By Topic

Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097)

4-7 May 1997

Filter Results

Displaying Results 1 - 25 of 30
  • Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097)

    Publication Year: 1997
    Request permission for commercial reuse | PDF file iconPDF (275 KB)
    Freely Available from IEEE
  • Access control for the SPIN extensible operating system

    Publication Year: 1997
    Cited by:  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (112 KB)

    Summary form only given. In the SPIN operating system (B.N. Bershad et al., 1995; Przemyslaw Pardyak and B.N. Bershad, 1996) built at the University of Washington, we are experimenting with a version of domain and type enforcement (DTE) (L. Badger et al., 1995) that has been extended to address the security concerns of extensible systems. The SPIN operating system defines an extension infrastructu... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Author index

    Publication Year: 1997, Page(s): 249
    Request permission for commercial reuse | PDF file iconPDF (52 KB)
    Freely Available from IEEE
  • Secure software architectures

    Publication Year: 1997, Page(s):84 - 93
    Cited by:  Papers (12)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (812 KB)

    The computer industry is increasingly dependent on open architectural standards for their competitive success. This paper describes a new approach to secure system design in which the various representations of the architecture of a software system are described formally and the desired security properties of the system are proven to hold at the architectural level. The main ideas are illustrated ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An MBone proxy for an application gateway firewall

    Publication Year: 1997, Page(s):72 - 81
    Cited by:  Papers (1)  |  Patents (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (900 KB)

    The Internet's multicast backbone (MBone) holds great potential for many organizations because it supports low-cost audio and video conferencing and carries live broadcasts of an increasing number of public interest events. MBone conferences are transmitted via unauthenticated multicast datagrams, which unfortunately convey significant security vulnerabilities to any system that receives them. For... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A secure and reliable bootstrap architecture

    Publication Year: 1997, Page(s):65 - 71
    Cited by:  Papers (118)  |  Patents (84)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (600 KB)

    In a computer system, the integrity of lower layers is typically treated as axiomatic by higher layers. Under the presumption that the hardware comprising the machine (the lowest layer) is valid, the integrity of a layer can be guaranteed if and only if: (1) the integrity of the lower layers is checked and (2) transitions to higher layers occur only after integrity checks on them are complete. The... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Number theoretic attacks on secure password schemes

    Publication Year: 1997, Page(s):236 - 247
    Cited by:  Papers (19)  |  Patents (15)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (988 KB)

    Encrypted Key Exchange (EKE) (S. Bellovin and M. Merritt, 1992; 1993) allows two parties sharing a password to exchange authenticated information over an insecure network by using a combination of public and secret key cryptography. EKE promises security against active attacks and dictionary attacks. Other secure protocols have been proposed based on the use of randomized confounders (L. Gong et a... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Escort: securing Scout paths

    Publication Year: 1997
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (80 KB)

    Scout is a communication oriented operating system that can be specialized for different information appliances. It uses paths as an explicit first class object to describe the flow of information through the system. Escort is the security architecture for Scout. It uses the explicit knowledge provided by a path abstraction to secure information flow in a flexible manner View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • How to systematically classify computer security intrusions

    Publication Year: 1997, Page(s):154 - 163
    Cited by:  Papers (57)  |  Patents (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (872 KB)

    This paper presents a classification of intrusions with respect to the technique as well the result. The taxonomy is intended to be a step on the road to an established taxonomy of intrusions for use in incident reporting, statistics, warning bulletins, intrusion detection systems etc. Unlike previous schemes, it takes the viewpoint of the system owner and should therefore be suitable to a wider c... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The design and implementation of a multilevel secure log manager

    Publication Year: 1997, Page(s):55 - 64
    Cited by:  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (940 KB)

    This paper discusses the security issues involved in log management for a multilevel secure database system and presents a design and implementation of a prototype multilevel secure log manager. The main goal of a log manager is to provide high bandwidth and low flush latency. We examine the performance of our design, by observing the flush latency and log bandwidth. We also informally evaluate th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An authorization scheme for distributed object systems

    Publication Year: 1997, Page(s):21 - 30
    Cited by:  Papers (4)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (800 KB)

    Addresses the problem of distributed object system protection. A new authorization scheme is presented and described, based on the collaboration between a central authorization server and security kernels located on each site of the system. A novel approach to access rights management for such an architecture is detailed, based on a new kind of access rights and a new scheme of privilege delegatio... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security in innovative new operating systems

    Publication Year: 1997, Page(s):202 - 203
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (144 KB)

    A principal criterion by which new operating systems are judged is the level of performance that they provide for applications. To this end, new operating systems have sought novel approaches to performance enhancement. A theme common to many of these initiatives is that of specialization. Instead of an operating system designed to serve all applications (either equally well or equally badly), the... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Some weaknesses of the TCB model

    Publication Year: 1997, Page(s):3 - 5
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (204 KB)

    This paper summarizes the affirmative argument supporting the proposition that “the concept of the trusted computing base (TCB) as a basis for constructing systems to meet security requirements is fundamentally flawed and should no longer be used to justify system security architectures” View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A general theory of security properties

