Scheduled System Maintenance
On Tuesday, January 23, IEEE Xplore will undergo scheduled maintenance from 1:00-4:00 PM ET.
During this time, there may be intermittent impact on performance. We apologize for any inconvenience.

Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097)

4-7 May 1997

Filter Results

Displaying Results 1 - 25 of 30
  • Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097)

    Publication Year: 1997
    Request permission for commercial reuse | PDF file iconPDF (275 KB)
    Freely Available from IEEE
  • Access control for the SPIN extensible operating system

    Publication Year: 1997
    Cited by:  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (112 KB)

    Summary form only given. In the SPIN operating system (B.N. Bershad et al., 1995; Przemyslaw Pardyak and B.N. Bershad, 1996) built at the University of Washington, we are experimenting with a version of domain and type enforcement (DTE) (L. Badger et al., 1995) that has been extended to address the security concerns of extensible systems. The SPIN operating system defines an extension infrastructu... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Author index

    Publication Year: 1997, Page(s): 249
    Request permission for commercial reuse | PDF file iconPDF (52 KB)
    Freely Available from IEEE
  • Some weaknesses of the TCB model

    Publication Year: 1997, Page(s):3 - 5
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (204 KB)

    This paper summarizes the affirmative argument supporting the proposition that “the concept of the trusted computing base (TCB) as a basis for constructing systems to meet security requirements is fundamentally flawed and should no longer be used to justify system security architectures” View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Is The Trusted Computing Base Concept Fundamentally Flawed?

    Publication Year: 1997, Page(s): 2
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (84 KB)

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An MBone proxy for an application gateway firewall

    Publication Year: 1997, Page(s):72 - 81
    Cited by:  Papers (1)  |  Patents (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (900 KB)

    The Internet's multicast backbone (MBone) holds great potential for many organizations because it supports low-cost audio and video conferencing and carries live broadcasts of an increasing number of public interest events. MBone conferences are transmitted via unauthenticated multicast datagrams, which unfortunately convey significant security vulnerabilities to any system that receives them. For... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Escort: securing Scout paths

    Publication Year: 1997
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (80 KB)

    Scout is a communication oriented operating system that can be specialized for different information appliances. It uses paths as an explicit first class object to describe the flow of information through the system. Escort is the security architecture for Scout. It uses the explicit knowledge provided by a path abstraction to secure information flow in a flexible manner View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An authorization scheme for distributed object systems

    Publication Year: 1997, Page(s):21 - 30
    Cited by:  Papers (4)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (800 KB)

    Addresses the problem of distributed object system protection. A new authorization scheme is presented and described, based on the collaboration between a central authorization server and security kernels located on each site of the system. A novel approach to access rights management for such an architecture is detailed, based on a new kind of access rights and a new scheme of privilege delegatio... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Providing flexibility in information flow control for object oriented systems

    Publication Year: 1997, Page(s):130 - 140
    Cited by:  Papers (19)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1004 KB)

    This paper presents an approach to control information flow in object-oriented systems that takes into account, besides authorizations on objects, also how the information has been obtained and/or transmitted. These aspects are considered by allowing exceptions to the restrictions stated by the authorizations. Exceptions are specified by means of waivers associated with methods. Two kinds of waive... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A logical language for expressing authorizations

    Publication Year: 1997, Page(s):31 - 42
    Cited by:  Papers (106)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1084 KB)

    A major drawback of existing access control systems is that they have all been developed with a specific access control policy in mind. This means that all protection requirements (i.e. accesses to be allowed or denied) must be specified in terms of the policy enforced by the system. While this may be trivial for some requirements, specification of other requirements may become quite complex or ev... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • How to systematically classify computer security intrusions

    Publication Year: 1997, Page(s):154 - 163
    Cited by:  Papers (64)  |  Patents (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (872 KB)

    This paper presents a classification of intrusions with respect to the technique as well the result. The taxonomy is intended to be a step on the road to an established taxonomy of intrusions for use in incident reporting, statistics, warning bulletins, intrusion detection systems etc. Unlike previous schemes, it takes the viewpoint of the system owner and should therefore be suitable to a wider c... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A secure and reliable bootstrap architecture

    Publication Year: 1997, Page(s):65 - 71
    Cited by:  Papers (124)  |  Patents (85)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (600 KB)

    In a computer system, the integrity of lower layers is typically treated as axiomatic by higher layers. Under the presumption that the hardware comprising the machine (the lowest layer) is valid, the integrity of a layer can be guaranteed if and only if: (1) the integrity of the lower layers is checked and (2) transitions to higher layers occur only after integrity checks on them are complete. The... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security in innovative new operating systems

    Publication Year: 1997, Page(s):202 - 203
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (144 KB)

    A principal criterion by which new operating systems are judged is the level of performance that they provide for applications. To this end, new operating systems have sought novel approaches to performance enhancement. A theme common to many of these initiatives is that of specialization. Instead of an operating system designed to serve all applications (either equally well or equally badly), the... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Filtering postures: local enforcement for global policies

    Publication Year: 1997, Page(s):120 - 129
    Cited by:  Papers (53)  |  Patents (9)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (836 KB)

