

    Publication Year: 1996 , Page(s): 78 - 87
    Cited by:  Papers (1)  |  Patents (3)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (828 KB)  

    Considers the design of secure electronic credit card based payment schemes for the Internet, and reveals some of the issues that have not been adequately addressed in the proposed protocols to date. This paper proposes additional mechanisms that need to be incorporated as part of the design phase of the scheme to deal efficiently with the disputes that can arise. The design methods described in this paper are applicable to a range of protocols, including iKP (Internet Kaufmannisch Protokoll), STT (Secure Transaction Technology) and SEPP (Secure Electronic Payment Protocol). Based on this discussion, the paper goes on to propose an improved payment scheme and protocol. The new protocol, referred to as the permission-based payment (PBP) protocol, provides a fair treatment of both the client and the merchant involved in the transaction. It separates the purchase request phase from the payment phase, thereby increasing the ability to handle certain class of disputes more efficiently. It removes the need to store the secret private key at the client's machine or the need for a smart card device. This is important as one cannot assume that all the clients connected to the Internet have smart card readers attached to them. The new protocol makes simpler assumptions about the environment, thereby making the scheme practical for securing commercial electronic credit card transactions View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A modular covert channel analysis methodology for trusted DG/UXTM

    Publication Year: 1996 , Page(s): 224 - 235
    Cited by:  Papers (3)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (988 KB)  

    The covert channel analysis (CCA) approach presented in the paper leverages off of the subsystem architecture of the DG/UX kernel. The kernel is structured so that each of the elements of the system state is under the control of a single subsystem. That is, these elements can only be referenced or modified by functions of the controlling subsystem; thus, each subsystem can be thought of as an abstract object. In order to make the covert channel analysis task for the Trusted DG/UX kernel more manageable and, in particular, to deal with the Ratings Maintenance Program (RAMP), a modular approach that takes advantage of the subsystem architecture is used. The CCA approach used for analyzing DG/UX is to first perform an SRM analysis for each of the subsystems that contain an exported function directly invoked from one of the system calls. These subsystems are called “peer subsystems”. The information from the SRMs for all of the peer subsystems is then used to build the kernel-wide SRM View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using a proxy X server to facilitate COTS application integration

    Publication Year: 1996 , Page(s): 185 - 190
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (496 KB)  

    The paper documents the development of a proxy X Window System server, XPatch, that facilitates integration of COTS applications on systems with trusted X Window system implementations. The XPatch design and architecture are described, portability issues addressed, and accreditation issues identified View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An extended capability architecture to enforce dynamic access control policies

    Publication Year: 1996 , Page(s): 148 - 157
    Cited by:  Patents (3)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (864 KB)  

    Capability has been widely used as a fundamental mechanism for access control in distributed systems. When an object manager receives a capability from a user process for accessing an object, it verifies the genuineness of the capability and checks whether the access request is allowed with the access rights placed on the capability. Capabilities have been recognized to be more suitable than centralized access control lists for object protection in a distributed system because of several obvious reasons. However, most existing capability based systems can only enforce static access control policies, which means all the access privileges a user possesses for an object are fully represented by a capability and will not change due to object access. These capability systems cannot be used to enforce dynamic access control policies, required by many complex applications, in which each authorization may depend upon a user's access history and/or an object's history of being accessed. The paper proposes an extended capability architecture to enforce dynamic access control policies both effectively and efficiently. The key issue is how to capture the dynamic access information in both capabilities and object managers while avoiding main disadvantages of centralized access control lists. A number of frequently desired security policies are used to demonstrate the power and flexibility of the proposed architecture. The problems regarding capability management including propagation, revocation, and distribution of capabilities are also discussed View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Starlight: Interactive Link

    Publication Year: 1996 , Page(s): 55 - 63
    Cited by:  Papers (4)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (884 KB)  

    The Interactive Link forms part of a suite of products being developed as part of the Starlight research program. This research program is investigating methods for achieving military-relevant information security capabilities which are genuinely cost-effective. The Interactive Link is a retrofittable device which fits to commercial off-the-shelf workstations and PCs which are connected to classified networks. The Link allows interactive access to low or unclassified networks, such as the Internet, in a manner which is accreditable via the authorising government agencies. The advantage of the Interactive Link over other methods is that it allows untrusted graphical windowing applications, such as X Windows applications or Microsoft Windows applications, to run in a manner permitting users to have windows at differing security levels View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Proxies for anonymous routing

