By Topic

Computer Security Applications Conference, 1999. (ACSAC '99) Proceedings. 15th Annual

Date 6-10 Dec. 1999

Filter Results

Displaying Results 1 - 25 of 44
  • Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99)

    Publication Year: 1999
    Save to Project icon | Request Permissions | PDF file iconPDF (83 KB)  
    Freely Available from IEEE
  • Table of contents

    Publication Year: 1999 , Page(s): v - x
    Save to Project icon | Request Permissions | PDF file iconPDF (140 KB)  
    Freely Available from IEEE
  • Author index

    Publication Year: 1999 , Page(s): 389 - 390
    Save to Project icon | Request Permissions | PDF file iconPDF (8 KB)  
    Freely Available from IEEE
  • Fast checking of individual certificate revocation on small systems

    Publication Year: 1999 , Page(s): 249 - 255
    Cited by:  Patents (22)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (88 KB)  

    High-security network transactions require the checking of the revocation status of public key certificates. On mobile systems this may lead to excessive delays and unacceptable performance. This paper examines small system requirements and options, with a view to improving performance. It is shown that the use of keyed hash functions (message authentication codes) with a pre-registration option reduces network latency and allows stateless servers View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security policy coordination for heterogeneous information systems

    Publication Year: 1999 , Page(s): 219 - 228
    Cited by:  Papers (5)  |  Patents (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (124 KB)  

    Coordinating security policies in information enclaves is challenging due to their heterogeneity and autonomy. Administrators must reconcile the semantic diversity of data and security models before negotiating secure interoperation. This paper proposes an architecture that uses mediators and a primitive ticket-based authorization model to manage disparate policies in information enclaves. The formal foundation of the architecture facilitates static and dynamic analysis of global consistency and policy enforcement View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using abuse case models for security requirements analysis

    Publication Year: 1999 , Page(s): 55 - 64
    Cited by:  Papers (48)  |  Patents (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (44 KB)  

    The relationships between the work products of a security engineering process can be hard to understand, even for persons with a strong technical background but little knowledge of security engineering. Market forces are driving software practitioners who are not security specialists to develop software that requires security features. When these practitioners develop software solutions without appropriate security-specific processes and models, they sometimes fail to produce effective solutions. We have adapted a proven object oriented modeling technique, use cases, to capture and analyze security requirements in a simple way. We call the adaptation an abuse case model. Its relationship to other security engineering work products is relatively simple, from a user perspective View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A parallel packet screen for high speed networks

    Publication Year: 1999 , Page(s): 67 - 74
    Cited by:  Papers (7)  |  Patents (4)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (120 KB)  

    The paper demonstrates why security issues related to the continually increasing bandwidth of high speed networks (HSN) cannot be addressed with conventional firewall mechanisms. A single packet screen running on a fast computer is not capable of filtering all packets traversing a Fast/Gigabit Ethernet. This problem can be addressed by using parallel processing methods to implement a fast, scalable packet screen for Ethernets. The paper shows how hardware may be utilized to distribute the network load among such parallel packet screens. Empirical results using `off-the-shelf' equipment indicate that this approach is usable View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An effective defense against first party attacks in public-key algorithms

    Publication Year: 1999 , Page(s): 155 - 160
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (52 KB)  

    This paper describes a method for assuring that user generated public and private key pairs are cryptographically strong. This assurance is achieved by limiting the number of attempts a user can make while generating the keys. Since it takes many billions of attempts to generate so-called “weak” keys, with any significant probability of success, our method precludes users from cheating. The described method has a potential positive impact on several evolving cryptographic standards, where the strength of the keys used with public key cryptography are a matter of major concern. It has no negative impact on key generation performance. The method is simple and straightforward, and it can be easily performed with just a few computational steps View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security relevancy analysis on the registry of Windows NT 4.0

    Publication Year: 1999 , Page(s): 331 - 338
    Cited by:  Papers (1)  |  Patents (5)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (116 KB)  

