By Topic

Computer Security Applications Conference, 1992. Proceedings., Eighth Annual

Date Nov. 30 1992-Dec. 4 1992

Filter Results

Displaying Results 1 - 25 of 25
  • Proceedings. Eighth Annual Computer Security Applications Conference (Cat. No.92TH0470-5)

    Publication Year: 1992
    Save to Project icon | Request Permissions | PDF file iconPDF (173 KB)  
    Freely Available from IEEE
  • Access control and applications on trusted systems

    Publication Year: 1992 , Page(s): 160 - 167
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (656 KB)  

    Most current trusted automated information systems do not allow changes to or extensions of the access control policy implemented by the system vendor. This closed approach to access control can restrict the operation of site applications and commercial off-the-shelf applications on trusted systems. A flexible, open access control framework that provides relief from these restrictions is presented. A network license mechanism is used to illustrate the problem and the applicability of the framework View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A cautionary note on image downgrading

    Publication Year: 1992 , Page(s): 153 - 159
    Cited by:  Papers (15)  |  Patents (133)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1036 KB)  

    The results of an experiment that shows that it is very simple to contaminate digital images with information that can later be extracted are presented. This contamination cannot be detected when the image is displayed on a good quality graphics workstation. Based on these results, it is recommended that image downgrading based on visual display of the image to be downgraded not be performed if there is any threat of image contamination by Trojan horse programs. Potential Trojan horse programs may include untrusted image processing software View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A comparison of trusted X security policies, architectures, and interoperability

    Publication Year: 1992 , Page(s): 142 - 152
    Cited by:  Papers (2)  |  Patents (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (956 KB)  

    During the past several years, interest in architectures for multilevel secure versions of the X Window System (X) has grown dramatically, primarily in the compartmented mode workstation (CMW) community. The architectures and security policies implemented in existing CMWs are similar to each other, although they differ in certain key details. Alternatives to the current approaches are being investigated. Most notably, a TRW-led team of researchers has designed and prototyped a trusted X implementation aimed at the trusted computer systems evaluation criteria (TCSEC) B3 level. The architecture and security policies adopted by this implementation differ radically from those of all the existing CMWs. The architectures and security policies implemented in existing CMWs and the TRW prototype are surveyed, areas of commonality and divergence are identified, and areas where interoperability can be achieved are noted View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Trusted RUBIX architecture and policy model interpretation

    Publication Year: 1992 , Page(s): 97 - 110
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (592 KB)  

    A multiuser relational database management system (DBMS), Trusted RUBIX, has been designed and implemented to satisfy the requirements of the TCSEC at the B2 class. The architecture of trusted RUBIX is presented, its integration within the B2 UNIX System V platform is discussed, and the adaptation and interpretation of the SeaViews security policy model in Trusted RUBIX are explained. The lessons learned from this design and implementation exercise are also discussed View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Secure system architectures and integration

    Publication Year: 1992 , Page(s): 2 - 9
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (412 KB)  

    In order to be affordable and satisfy user requirements, today's secure systems must be constructed out of trusted and untrusted components. A framework for designing secure system architectures has been developed. Four general-purpose secure architectures were designed, and one of them was validated on the secure system integration IR&D. This work and what has been learned about secure architectures and their implementation using commercial-off-the-shelf (COTS) secure products are described View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Providing security in a phone book database using triggers

    Publication Year: 1992 , Page(s): 85 - 96
    Cited by:  Patents (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (936 KB)  

    It is proposed that all database security controls except those which provide information flow security can be built using a suitable trigger mechanism. The implementation of an example application, which has a variety of requirements for confidentially, integrity and accountability, is shown to illustrate the technique. The trigger mechanism is to be implemented using query modification as part of the SWORD secure database management system project View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Computer security myths mythtakes or `The real security problem is. . .'

    Publication Year: 1992 , Page(s): x - xx
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (928 KB)  

    Some common beliefs about computer security and the impact they have had on the field are discussed. In addition to identifying the myths, examples of blind adherence to the myths are given View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Implementing transaction control expressions by checking for absence of access rights

    Publication Year: 1992 , Page(s): 131 - 140
    Cited by:  Papers (6)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (688 KB)  

    Separation of duties is an important, real-world requirement that access control models should support. The transaction control expression (TCE) for specifying dynamic separation of duties was previously introduced. The implementation of TCEs in the typed access matrix model (TAM) is considered. It is shown that TAM requires extension for satisfactory handling of dynamic separation of duties. In particular, dynamic separation requires the capability to explicitly test for the absence of rights in cells of the access matrix. It is illustrated how TAM, extended to incorporate such tests, can implement TCEs. The impact of checks for absence of rights on safety analysis is discussed (i.e. the determination of whether or not a given subject can acquire a given right to a given object) View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Standards for computer systems security: An interoperability analysis of SDNS SP3 and ISO NLSP

    Publication Year: 1992 , Page(s): 193 - 201
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (684 KB)  