    Publication Year: 1997, Page(s):94 - 102
    Cited by:  Papers (41)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (724 KB)

    We present a general theory of possibilistic security properties. We show that we can express a security property as a predicate that is true of every set containing all the traces with the same low level event sequence. Given this security predicate, we show how to construct a partial ordering of security properties. We also discuss information flow and present the weakest property such that no i... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Deniable password snatching: on the possibility of evasive electronic espionage

    Publication Year: 1997, Page(s):224 - 235
    Cited by:  Papers (10)  |  Patents (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1064 KB)

    Cryptovirology has recently been introduced as a means of mounting active viral attacks using public key cryptography. It has been shown to be a tool for extortion attacks and “electronic warfare”, where attacks are mounted against information resources. The natural question to ask is whether Cryptovirology is also useful in the area of spying via malware. We demonstrate that Cryptovir... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Filtering postures: local enforcement for global policies

    Publication Year: 1997, Page(s):120 - 129
    Cited by:  Papers (53)  |  Patents (9)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (836 KB)

    When packet filtering is used as a security mechanism, different routers may need to cooperate to enforce the desired security policy. It is difficult to ensure that they will do so correctly. We introduce a simple language for expressing global network access control policies of a kind that filtering routers are capable of enforcing. We then introduce an algorithm that, given the network topology... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A logical language for expressing authorizations

    Publication Year: 1997, Page(s):31 - 42
    Cited by:  Papers (104)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1084 KB)

    A major drawback of existing access control systems is that they have all been developed with a specific access control policy in mind. This means that all protection requirements (i.e. accesses to be allowed or denied) must be specified in terms of the policy enforced by the system. While this may be trivial for some requirements, specification of other requirements may become quite complex or ev... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Analyzing consistency of security policies

    Publication Year: 1997, Page(s):103 - 112
    Cited by:  Papers (27)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (752 KB)

    We discuss the development of a methodology for reasoning about properties of security policies. We view a security policy as a special case of regulation which specifies what actions some agents are permitted, obliged or forbidden to perform and we formalize a policy by a set of deontic formulae. We first address the problem of checking policy consistency and describe a method for solving it. The... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Automated analysis of cryptographic protocols using Murφ

    Publication Year: 1997, Page(s):141 - 151
    Cited by:  Papers (63)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (940 KB)

    A methodology is presented for using a general-purpose state enumeration tool, Murφ, to analyze cryptographic and security-related protocols. We illustrate the feasibility of the approach by analyzing the Needham-Schroeder (1978) protocol, finding a known bug in a few seconds of computation time, and analyzing variants of Kerberos and the faulty TMN protocol used in another comparative study. ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Anonymous connections and onion routing

    Publication Year: 1997, Page(s):44 - 54
    Cited by:  Papers (136)  |  Patents (21)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1076 KB)

    Onion routing provides anonymous connections that are strongly resistant to both eavesdropping and traffic analysis. Unmodified Internet applications can use these anonymous connections by means of proxies. The proxies may also make communication anonymous by removing identifying information from the data stream. Onion routing has been implemented on Sun Solaris 2.X with proxies for Web browsing, ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Catalytic inference analysis: detecting inference threats due to knowledge discovery

    Publication Year: 1997, Page(s):188 - 199
    Cited by:  Papers (5)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1048 KB)

    Knowledge discovery in databases can be enhanced by introducing “catalytic relations” conveying external knowledge. The new information catalyzes database inference, manifesting latent channels. Catalytic inference is imprecise in nature, but the granularity of inference may be fine enough to create security compromises. Catalytic inference is computationally intensive. However, it can... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Is The Trusted Computing Base Concept Fundamentally Flawed?

    Publication Year: 1997, Page(s): 2
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (84 KB)

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Is the reference monitor concept fatally flawed? The case for the negative

    Publication Year: 1997, Page(s):6 - 7
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (164 KB)

    The reference monitor (RM) model has passed the critical test imposed by the methodology of science: it has been a productive concept for the field of computer security since its introduction. The call to abandon a productive model, however intellectually stimulating, should not be heeded simply for the sake of novelty. It is our hope that this debate will stimulate an examination of foundations, ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Analysis of a denial of service attack on TCP

    Publication Year: 1997, Page(s):208 - 223
    Cited by:  Papers (126)  |  Patents (71)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1112 KB)

    The paper analyzes a network based denial of service attack for IP (Internet Protocol) based networks. It is popularly called SYN flooding. It works by an attacker sending many TCP (Transmission Control Protocol) connection requests with spoofed source addresses to a victim's machine. Each request causes the targeted host to instantiate data structures out of a limited pool of resources. Once the ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Ensuring assurance in mobile computing

    Publication Year: 1997, Page(s):114 - 118
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (416 KB)

    This paper introduces a panel discussion on establishing assurance evidence that mobile code applications perform as expected by the user, without the side effects that have been demonstrated as possible in constructed examples of malicious or “rogue” applets. The paper's principal authors, Schaefer and Pinsky, have been engaged in cooperative research with the JavaSoft community to ga... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.