    Many security breaches are caused by inappropriate inputs, crafted by people with malicious intents. To enhance the system security, we need either to ensure that inappropriate inputs are filtered out by the program, or to ensure that only trusted people can access those inputs. In the second approach, we certainly do not want to put such a constraint on every input; instead, we only want to restrict the access to the security-relevant inputs. This paper investigates how to identify which inputs are relevant to system security. We formulate the problem as a security relevancy problem and deploy static analysis technique to identify security-relevant inputs. Our approach is based on the dependency analysis technique; it identifies whether the behavior of any security-critical action depends on a certain input. If such a dependency relationship exists, we say that the input is security-relevant, otherwise we say the input is security-nonrelevant. This technique is applied to a security analysis project initiated by the Microsoft Windows NT Security Group. The project is intended to identify security-relevant registry keys in the Windows NT operating system. The results from this approach proved useful to enhancing Windows NT security. Our experiences and results from this project are presented in this paper View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An asynchronous distributed access control architecture for IP over ATM networks

    Publication Year: 1999 , Page(s): 75 - 83
    Cited by:  Patents (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (188 KB)  

    We describe a new architecture providing an access control service in both ATM and IP-over-ATM networks. This architecture is based on agents distributed in network equipment. It is well known that distribution makes the management process more difficult. This issue is raised and we provide an algorithm to distribute the access control policy on our agents. The comparison with other approaches shows that this architecture provides big improvements in ATM-level access control, scalability and QoS preservation View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Napoleon: a recipe for workflow

    Publication Year: 1999 , Page(s): 134 - 142
    Cited by:  Papers (1)  |  Patents (3)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (216 KB)  

    The paper argues that Napoleon, a flexible, role-based access control (RBAC) modeling environment, is also a practical solution for enforcing business process control, or workflow policies. Napoleon provides two important benefits for workflow: simplified policy management and support for heterogeneous, distributed systems. We discuss our strategy for modeling workflow in Napoleon, and we present an architecture that incorporates Napoleon into a workflow management system View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Tools to support secure enterprise computing

    Publication Year: 1999 , Page(s): 143 - 152
    Cited by:  Papers (2)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (152 KB)  

    Secure enterprise programming is a difficult and tedious task. Programmers need tools that support different levels of abstraction and that track all the components that participate in distributed enterprises. Those components must cooperate in a distributed environment to achieve higher level goals. A special case of secure enterprise computing is multilevel secure (MLS) computing. Components that may reside in different security domains have to cooperate to achieve higher-level missions. To ease the programmer's burden, we are developing an MLS workflow management system (WFMS), called MLS METEOR. A programmer can specify a distributed programming logic through a GUI based workflow design tool. Based on the programming logic, MLS METEOR will generate a distributed runtime system that handles communication among different hosts, even those that reside in different classification domains, The multilevel security enforcement of MLS METEOR does not depend on the WFMS itself but rather on the underlying MLS infrastructure and a few security critical components. The paper concentrates on the system organization of MLS METEOR and the rationale for this structure. We explain which portions of the system can be used in generic enterprise computing and which portions are specific to MLS computing View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A process state-transition analysis and its application to intrusion detection

    Publication Year: 1999 , Page(s): 378 - 387
    Cited by:  Papers (2)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (488 KB)  

    This paper describes a new technique for detecting security breaches in a computer system. For each Unix process, the user credentials, which are user identifiers, determine the process privilege, including whether a process has gained a high privilege, such as that of the superuser. The state transition technique is applied to a suitably defined process state, identified by certain classes of user credential values. A transition takes place when these values change from one class to another. These states are clearly defined, and prohibited state transitions as well as some supporting rules are identified. When many break-ins succeed, either the rules are violated or these prohibited transitions occur, and this implies a violation of system security policy. A specially modified system call, ktrace0, is used by the superuser to monitor the process-state and state transition analysis is applied to the traced information, by the Intrusion Detection System. Tests show that most known security violations belonging to the targeted classes (such as buffer overflow exploits) can be detected (and possibly pre-empted) while the constituent activities are still being processed in the kernel View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Design of LAN-Lock, a system for securing wireless networks

