By Topic

Computer Security Applications Conference, 1997. Proceedings., 13th Annual

Date 8-12 Dec. 1997

Filter Results

Displaying Results 1 - 25 of 38
  • Proceedings 13th Annual Computer Security Applications Conference

    Save to Project icon | Request Permissions | PDF file iconPDF (207 KB)  
    Freely Available from IEEE
  • Panel: Product Assurance

    Page(s): 54
    Save to Project icon | Request Permissions | PDF file iconPDF (97 KB)  
    Freely Available from IEEE
  • Evolving The Evaluation Paradigm

    Page(s): 56 - 57
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (152 KB)  

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Assurance Forum: Lessons Learned

    Page(s): 155 - 156
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (115 KB)  

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Full text access may be available. Click article title to sign in or learn about subscription options.
  • Full text access may be available. Click article title to sign in or learn about subscription options.
  • Full text access may be available. Click article title to sign in or learn about subscription options.
  • Index of authors

    Page(s): 288
    Save to Project icon | Request Permissions | PDF file iconPDF (44 KB)  
    Freely Available from IEEE
  • Protecting unattended computers without software

    Page(s): 274 - 283
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (828 KB)  

    In many environments, users log in to workstations and then leave them unattended. Rather than trying to stop users from doing what comes naturally, this paper suggests a simple, hardware-based system that can protect computers in such an environment from unauthorized use by people with physical access to the monitor and keyboard. Requirements for the system are described some design issues are discussed, and a sketch of a design for an initial prototype is provided, together with an assurance argument for it. A prototype implementing many of the concepts described has been built; two dozen copies of a second prototype are soon to be installed in an office environment View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Lattice-based models for controlled sharing of confidential information in the Saudi Hajj system

    Page(s): 164 - 174
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (848 KB)  

    The pilgrimage (Hajj) is an annual event that takes place in Saudi Arabia. Three major government ministries (Foreign, Internal, and Hajj) create and process Hajj data separately in their systems. Currently all data sharing between these ministries regarding Hajj is done manually. Benefits from sharing data electronically are obvious. But due to the sensitivity of some data and the common requirement of not sharing everything, a trusted environment which provides interoperability between these systems while ensuring confidentiality of shared data is needed. In order to study the possibility of establishing such an environment, data was collected regarding the security requirements of the three Saudi ministries directly from the source through interviews. There are three increasingly sophisticated security requirements: no obligation access security, multi level security, and Chinese Wall security. The paper analyzes each security requirement, builds a lattice model for it, and uses these models to specify the information flow policy for each system View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Critical Infrastructure Protection-the cyber/information dimension: report on national infrastructure coordination initiatives

    Page(s): 118 - 120
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (196 KB)  

    Executive Order 13010, entitled “Critical Infrastructure Protection,” states that certain national infrastructures are so vital that their incapacity or destruction would have a debilitating impact on the defense or economic security of the United States. Threats to these critical infrastructures fall into two categories: physical threats and cyber threats. The order established the President's Commission on Critical Infrastructure Protection (PCCIP). The Commission is to assess the scope and nature of the vulnerabilities of, and threats to, critical infrastructures; to determine what legal policy issues are raised by efforts to protect critical infrastructures and assess how these issues should be addressed; and to recommend a comprehensive national policy and implementation strategy for protecting critical infrastructures from physical and cyber threats and assuring their continued operation. While the Commission is conducting its analysis and until the President has an opportunity to consider and act on its recommendations, there is established an Infrastructure Protection Task Force (IPTF). The IPTF will increase coordination of existing infrastructure protection efforts in order to better address, and prevent, critical infrastructure crises that would have a debilitating regional or national impact View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An architecture for multilevel secure interoperability

    Page(s): 194 - 204
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1040 KB)  

    As computer systems become distributed and heterogeneous, there is strong movement in the commercial sector to ease the problems of interoperability and security. Many standards have been proposed for these problems. However, the commercial sector has not shown strong interest in providing cost effective high assurance multilevel security (MLS) solutions to the relatively small communities (e.g., intelligence, military) that require them. We introduce a practical, cost effective, and high assurance secure solution for multilevel distributed and heterogeneous environments using COTS components. The solution is based on an MLS architecture that consists of commercial single level hardware and software, and a few specialized security devices. We show how an MLS CORBA can be constructed from single level CORBAs and two security devices; the NRL Pump and the Starlight Interactive Link. We also introduce the concept of MLS cooperative computing which is a way to semi automate distributed computing among organizations at different security levels View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using type enforcement to assure a configurable guard

    Page(s): 146 - 154
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (712 KB)  