    When packet filtering is used as a security mechanism, different routers may need to cooperate to enforce the desired security policy. It is difficult to ensure that they will do so correctly. We introduce a simple language for expressing global network access control policies of a kind that filtering routers are capable of enforcing. We then introduce an algorithm that, given the network topology... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Is the reference monitor concept fatally flawed? The case for the negative

    Publication Year: 1997, Page(s):6 - 7
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (164 KB)

    The reference monitor (RM) model has passed the critical test imposed by the methodology of science: it has been a productive concept for the field of computer security since its introduction. The call to abandon a productive model, however intellectually stimulating, should not be heeded simply for the sake of novelty. It is our hope that this debate will stimulate an examination of foundations, ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Analysis of a denial of service attack on TCP

    Publication Year: 1997, Page(s):208 - 223
    Cited by:  Papers (130)  |  Patents (72)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1112 KB)

    The paper analyzes a network based denial of service attack for IP (Internet Protocol) based networks. It is popularly called SYN flooding. It works by an attacker sending many TCP (Transmission Control Protocol) connection requests with spoofed source addresses to a victim's machine. Each request causes the targeted host to instantiate data structures out of a limited pool of resources. Once the ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Automated analysis of cryptographic protocols using Murφ

    Publication Year: 1997, Page(s):141 - 151
    Cited by:  Papers (65)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (940 KB)

    A methodology is presented for using a general-purpose state enumeration tool, Murφ, to analyze cryptographic and security-related protocols. We illustrate the feasibility of the approach by analyzing the Needham-Schroeder (1978) protocol, finding a known bug in a few seconds of computation time, and analyzing variants of Kerberos and the faulty TMN protocol used in another comparative study. ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Surviving information warfare attacks on databases

    Publication Year: 1997, Page(s):164 - 174
    Cited by:  Papers (30)  |  Patents (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1116 KB)

    We consider the problem of surviving information warfare attacks on databases. We adopt a fault tolerance approach to the different phases of an attack. To maintain precise information about the attack, we mark data to reflect the severity of detected damage as well as the degree to which the damaged data has been repaired. In the case of partially repaired data, integrity constraints might be vio... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The design and implementation of a multilevel secure log manager

    Publication Year: 1997, Page(s):55 - 64
    Cited by:  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (940 KB)

    This paper discusses the security issues involved in log management for a multilevel secure database system and presents a design and implementation of a prototype multilevel secure log manager. The main goal of a log manager is to provide high bandwidth and low flush latency. We examine the performance of our design, by observing the flush latency and log bandwidth. We also informally evaluate th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Research on proof-carrying code for untrusted-code security

    Publication Year: 1997
    Cited by:  Papers (7)  |  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (96 KB)

    A powerful method of interaction between two software systems is through mobile code. By allowing code to be installed dynamically and then executed, a host system can provide a flexible means of access to its internal resources and services. There are many problems to be solved before such uses of untrusted code can become practical. We focus on the problem of how to establish guarantees about th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Toward acceptable metrics of authentication

    Publication Year: 1997, Page(s):10 - 20
    Cited by:  Papers (21)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (956 KB)

    Authentication using a path of trusted intermediaries, each able to authenticate the next one in the path, is a well-known technique for authenticating entities in a large-scale system. Recent work has extended this technique to include multiple paths in an effort to bolster authentication, but the success of this approach may be unclear in the face of intersecting paths, ambiguities in the meanin... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Secure software architectures

    Publication Year: 1997, Page(s):84 - 93
    Cited by:  Papers (13)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (812 KB)

    The computer industry is increasingly dependent on open architectural standards for their competitive success. This paper describes a new approach to secure system design in which the various representations of the architecture of a software system are described formally and the desired security properties of the system are proven to hold at the architectural level. The main ideas are illustrated ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Deniable password snatching: on the possibility of evasive electronic espionage

    Publication Year: 1997, Page(s):224 - 235
    Cited by:  Papers (10)  |  Patents (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1064 KB)

    Cryptovirology has recently been introduced as a means of mounting active viral attacks using public key cryptography. It has been shown to be a tool for extortion attacks and “electronic warfare”, where attacks are mounted against information resources. The natural question to ask is whether Cryptovirology is also useful in the area of spying via malware. We demonstrate that Cryptovir... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Anonymous connections and onion routing

    Publication Year: 1997, Page(s):44 - 54
    Cited by:  Papers (145)  |  Patents (22)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1076 KB)

    Onion routing provides anonymous connections that are strongly resistant to both eavesdropping and traffic analysis. Unmodified Internet applications can use these anonymous connections by means of proxies. The proxies may also make communication anonymous by removing identifying information from the data stream. Onion routing has been implemented on Sun Solaris 2.X with proxies for Web browsing, ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Execution monitoring of security-critical programs in distributed systems: a specification-based approach

    Publication Year: 1997, Page(s):175 - 187
    Cited by:  Papers (78)  |  Patents (24)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1180 KB)

    We describe a specification-based approach to detect exploitations of vulnerabilities in security-critical programs. The approach utilizes security specifications that describe the intended behavior of programs and scans audit trails for operations that are in violation of the specifications. We developed a formal framework for specifying the security-relevant behavior of programs, on which we bas... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.