    Publication Year: 1999 , Page(s): 170 - 177
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (72 KB)  

    Wireless LANs are becoming increasingly available, affordable and attractive due to their increasing speeds and decreasing costs, in addition to their ability to offer easy configuration and reconfiguration of nodes in a LAN. However, most commercial wireless LAN products have limited security over the link, and none that we are aware of use NSA-approved cryptographic methods. This paper describes a system developed jointly by a team at the University of Florida in its Integrated Process and Product Design (IPPD) course and a liaison engineer at Raytheon Systems Division that uses Fortezza cryptographic cards to provide authenticated, encrypted connections between hosts running MS Windows View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An application of machine learning to network intrusion detection

    Publication Year: 1999 , Page(s): 371 - 377
    Cited by:  Papers (20)  |  Patents (3)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (72 KB)  

    Differentiating anomalous network activity from normal network traffic is difficult and tedious. A human analyst must search through vast amounts of data to find anomalous sequences of network connections. To support the analyst's job, we built an application which enhances domain knowledge with machine learning techniques to create rules for an intrusion detection expert system. We employ genetic algorithms and decision trees to automatically generate rules for classifying network connections. This paper describes the machine learning methodology and the applications employing this methodology View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Generic support for PKIX certificate management in CDSA

    Publication Year: 1999 , Page(s): 269 - 275
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (80 KB)  

    The Common Data Security Architecture (CDSA) from the Open Group is a flexible standard that defines APIs for security services needed for implementing public key infrastructure (PKI). The emerging IETF public key infrastructure (PKIX) standards provide certificate management protocols geared reward the Internet. The PKIX specifications define the expected behavior of the PKI, but do not provide abstractions that can be used by exploiting applications. In this paper we show the feasibility and design methodology of extending CDSA abstractions to support PKIX certificate management. To achieve this, we model a general, end-to-end system architecture based on CDSA that 0 PKIX certificate management model, and discuss the merits of this system from the application and system architecture perspectives. We conclude the paper with a discussion of the resulted generic CDSA version 2.0 API that support PKIX certificate management model View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Application-level isolation using data inconsistency detection

    Publication Year: 1999 , Page(s): 119 - 126
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (112 KB)  

    Recently, application-level isolation was introduced as an effective means of containing the damage that a suspicious user could inflict on data. In most cases, only a subset of the data items needs to be protected from damage due to the criticality level or integrity requirements of the data items. In such a case, complete isolation of a suspicious user can consume more resources than necessary. The paper proposes partitioning the data items into categories based on their criticality levels and integrity requirements; these categories determine the allowable data flows between trustworthy and suspicious users. An algorithm that achieves good performance when the number of data items is small, is also provided to detect inconsistencies between suspicious versions of the data and the main version View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • SecurSight: an architecture for secure information access

    Publication Year: 1999 , Page(s): 349 - 357
    Cited by:  Patents (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (76 KB)  

    This paper describes SecurSight, an architecture that combines authentication, authorization, and secure communications. The primary goal of this architecture is to secure access to network resources, while providing a smooth migration path from legacy authentication and authorization methods to a public-key infrastructure. Authentication may utilize either shared secrets or public/private key pairs. Authorization is public-key based and provides both direct support for PKI-aware applications and indirect support for legacy applications. Authorization credentials are portable, and may be used in location-independent fashion, without the need for cumbersome export and import procedures View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Trustworthy access control with untrustworthy Web servers

    Publication Year: 1999 , Page(s): 12 - 21
    Cited by:  Papers (2)  |  Patents (2)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (44 KB)  

    If sensitive information is to be included in a shared Web, access controls will be required. However, the complex software needed to provide a Web service is prone to failure. To provide access control without relying on such software, encryption can be used. Bob is a prototype system that supports complex access control expressions through the transparent use of encryption View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A distributed certificate management system (DCMS) supporting group-based access controls

    Publication Year: 1999 , Page(s): 241 - 248
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (164 KB)  