    In the open systems interconnection (OSI) communications framework, standards are being proposed for cryptography-based security protocols that will provide security services to the user. Many of these security protocols provide almost identical security services and are being pursued in groups that include ANSI, IEEE, IETF, and NATO. Two of the current security protocols defined for the network layer of the OSI communications stack that are being proposed for use by the US Department of Defense and commercial networks are examined, and the issue of interoperability between these two protocols is addressed View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Integrating cryptography into trusted systems: A criteria approach

    Publication Year: 1992 , Page(s): 30 - 36
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (708 KB)  

    The rationale behind the requirements for cryptographic implementations which have been integrated into version 3.0 of the Canadian trusted computer products evaluation criteria (CTCPEC) are presented. It is argued that an integrated set of requirements for cryptography is an essential step toward bridging the gulf between communications and computer security. A brief overview of the CTCPEC is given, with particular emphasis on those features of the CTCPEC which facilitated the development of security requirements for cryptographic modules. The scope of the security requirements for cryptographic modules and the structure of the security requirements document are discussed. The requirements on the implementation of a cryptographic module are addressed. The requirements for the integration of cryptographic modules into INFOSEC products are described. A summary of the project is provided View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A generic virus scanner for C++

    Publication Year: 1992 , Page(s): 210 - 219
    Cited by:  Papers (2)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (792 KB)  

    A virus detection tool is described. It is a generic virus scanner in C++ with no inherent limitations on the file systems, file types or host architectures that can be scanned. The tool is completely general and is structured in such a way that it can be easily augmented to recognize viruses across different system platforms with varied file types. The implementation defines an abstract C++ class, VirInfo, which encapsulates virus features common to all scannable viruses. Subclasses of this abstract class may be used to define viruses that infect different machines and operating systems. The generality of the mechanism allows it to be used for other forms of scanning as well View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An application of qualitative risk analysis to computer security for the commercial sector

    Publication Year: 1992 , Page(s): 64 - 73
    Cited by:  Papers (4)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (816 KB)  

    Computer security is emerging as the business risk of the 1990s for many organizations operating in the commercial sector. Unlike military, government, defense and financial organizations, the mid- to low-risk commercial sector does not have well-developed security procedures. However, owing to the very different security needs of the commercial sector, it is inappropriate to apply the procedures used by high-risk organizations. The characteristic system security concerns of the commercial sector, are identified, some solutions are suggested, and a structured and systematic approach to security assessment in the form of a qualitative approach to security risk analysis is investigated View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security Products (Security Pro) Transition Analysis Facility (STAF): Pragmatic concepts for MLS technology transition

    Publication Year: 1992 , Page(s): 20 - 27
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (672 KB)  

    The Security Products Transition Analysis Facility (STAF) helps both the user and vendor to mitigate interoperability problems, supporting transitions to multilevel security (MLS) integrated systems. This involves identifying and avoiding the many misconceptions and anomalies created by the academic theories and the resulting conventional wisdom formulated during the early days of security research and development. The STAF focuses on user requirements and bases solutions on operational environments and a realistic understanding of the strengths, limitations, applicability, and availability of current and future trusted components. The STAF supports MLS command center enhancements, under the Air Force Electronic Systems Center (ESC) Portable, Reusable, Integrated, Software Modules (PRISM) program. In addition, the STAF provides engineering support to government agencies requiring MLS integration View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An overview of the AMC WWMCCS CAT Guard

    Publication Year: 1992 , Page(s): 46 - 54
    Cited by:  Patents (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (632 KB)  

    The US Air Force Air Mobility Command (AMC) World Wide Military Command and Control System (WWMCCS) Crisis Action Team (CAT) Guard (WCG) system provides a multilevel secure electronic interface between AMC's Top Secret System High Command and Control Information System and AMC's Secret System High CAT Global Decision Support System. The functional capabilities of the AMC WCG are summarized. Its unique features are cited, and its current implementation status is described. A guard mediates and controls the flow of information between systems operating at different security levels View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Penetration state transition analysis: A rule-based intrusion detection approach

    Publication Year: 1992 , Page(s): 220 - 229
    Cited by:  Papers (14)  |  Patents (34)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (796 KB)  

    A new approach to representing computer penetrations is introduced called penetration state transition analysis. This approach models penetrations as a series of state transitions described in terms of signature actions and state descriptions. State transition diagrams are written to correspond to the states of an actual computer system, and these diagrams form the basis of a rule-based expert system for detecting penetrations, referred to as STAT View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Secure composition of systems

    Publication Year: 1992 , Page(s): 112 - 122
    Cited by:  Papers (4)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (996 KB)  

    Composability properties of component systems are addressed. By means of analysis of external relations among components, security problems associated with composition of the components are investigated. To solve these problems, two security models are presented. By comparing these two models, important properties of secure composition of component systems are identified View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • SNPP: A simple network payment protocol