    Prior to the introduction of guard systems for electronic mail, guards tended to be overly specialized and not versatile enough for today's user community. The paper examines the use of type enforcement to create a highly assured yet administrator configurable guard. The administrator must be able to trust that the configuration provided will indeed be followed. This occurs by using highly assured or trusted components. These trusted components are then linked together via type enforcement to form a pipeline, with one input channel for data to enter the guard, and one separate, connected output channel for data to exit the guard. These channels are connected via assured processes whose behavior is restricted by the type enforcement mechanism. Furthermore, type enforcement is also used to isolate many components of the guard, which simplifies the assurance arguments. This technology is applied in the latest operational guards developed by the Secure Computing Corporation View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The secure distribution of digital contents

    Page(s): 16 - 22
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (588 KB)  

    A report is given on the development of a system for the distribution of encrypted digital contents via freely accessible distribution media. To be able to use this information, the key needed for decryption has to be ordered from a key management system. The distribution of the keys required for decryption is restricted whereas the distribution of the encrypted contents is not. The key is sent to the customer only if sufficient payment has been authorised. The system described in this paper is designed (i) to be independent of the method used for distribution of the encrypted contents, (ii) to support many different payment systems, (iii) to support casual customers (nonregistered users), (iv) to avoid complicated software setup, contract conclusion and registration processes, and (v) to support re-selling of other manufacturer's contents in simple way without extra contracts. In addition, (vi) the system can be easily adapted to support workflow management in a business-to-business environment View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Detection and classification of TCP/IP network services

    Page(s): 99 - 107
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (736 KB)  

    Computer intruders are employing more sophisticated techniques to compromise computer systems. Once compromised, in most cases, intruders install remote terminal software to ensure continued, undetectable access to the victim site bypassing standard system audit and security features. Detection of this type of intruder activity was a problem for law enforcement during a computer intrusion investigation that went to prosecution in Australia. The increasing availability of remote terminal software to intruders poses a significant problem to both the detection and monitoring of an intruder's activities. This paper discusses an approach to the analysis of network traffic to detect the presence of unauthorised and anomalous network services. The aim of the project is the development of a network connection signature for common network services, therefore allowing connection type recognition independent of the port information. The specific service signatures can then be used to correlate port information with observed connection types facilitating the detection of anomalous and unauthorised network connections. The detection of anomalous connections may indicate the presence of unauthorised modifications to systems on the network being monitored or the installation of illicit remote terminal software on those systems. A modified neural network was used to analyse the network traffic captured for the experiment. Apart from its learning and generalisation properties, the neural network engine lends the application the ability to adapt to the different network environments on which the software may be employed View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Risk assessment for large heterogeneous systems

    Page(s): 44 - 52
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (760 KB)  

    This paper describes a security risk assessment process for large, heterogeneous systems of systems, such as C4I or weapon systems. It first defines the characteristics of an effective security risk assessment process. Next, it discusses subsystem-level and top-down risk assessment approaches and describes their advantages and limitations. The paper then presents and discusses the characteristics and benefits of a hybrid top-down system-wide approach, termed a “guided top-down” approach. It summarizes the benefits of this approach, including (i) efficient and effective allocation of risk assessment resources (often scarce) at the subsystem level during development and implementation, and (ii) its ability to provide decision makers with understandable results on which to base an approval-to-operate decision View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Achieving user privacy in mobile networks

    Page(s): 108 - 116
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (816 KB)  

    Third generation mobile networks aim to offer `any service, anywhere, at any time'. Users require privacy within these systems in order to feel confident of their use. Privacy requirements (in mobile networks) are: content, location and identification privacy, and authentication. Differing from previous approaches to privacy, the network itself is considered to be an untrusted party. The paper proposes a scheme that allows the user to register with the network and remain anonymous (both location and identification). Digital mixes are used to create anonymity and authentication is achieved through a token based scheme. Finally the aspect of information leaking to authorised third parties is discussed and billing requirements are detailed which involve the use of `coin' like tokens traded for services View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using Web technologies in two MLS environments: a security analysis

    Page(s): 205 - 214
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (840 KB)  

    Presents an analysis of the use of the HyperText Transfer Protocol (HTTP) and other Web technologies for multi-level secure (MLS) systems that are connected to single-level network environments (e.g. Internet-like and intranet-like environments). Multiple single-level networks may be connected to these MLS systems. This analysis considers two examples of MLS systems. Known HTTP and Web security vulnerabilities are considered in the context of multi-level operations planned for an MLS database server to be accessed by Web browser software and for an MLS infrastructure supporting Web browsing on multiple Webs that each have a different security sensitivity level. The analysis focuses on the transfer of information across security boundaries where the security classification of information on one side of the boundary differs from that of the other side (a high-to-low or low-to-high transfer of information). The transfer of information is initiated by the Web browser (a network client) and the bulk of information transferred is data returned from the Web server. The analysis also focuses on threats from the less secure side of the boundary, including the threats of insertion of malicious code (e.g. virus or Trojan horse code) and denial-of-service attacks. The applications are referred to as the “high-to-low” example and the “low-to-high” example, denoting the direction of primary information flow View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A reference model for firewall technology

    Page(s): 133 - 145
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1276 KB)  