    Mainly for scalability reasons, many cryptographic security protocols make use of public key cryptography and require the existence of a corresponding public key infrastructure (PKI). A PKI, in turn, consists of one or several certification authorities (CAs) that issue and revoke certificates for users and other CAs. Contrary to its conceptual simplicity, the establishment and operational maintenance of a CA or PKI has aimed our to be difficult in practice. As a viable alternative, this paper proposes an architecture for a distributed certificate management system (DCMS) that can also be used to provide support for group-based access controls. The architecture has been prototyped and is being used by the Swiss Federal Strategy Unit for Information Technology (FSUIT) to protect access to intranet resources View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Modular fair exchange protocols for electronic commerce

    Publication Year: 1999 , Page(s): 3 - 11
    Cited by:  Papers (4)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (112 KB)  

    Recently, research has focused on enabling fair exchange between payment and electronically shipped items. The reason for this is the growing importance of electronic commerce and the increasing number of applications in this area. Although a considerable number of fair exchange protocols exist, they usually have been defined for special scenarios and thus only work under particular assumptions. Furthermore, these protocols provide different degrees of fairness and cause different communication overhead. The purpose of the paper is to present a unifying solution to the problem. We do this by defining a suite of protocol modules which allow us to compose protocols where the achieved degree of fairness can be enhanced step by step. The advantage of the stepwise approach is that after each step one can decide if the provided degree of fairness is acceptable or if one is willing to spend more in order to reach a higher degree of fairness. We show the applicability of our approach by deriving a novel efficient fair exchange protocol View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Architecture and concepts of the ARGuE Guard

    Publication Year: 1999 , Page(s): 45 - 54
    Cited by:  Papers (2)  |  Patents (8)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (132 KB)  

    ARGuE (Advanced Research Guard for Experimentation) is a prototype guard being developed as a basis for experimentation. ARGuE is based on Network Associates' Gauntlet firewall. By integrating capabilities developed under several government programs, we were able to create a system which is easier to extend than other guards, provides significant new features (such as integration with an intrusion detection system), and yet has a reasonable degree of assurance View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Toward a taxonomy and costing method for security services

    Publication Year: 1999 , Page(s): 183 - 188
    Cited by:  Papers (14)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (24 KB)  

    A wide range of security services may be available to applications in a heterogeneous computer network environment. Resource management systems (RMSs) responsible for assigning computing and network resources to tasks need to know the resource-utilization costs associated with the various network security services. In order to understand the range of security services all RMS needs to manage, a preliminary security service taxonomy is defined. The taxonomy is used as a framework for defining the costs associated with network security services View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Towards a practical, secure, and very large scale online election

    Publication Year: 1999 , Page(s): 161 - 169
    Cited by:  Papers (2)  |  Patents (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (172 KB)  

    We propose a practical and secure electronic voting protocol for large-scale online elections. Our protocol satisfies a large set of important criteria that has never been put together in a single protocol before. Among all electronic voting schemes in the literature, Sensus, a security-conscious electronic voting protocol proposed by Cranor and Cytron (1997), satisfies most of our criteria. Sensus has been implemented and used in mock elections. However, Sensus suffers from several major drawbacks. For instance, we show that even if all voters follow the Sensus protocol honestly, some voters' votes may still be replaced with different votes without being detected. Our protocol overcomes these drawbacks View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Policy-based management: bridging the gap

    Publication Year: 1999 , Page(s): 209 - 218
    Cited by:  Papers (7)  |  Patents (28)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (320 KB)  

    In a policy-based system, policy goals are described with respect to network entities (e.g. networks and users) instead of enforcement points (e.g., firewalls and routers). This global view has several advantages: usability, global rules are closer to the goals of the human administrator; scalability, the policy system ensures that the enforcement points are configured appropriately, whether there are 1 or 100 enforcement points; and security, the policy system ensures that the policy is enforced consistently. This paper describes techniques for accurately translating from global policy rules to actual per-device configurations, and it describes how these techniques were used in the implementation of Cisco Secure Policy Manager View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.