    Publication Year: 1996 , Page(s): 95 - 104
    Cited by:  Papers (11)  |  Patents (19)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (920 KB)  

    Using traffic analysis, it is possible to infer who is talking to whom over a public network. This paper describes a flexible communications infrastructure, called onion routing, which is resistant to traffic analysis. Onion routing lies just beneath the application layer, and is designed to interface with a wide variety of unmodified Internet services by means of proxies. Onion routing has been implemented on a Sun Solaris 2.4; in addition, proxies for World Wide Web browsing (HTTP), remote logins (RLOGIN), e-mail (SMTP) and file transfers (FTP) have been implemented. Onion routing provides application-independent, real-time and bi-directional anonymous connections that are resistant to both eavesdropping and traffic analysis. Applications making use of onion routing's anonymous connections may (and usually should) identify their users over the anonymous connection. User anonymity may be layered on top of the anonymous connections by removing identifying information from the data stream. Our goal is anonymous connections, not anonymous communication. The use of a packet-switched public network should not automatically reveal who is talking to whom; this is the traffic analysis that onion routing complicates View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An authenticated camera

    Publication Year: 1996 , Page(s): 24 - 30
    Cited by:  Papers (5)  |  Patents (8)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (532 KB)  

    We develop protocols for an authenticated camera that allows people to verify that a given digital image was taken by a specific camera at a specific time and specific place. These protocols require interaction between the camera and base station both before and after a series of images are taken View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An evaluation of the Java security model

    Publication Year: 1996 , Page(s): 2 - 14
    Cited by:  Papers (2)  |  Patents (5)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1284 KB)  

    Java is a new programming language that has been developed by Sun Microsystems. They claim that Java has a number of advantages over traditional programming languages. One of these advantages is the ability to execute untrusted programs in a secure environment. After a brief introduction to the Java language this paper investigates the problems that would arise when running untrusted programs without providing a secure environment and several possible solutions to this problem. It then takes a close look at the solution provided by the Java security model in theory as well as in current implementations and evaluates their efficiency and flexibility for present and future ranges of application View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security issues in an EDI environment

    Publication Year: 1996 , Page(s): 129 - 136
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (732 KB)  

    EDI (Electronic Data Interchange) means electronic transmission, processing, and storage of commercial, business, or trade related documents. The paper surveys the security threats posed to an EDI system, and outlines the techniques and services used to counter these threats. Most importantly, the paper has gone into great depth to address an EDI specific security requirement-non repudiation of receipt. The current related work done to support this service is first discussed, and then a new and simple, but effective protocol to achieve non repudiation of receipt on a distributed and heterogeneous system platform is proposed View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Case-based reasoning for intrusion detection

    Publication Year: 1996 , Page(s): 214 - 223
    Cited by:  Papers (2)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (728 KB)  

    Recently there has been significant interest in applying artificial intelligence (AI) techniques to the intrusion detection problem. Attempts have been made to develop rule based and model based expert systems for intrusion detection. Although these systems have been useful for detecting intruders, they face difficulties in acquiring and representing the knowledge. We present and describe a case based reasoning approach to intrusion detection which alleviates some of the difficulties of current approaches View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Mandatory protection for Internet server software

    Publication Year: 1996 , Page(s): 178 - 184
    Cited by:  Papers (1)  |  Patents (3)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (608 KB)  

    Server software on the Internet is today's high point for software at risk. Ongoing reports of security flaws suggest that conventional Internet server software packages are intrinsically vulnerable to “server overrun”, an attack that subverts the server's behavior and causes it to run attack code instead. The attack code then penetrates other portions of the server host or site unless there are additional defenses. Mandatory protection mechanisms, like those developed for multilevel security applications, can limit the risks of server overrun to a site. Commercial systems have been developed that use three distinct mechanisms: Unix “chroot” isolation, multilevel security (MLS), and type enforcement. The paper compares and contrasts these three mechanisms for server protection View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Asymmetric isolation

    Publication Year: 1996 , Page(s): 44 - 54
    Cited by:  Papers (3)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1156 KB)  

    Examines a surprisingly simple application of unidirectional security that supports essentially risk-free MLS (multi-level security). It is an unusual environment because security rules can be absolutely enforced. Not only security violations, but also multi-level communication handshaking and most downgrading is not simply disallowed, but prevented. Experiments conducted using hardware multiple single-level nodes interconnected by unidirectional links show how this environment can be a practical alternative to software-enforced security. When we can adapt to this environment, the benefits include near-absolute strength, high performance and low cost. It seems particularly applicable to legacy systems because it is almost independent of pre-existing hardware and software View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Innovative secure payments on the Internet using the German electronic purse

