By Topic

Security and Privacy, 1997. Proceedings., 1997 IEEE Symposium on

Date 4-7 May 1997

Filter Results

Displaying Results 1 - 25 of 30
  • Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097)

    Publication Year: 1997
    Save to Project icon | Request Permissions | PDF file iconPDF (275 KB)  
    Freely Available from IEEE
  • Author index

    Publication Year: 1997 , Page(s): 249
    Save to Project icon | Request Permissions | PDF file iconPDF (52 KB)  
    Freely Available from IEEE
  • Automated analysis of cryptographic protocols using Murφ

    Publication Year: 1997 , Page(s): 141 - 151
    Cited by:  Papers (49)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (940 KB)  

    A methodology is presented for using a general-purpose state enumeration tool, Murφ, to analyze cryptographic and security-related protocols. We illustrate the feasibility of the approach by analyzing the Needham-Schroeder (1978) protocol, finding a known bug in a few seconds of computation time, and analyzing variants of Kerberos and the faulty TMN protocol used in another comparative study. ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • How to systematically classify computer security intrusions

    Publication Year: 1997 , Page(s): 154 - 163
    Cited by:  Papers (36)  |  Patents (6)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (872 KB)  

    This paper presents a classification of intrusions with respect to the technique as well the result. The taxonomy is intended to be a step on the road to an established taxonomy of intrusions for use in incident reporting, statistics, warning bulletins, intrusion detection systems etc. Unlike previous schemes, it takes the viewpoint of the system owner and should therefore be suitable to a wider c... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Number theoretic attacks on secure password schemes

    Publication Year: 1997 , Page(s): 236 - 247
    Cited by:  Papers (13)  |  Patents (14)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (988 KB)  

    Encrypted Key Exchange (EKE) (S. Bellovin and M. Merritt, 1992; 1993) allows two parties sharing a password to exchange authenticated information over an insecure network by using a combination of public and secret key cryptography. EKE promises security against active attacks and dictionary attacks. Other secure protocols have been proposed based on the use of randomized confounders (L. Gong et a... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Catalytic inference analysis: detecting inference threats due to knowledge discovery

    Publication Year: 1997 , Page(s): 188 - 199
    Cited by:  Papers (4)  |  Patents (3)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (1048 KB)  

    Knowledge discovery in databases can be enhanced by introducing “catalytic relations” conveying external knowledge. The new information catalyzes database inference, manifesting latent channels. Catalytic inference is imprecise in nature, but the granularity of inference may be fine enough to create security compromises. Catalytic inference is computationally intensive. However, it can... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Surviving information warfare attacks on databases

    Publication Year: 1997 , Page(s): 164 - 174
    Cited by:  Papers (22)  |  Patents (6)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (1116 KB)  

    We consider the problem of surviving information warfare attacks on databases. We adopt a fault tolerance approach to the different phases of an attack. To maintain precise information about the attack, we mark data to reflect the severity of detected damage as well as the degree to which the damaged data has been repaired. In the case of partially repaired data, integrity constraints might be vio... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Secure software architectures

    Publication Year: 1997 , Page(s): 84 - 93
    Cited by:  Papers (9)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (812 KB)  

    The computer industry is increasingly dependent on open architectural standards for their competitive success. This paper describes a new approach to secure system design in which the various representations of the architecture of a software system are described formally and the desired security properties of the system are proven to hold at the architectural level. The main ideas are illustrated ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Toward acceptable metrics of authentication

    Publication Year: 1997 , Page(s): 10 - 20
    Cited by:  Papers (13)  |  Patents (3)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (956 KB)  

    Authentication using a path of trusted intermediaries, each able to authenticate the next one in the path, is a well-known technique for authenticating entities in a large-scale system. Recent work has extended this technique to include multiple paths in an effort to bolster authentication, but the success of this approach may be unclear in the face of intersecting paths, ambiguities in the meanin... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Analysis of a denial of service attack on TCP

    Publication Year: 1997 , Page(s): 208 - 223
    Cited by:  Papers (84)  |  Patents (63)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (1112 KB)  

    The paper analyzes a network based denial of service attack for IP (Internet Protocol) based networks. It is popularly called SYN flooding. It works by an attacker sending many TCP (Transmission Control Protocol) connection requests with spoofed source addresses to a victim's machine. Each request causes the targeted host to instantiate data structures out of a limited pool of resources. Once the ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A general theory of security properties

    Publication Year: 1997 , Page(s): 94 - 102
    Cited by:  Papers (17)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (724 KB)  

    We present a general theory of possibilistic security properties. We show that we can express a security property as a predicate that is true of every set containing all the traces with the same low level event sequence. Given this security predicate, we show how to construct a partial ordering of security properties. We also discuss information flow and present the weakest property such that no i... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Filtering postures: local enforcement for global policies

    Publication Year: 1997 , Page(s): 120 - 129
    Cited by:  Papers (32)  |  Patents (9)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (836 KB)  

    When packet filtering is used as a security mechanism, different routers may need to cooperate to enforce the desired security policy. It is difficult to ensure that they will do so correctly. We introduce a simple language for expressing global network access control policies of a kind that filtering routers are capable of enforcing. We then introduce an algorithm that, given the network topology... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Some weaknesses of the TCB model