    The paper concentrates on one particular technological aspect of providing communications security, firewall technology. Currently firewall technology is a specialized engineering solution rather than a scientifically based solution. The paper introduces a reference model that captures existing firewall technology and allows for an extension to networking technologies to which it was not applied previously. It can serve as a framework in which firewall systems can be designed and validated. The essential components of the reference model are authentication, integrity assurance, access control, audit, and their enforcement. All components are governed by a centralized security policy, and they can be deployed in a distributed fashion to achieve scaling View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using kernel hypervisors to secure applications

    Page(s): 175 - 181
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (556 KB)  

    The paper describes an approach for selectively controlling COTS components to provide robustutess and security. Using the concept of a loadable module, “kernel hypervisors” have been implemented on a Linux kernel. These kernel hypervisors provide unbypassable security wrappers for application specific security requirements and can be used to provide replication services as well. A framework has been developed based on a master kernel hypervisor whose job is to coordinate installation and removal of individual client kernel hypervisors and to provide a means for management of these clients. The framework allows client kernel hypervisors to be stacked so that a variety of application specific policies can be implemented, each by means of its own kernel hypervisor. The hypervisors run in the kernel, but since they are loadable modules, they do not require that the kernel be modified. Kernel hypervisors have a number of potential applications, including protecting user systems from malicious active content downloaded via a Web browser and wrapping servers and firewall services for limiting possible compromises View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Remote electronic gambling

    Page(s): 232 - 238
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (636 KB)  

    We examine the problem of putting a casino on the Internet. We discuss fairly generating random bits and permutations for use in casino games, protecting against player/player and player/dealer collusions, and ensuring a secure audit trail that both the player and dealer can use to ensure the payment of debts. We conclude with a series of open problems View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Domain and type enforcement firewalls

    Page(s): 122 - 132
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1076 KB)  

    Internet connected organizations often employ an Internet firewall to mitigate risks of system penetration, data theft, data destruction, and other security breaches. Conventional Internet firewalls, however, impose an overly simple inside vs outside model of security that is incompatible with many business practices that require extending limited trust to external entities. The paper reports on our experience with an enhanced security firewall based on Domain and Type Enforcement (DTE), a strong but flexible form of access control. A DTE firewall provides several benefits. First, it runs application level proxies in restrictive domains, thereby increasing security, and runs network services such as HTTP and FTP under DTE controls, thereby reducing risks that network based attacks will compromise local resources. Second, a DTE firewall coordinates role based security policies that span networks by passing DTE security attributes between DTE clients and servers. These attributes allow security policies at the endpoints to be coordinated; such coordination adds defense in depth to the traditional firewall security perimeter: this permits safe exportation of normally risky services such as NFS. Finally, a DTE firewall interoperates with “non DTE” systems and associates DTE security attributes with these systems so their interaction with DTE clients or servers can be controlled. We describe the design of a prototype DTE firewall system and informally evaluate its security, compatibility, functionality, and performance View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Incremental assurance for multilevel applications

    Page(s): 81 - 88
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (660 KB)  

    The paper describes an approach, incremental assurance, for balancing security with the economic pressures of developing secure systems. The approach combines many of the existing techniques for reducing costs in developing secure systems. The paper illustrates incremental assurance with three example applications involving high assurance and multilevel DBMS technology View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An efficient message authentication scheme for link state routing

    Page(s): 90 - 98
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (804 KB)  

    We study methods for reducing the cost of secure link state routing. In secure link state routing, routers may need to verify the authenticity of many routing updates, and some routers such as border routers may need to sign many routing updates. Previous work such as public-key based schemes are very expensive computationally or have certain limitations. This paper presents an efficient solution, based on a detection-diagnosis-recovery approach, for the link state routing update authentication problem. Our scheme is scalable to handle large networks, applicable to routing protocols that use multiple-valued cost metrics, and applicable even, when link states change frequently View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Ethical responsibilities and legal liabilities of network security professionals

    Page(s): 239 - 250
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1228 KB)  

    Profits, losses and the attendant risks of tort litigation run to the extreme in times of great speculation in an unregulated economic environment-conditions which characterize the present enormous growth in computer networking. Public law enforcement has thus far been largely ineffectual in deterring or even detecting criminal abuses of network resources. At the same time, reliance primarily on technical solutions for preventing and redressing criminal and civil wrongs may prove to be more harmful to individual and group liberties than imaginative and ethical attempts to use the criminal and civil law traditions. The anticipated storm of civil litigation flowing from the Year 2000 (Y2K) crisis can be expected to create a critical mass in both the number of new computer literate lawyers and in their experimentation with and confidence in the use of tort law for computer security failures and other Y2K related litigation. Among the risks that prudent network security professionals need to be concerned with, as they plan to deal with the millennium bug, is the growing risk of legal liability for security failures. Computer security professionals have not yet had to answer to any moral or legal outcry for social redress of the lack of security in the networks, while the tradition of keeping secret the vulnerabilities of evolving computer network technology has only recently begun to be seriously questioned by the profession and others View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.