    Publication Year: 1992 , Page(s): 173 - 179
    Cited by:  Papers (7)  |  Patents (15)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (464 KB)  

    A protocol is proposed to securely implement payment transactions between mutually distrustful parties. This protocol is designed to operate over an open network, and can be implemented using a currently available encryption technology. A logical verification of the protocol is included, as well as a status report on its implementation View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Paradigms for verification of authorization at source of electronic documents in an integrated environment

    Publication Year: 1992 , Page(s): 203 - 209
    Cited by:  Papers (1)  |  Patents (2)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (592 KB)  

    Verification of correct authorization of an electronic document at its source is as essential as the more familiar requirement of authentication and of increasing importance. This verification is a relatively new explicit requirement for electronic documents. Currently any checks of authorization at source are done by human elements in the receiving enterprise. Automated technology will force changes to current message processing methods to include verification of authorization at source in order to prevent fraud by esoteric attackers. The necessity for verification of authorization at source is explained. Paradigms based on audit principles used with paper documents are proposed and compared. Common problems of privacy and disclosure, and overheads on both sender and receiver are examined View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A conceptual model for computer security risk analysis

    Publication Year: 1992 , Page(s): 56 - 63
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (640 KB)  

    Risk analysis is required by a number of organizations to provide a basis for deciding which safeguards to implement to protect information systems. A variety of risk analysis techniques and tools have been developed. Each technique or tool is based, implicitly or explicitly, on a conceptual model of risk. The high-level conceptual model of disclosure risk for information systems used in the Analysis of Networked Systems Security Risks (ANSSR) prototype is presented View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Performance analysis of a method for high level prevention of traffic analysis

    Publication Year: 1992 , Page(s): 123 - 130
    Cited by:  Papers (6)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (512 KB)  

    One of the stated goals of communications security is the prevention of traffic analysis. A model to prevent traffic analysis by rerouting and padding the traffic matrix, so that the apparent final traffic matrix is neutral, is analyzed. The objective of this analysis is to justify the claims of the model and to show that rerouting of traffic via intermediate nodes with minimum padding is indeed a cost effective method to prevent traffic analysis. Simulation results supporting the above claim are also presented. The requirement that final traffic matrix be neutral may be too restrictive in some cases, and various modifications to the model are suggested, while still ensuring prevention of traffic analysis. Prevention of traffic analysis in real time is addressed briefly View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security constraint processing during multilevel secure database design

    Publication Year: 1992 , Page(s): 75 - 84
    Cited by:  Papers (5)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (812 KB)  

    By means of simple examples, a design technique for multilevel secure databases is proposed. The design activity covers the conceptual modeling and design phase and consists of the development of secure data schemata and secure function schemata. Data schemata represent the semantics and secrecy properties of data while function schemata describe processes and activities within the system. As security constraints defined on data or functions may influence each other, it argued that the design of a secure system must be data- as well as function-driven. Although the example chosen is quite simple, it is possible to express and model complex security relevant data semantics View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Dealing with the dynamics of security: Flexibility with utility in an MLS LAN

    Publication Year: 1992 , Page(s): 180 - 192
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1508 KB)  

    Within the US Department of Defense, developers have been designing and implementing a prototype multilevel secure local area network (MLS LAN). Researchers at MITRE have been cooperating in this development by doing the security modeling. The MLS LAN has special dynamic features, such as the ability to add new security levels during normal operations and to modify label translation schemata, which distinguish it from other secure LANs. These features enhance the functionality of the LAN without compromising its security. The principal features of the MLS LAN are highlighted. Some of the design, implementation, and modeling issues are discussed View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Trustable computing in next-generation avionic architectures

    Publication Year: 1992 , Page(s): 10 - 19
    Cited by:  Patents (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (664 KB)  

    In tomorrow's 'brilliant' weapons, next-generation avionic computers will need to orchestrate the actions of many subsystems while further maintaining the security of sensitive data, the integrity of key data and of system behavior, and often other key properties. Maintenance of these properties will help ensure that system execution is trustable, conforming to both prescribed policies and expected behavior. The essential properties of security and integrity are introduced, and other properties (like virus resistance) that should complement them in future avionic computing are cited. Traditional security maintenance as derived from simple controls that constrain application accesses in a rather rigid way are reviewed. It is illustrated how, to add integrity maintenance capability, such controls can be enhanced to support customizable application execution constraint. Mechanisms for supporting security and integrity in next-generation avionic architectures are recommended View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security test and evaluation for multilevel-mode accreditation: Lessons learned

    Publication Year: 1992 , Page(s): 37 - 45
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (744 KB)  

    MITRE's experience and lessons learned in performing security test and evaluation (ST&E) for SPADOC 4B are described. ST&E drew on contractual testing but involved extensive government testing of the system. ST&E included testing in a representative stressed environment and in failure situations. ST&E also involved verification of safeguards from security disciplines other than COMPUSEC, including procedural and physical security. SPADOC 4B has been accredited to operate in multilevel mode View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.