    Publication Year: 1996 , Page(s): 88 - 93
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (484 KB)  

    In this paper, an innovative and secure method for payments on the Internet is described which uses the German electronic purse. We describe how the method of payment using the German electronic purse is used today at off-line terminals at the merchant's site. The security mechanisms of the payment system are described in detail. We discuss the adaption of this method to secure payments on the Internet View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Implementing security policy in a large defence procurement

    Publication Year: 1996 , Page(s): 15 - 23
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1004 KB)  

    At the 1993 ACSAC conference a previous paper was presented describing the security policy developed for a large, integrated defence procurement, the United Kingdom Royal Air Force Logistics Information Technology System (LITS). The current paper describes some of the practical difficulties encountered in implementing that security policy during subsequent stages of the LITS system development. Issues discussed include the difficulties of “future proofing” a security infrastructure in the real world where user security requirements can and do change in ways that were not anticipated, the tension between security policy requirements and cost effective security solutions, and the conflict between labelling data and the use of untrusted applications View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Design choices for symmetric key based inter-domain authentication protocols in distributed systems

    Publication Year: 1996 , Page(s): 105 - 116
    Cited by:  Patents (12)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (844 KB)  

    Authentication is a key requirement in the establishment of secure interactions between network entities. Several authentication and key establishment protocols have been proposed in recent years. Most of these protocols were designed for an intra-domain environment (i.e. one where the communicating parties reside in a single domain) and then extrapolated to the inter-domain environment. In this paper, the design of inter-domain protocols is investigated. We present the different design choices that need to be carefully considered when designing inter-domain protocols in large distributed systems. We propose three different inter-domain protocols with varying degrees of responsibility placed on the client and the trusted servers. In each case, the assumptions made in the design are explicitly stated. This helps to illustrate the rationale behind the choices made. The proposed protocols use symmetric key systems and are based on Kerberos. The arguments, rationales and designs presented in this paper are also applicable to OSF's Distributed Computing Environment (DCE) View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Verifying the correctness of cryptographic protocols using “Convince”

    Publication Year: 1996 , Page(s): 117 - 128
    Cited by:  Papers (4)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (928 KB)  

    The paper describes Convince, a tool being developed to facilitate the modeling and analysis of cryptographic protocols, particularly those supporting authentication. Convince uses a belief logic to facilitate the analysis and proof of desired properties of these protocols. Convince incorporates in its front-end a commercial computer aided software engineering tool, StP/OMT, so that an analyst can model a protocol using a combination of familiar graphical and textual notations. Convince uses a Higher Order Logic theorem prover with automated support, so as to minimize the need for specialized theorem proving knowledge. The paper describes how an analyst can use Convince to rapidly construct models of authentication protocols, and outlines a strategy for verifying their correctness. It discusses the integration of StP/OMT with the theorem proving component and practical analysis techniques based on experience acquired through analyzing several published protocols View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A role-based secure database design tool

    Publication Year: 1996 , Page(s): 203 - 212
    Cited by:  Patents (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1136 KB)  

    Starting from some previous proposals of extensions for database design methodologies, we have realised a secure database design tool. The work is based on a secure database design methodology that extends the entity relationship conceptual data model with a role based security model. The described tool features an analysis algorithm that can help detect potential security design mistakes, and a translation procedure that generates the SQL specification corresponding to the conceptual model View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A case study of two NRL Pump prototypes

    Publication Year: 1996 , Page(s): 32 - 43
    Cited by:  Papers (3)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (856 KB)  

    As computer systems become more open and interconnected, the need for reliable and secure communication also increases. The NRL (Naval Research Laboratory) Pump was introduced by Kang and Moskowitz (1993) to balance the requirements of reliability, congestion control, fairness and good performance against those of threats from covert channels and denial-of-service attacks. In this paper, we describe two prototype efforts. One (the event-driven Pump or E-Pump) implements the Pump at the process (top) layer in terms of a 4-layer network reference model, and the other (the DOS-Pump or D-Pump) implements the Pump at the transport layer. We then discuss lessons learned and how these lessons are to be used in deciding upon the final hardware implementation of the Pump View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.