By Topic

Computer Security Applications Conference, 1999. (ACSAC '99) Proceedings. 15th Annual

6-10 Dec. 1999

Filter Results

Displaying Results 1 - 25 of 44
  • Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99)

    Publication Year: 1999
    Request permission for commercial reuse | PDF file iconPDF (83 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 1999, Page(s):v - x
    Request permission for commercial reuse | PDF file iconPDF (140 KB)
    Freely Available from IEEE
  • Author index

    Publication Year: 1999, Page(s):389 - 390
    Request permission for commercial reuse | PDF file iconPDF (8 KB)
    Freely Available from IEEE
  • Using abuse case models for security requirements analysis

    Publication Year: 1999, Page(s):55 - 64
    Cited by:  Papers (104)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (44 KB)

    The relationships between the work products of a security engineering process can be hard to understand, even for persons with a strong technical background but little knowledge of security engineering. Market forces are driving software practitioners who are not security specialists to develop software that requires security features. When these practitioners develop software solutions without ap... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A resource access decision service for CORBA-based distributed systems

    Publication Year: 1999, Page(s):310 - 319
    Cited by:  Papers (12)  |  Patents (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (124 KB)

    Decoupling authorization logic from application logic allows applications with fine-grain access control requirements to be independent of a particular access control policy and from factors that are used in authorization decisions as well as access control models, no matter how dynamic those policies and factors are. It also enables elaborate and consistent access control policies across heteroge... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Architecture and concepts of the ARGuE Guard

    Publication Year: 1999, Page(s):45 - 54
    Cited by:  Papers (8)  |  Patents (11)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (132 KB)

    ARGuE (Advanced Research Guard for Experimentation) is a prototype guard being developed as a basis for experimentation. ARGuE is based on Network Associates' Gauntlet firewall. By integrating capabilities developed under several government programs, we were able to create a system which is easier to extend than other guards, provides significant new features (such as integration with an intrusion... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A middleware approach to asynchronous and backward compatible detection and prevention of ARP cache poisoning

    Publication Year: 1999, Page(s):303 - 309
    Cited by:  Papers (14)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (268 KB)

    Discusses the Address Resolution Protocol (ARP) and the problem of ARP cache poisoning. ARP cache poisoning is the malicious act, by a host in a LAN, of introducing a spurious IP address to MAC (Ethernet) address mapping in another host's ARP cache. We discuss design constraints for a solution: the solution needs to be implemented in middleware, without any access or change to any operating system... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Safe areas of computation for secure computing with insecure applications

    Publication Year: 1999, Page(s):35 - 44
    Cited by:  Papers (5)  |  Patents (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (120 KB)

    Currently the computer systems and software used by the average user offer virtually no security. Because of this, many attacks, both simulated and real, have been described by the security community and have appeared in the popular press. The paper presents an approach to increase the level of security provided to users when interacting with otherwise unsafe applications and computing systems. Th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Tools to support secure enterprise computing

    Publication Year: 1999, Page(s):143 - 152
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (152 KB)

    Secure enterprise programming is a difficult and tedious task. Programmers need tools that support different levels of abstraction and that track all the components that participate in distributed enterprises. Those components must cooperate in a distributed environment to achieve higher level goals. A special case of secure enterprise computing is multilevel secure (MLS) computing. Components tha... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Transactions in Java Card

    Publication Year: 1999, Page(s):291 - 298
    Cited by:  Papers (9)  |  Patents (9)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (76 KB)

    A smart-card run-time environment must provide proper transaction support for the reliable updating of data, especially on multi-application cards like the Java Card. The transaction mechanism must meet these demands by means of the applications and the system itself, within the minimal resources offered by current smart-card hardware. This paper presents the current transaction model implied by t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A language for modelling secure business transactions

    Publication Year: 1999, Page(s):22 - 31
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (104 KB)

    Among other areas, electronic commerce includes the fields of electronic markets and workflow management. Workflow management systems are usually used to specify and manage inter- and intra-organisational business processes. Although workflow management techniques are capable of specifying and conducting at least parts of market transactions, these techniques are not or are very rarely used for th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • SCR: a practical approach to building a high assurance COMSEC system

    Publication Year: 1999, Page(s):109 - 118
    Cited by:  Papers (7)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (524 KB)