    Publication Year: 1997 , Page(s): 3 - 5
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (204 KB)  

    This paper summarizes the affirmative argument supporting the proposition that “the concept of the trusted computing base (TCB) as a basis for constructing systems to meet security requirements is fundamentally flawed and should no longer be used to justify system security architectures” View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Anonymous connections and onion routing

    Publication Year: 1997 , Page(s): 44 - 54
    Cited by:  Papers (85)  |  Patents (17)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (1076 KB)  

    Onion routing provides anonymous connections that are strongly resistant to both eavesdropping and traffic analysis. Unmodified Internet applications can use these anonymous connections by means of proxies. The proxies may also make communication anonymous by removing identifying information from the data stream. Onion routing has been implemented on Sun Solaris 2.X with proxies for Web browsing, ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Is The Trusted Computing Base Concept Fundamentally Flawed?

    Publication Year: 1997 , Page(s): 2
    Cited by:  Papers (2)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (84 KB)  

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Is the reference monitor concept fatally flawed? The case for the negative

    Publication Year: 1997 , Page(s): 6 - 7
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (164 KB)  

    The reference monitor (RM) model has passed the critical test imposed by the methodology of science: it has been a productive concept for the field of computer security since its introduction. The call to abandon a productive model, however intellectually stimulating, should not be heeded simply for the sake of novelty. It is our hope that this debate will stimulate an examination of foundations, ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Analyzing consistency of security policies

    Publication Year: 1997 , Page(s): 103 - 112
    Cited by:  Papers (15)  |  Patents (3)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (752 KB)  

    We discuss the development of a methodology for reasoning about properties of security policies. We view a security policy as a special case of regulation which specifies what actions some agents are permitted, obliged or forbidden to perform and we formalize a policy by a set of deontic formulae. We first address the problem of checking policy consistency and describe a method for solving it. The... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A secure and reliable bootstrap architecture

    Publication Year: 1997 , Page(s): 65 - 71
    Cited by:  Papers (79)  |  Patents (75)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (600 KB)  

    In a computer system, the integrity of lower layers is typically treated as axiomatic by higher layers. Under the presumption that the hardware comprising the machine (the lowest layer) is valid, the integrity of a layer can be guaranteed if and only if: (1) the integrity of the lower layers is checked and (2) transitions to higher layers occur only after integrity checks on them are complete. The... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An authorization scheme for distributed object systems

    Publication Year: 1997 , Page(s): 21 - 30
    Cited by:  Papers (3)  |  Patents (3)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (800 KB)  

    Addresses the problem of distributed object system protection. A new authorization scheme is presented and described, based on the collaboration between a central authorization server and security kernels located on each site of the system. A novel approach to access rights management for such an architecture is detailed, based on a new kind of access rights and a new scheme of privilege delegatio... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security in innovative new operating systems

    Publication Year: 1997 , Page(s): 202 - 203
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (144 KB)  

    A principal criterion by which new operating systems are judged is the level of performance that they provide for applications. To this end, new operating systems have sought novel approaches to performance enhancement. A theme common to many of these initiatives is that of specialization. Instead of an operating system designed to serve all applications (either equally well or equally badly), the... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Providing flexibility in information flow control for object oriented systems

    Publication Year: 1997 , Page(s): 130 - 140
    Cited by:  Papers (11)  |  Patents (1)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (1004 KB)  

    This paper presents an approach to control information flow in object-oriented systems that takes into account, besides authorizations on objects, also how the information has been obtained and/or transmitted. These aspects are considered by allowing exceptions to the restrictions stated by the authorizations. Exceptions are specified by means of waivers associated with methods. Two kinds of waive... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Ensuring assurance in mobile computing

    Publication Year: 1997 , Page(s): 114 - 118
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (416 KB)  

    This paper introduces a panel discussion on establishing assurance evidence that mobile code applications perform as expected by the user, without the side effects that have been demonstrated as possible in constructed examples of malicious or “rogue” applets. The paper's principal authors, Schaefer and Pinsky, have been engaged in cooperative research with the JavaSoft community to ga... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Escort: securing Scout paths

    Publication Year: 1997
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (80 KB)  

    Scout is a communication oriented operating system that can be specialized for different information appliances. It uses paths as an explicit first class object to describe the flow of information through the system. Escort is the security architecture for Scout. It uses the explicit knowledge provided by a path abstraction to secure information flow in a flexible manner View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Research on proof-carrying code for untrusted-code security

    Publication Year: 1997
    Cited by:  Papers (3)  |  Patents (4)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (96 KB)  

    A powerful method of interaction between two software systems is through mobile code. By allowing code to be installed dynamically and then executed, a host system can provide a flexible means of access to its internal resources and services. There are many problems to be solved before such uses of untrusted code can become practical. We focus on the problem of how to establish guarantees about th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Execution monitoring of security-critical programs in distributed systems: a specification-based approach

    Publication Year: 1997 , Page(s): 175 - 187
    Cited by:  Papers (51)  |  Patents (23)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (1180 KB)  

    We describe a specification-based approach to detect exploitations of vulnerabilities in security-critical programs. The approach utilizes security specifications that describe the intended behavior of programs and scans audit trails for operations that are in violation of the specifications. We developed a formal framework for specifying the security-relevant behavior of programs, on which we bas... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.