    To date, the tabular based SCR (Software Cost Reduction) method has been applied mostly to the development of embedded control systems. The paper describes the successful application of the SCR method, including the SCR* toolset, to a different class of system, a COMSEC (Communications Security) device called CD that must correctly manage encrypted communications. The paper summarizes how the tool... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Napoleon: a recipe for workflow

    Publication Year: 1999, Page(s):134 - 142
    Cited by:  Papers (3)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (216 KB)

    The paper argues that Napoleon, a flexible, role-based access control (RBAC) modeling environment, is also a practical solution for enforcing business process control, or workflow policies. Napoleon provides two important benefits for workflow: simplified policy management and support for heterogeneous, distributed systems. We discuss our strategy for modeling workflow in Napoleon, and we present ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • User authentication and authorization in the JavaTM platform

    Publication Year: 1999, Page(s):285 - 290
    Cited by:  Papers (19)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (56 KB)

    JavaTM security technology originally focused on creating a safe environment in which to run potentially untrusted code downloaded from the public network. With the latest release of the Java TM platform (the JavaTM 2 Software Development Kit, v 1.2), fine-grained access controls can be placed upon critical resources with regard to the identity of the running apple... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Trustworthy access control with untrustworthy Web servers

    Publication Year: 1999, Page(s):12 - 21
    Cited by:  Papers (4)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (44 KB)

    If sensitive information is to be included in a shared Web, access controls will be required. However, the complex software needed to provide a Web service is prone to failure. To provide access control without relying on such software, encryption can be used. Bob is a prototype system that supports complex access control expressions through the transparent use of encryption View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using checkable types in automatic protocol analysis

    Publication Year: 1999, Page(s):99 - 108
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (196 KB)

    The Automatic Authentication Protocol Analyzer, 2nd Version (AAPA2) is a fast, completely automatic tool for formally analyzing cryptographic protocols. It correctly identifies vulnerabilities or their absence in 43 of 51 protocols studied in the literature, and it finds errors in previously asserted authentication properties of two large commercial protocols. The paper describes the AAPA2 and its... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A model of certificate revocation

    Publication Year: 1999, Page(s):256 - 264
    Cited by:  Papers (31)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (104 KB)

    This paper presents a model for the distribution of revocation information using certificate revocation lists (CRLs). This model is used to highlight inefficiencies in the “traditional” method of distributing certificate status information using CRLs. Two alternative CRL-based revocation distribution mechanisms, over-issued CRLs and segmented CRLs, are then presented. The original mode... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security relevancy analysis on the registry of Windows NT 4.0

    Publication Year: 1999, Page(s):331 - 338
    Cited by:  Papers (1)  |  Patents (12)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (116 KB)

    Many security breaches are caused by inappropriate inputs, crafted by people with malicious intents. To enhance the system security, we need either to ensure that inappropriate inputs are filtered out by the program, or to ensure that only trusted people can access those inputs. In the second approach, we certainly do not want to put such a constraint on every input; instead, we only want to restr... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Towards a practical, secure, and very large scale online election

    Publication Year: 1999, Page(s):161 - 169
    Cited by:  Papers (4)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (172 KB)

    We propose a practical and secure electronic voting protocol for large-scale online elections. Our protocol satisfies a large set of important criteria that has never been put together in a single protocol before. Among all electronic voting schemes in the literature, Sensus, a security-conscious electronic voting protocol proposed by Cranor and Cytron (1997), satisfies most of our criteria. Sensu... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A prototype secure workflow server

    Publication Year: 1999, Page(s):129 - 133
    Cited by:  Papers (9)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (64 KB)

    Workflow systems provide automated support that enables organizations to efficiently and reliably move important data through their routine business processes. For some organizations, the information processed by their workflow systems is highly valued and in need of protection from disclosure or corruption. Current workflow systems do not help organizations to adequately protect this important da... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Efficient certificate status handling within PKIs: an application to public administration services

    Publication Year: 1999, Page(s):276 - 281
    Cited by:  Papers (3)  |  Patents (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (100 KB)

    Public administration has shown a strong interest in digital signature technology as a means for secure and authenticated document exchange, hoping that it will help reduce paper-based transactions with citizens. The main problem posed by this technology is the necessary public-key infrastructure, and in particular certificate status handling. This paper describes the definition and deployment of ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • SecurSight: an architecture for secure information access

    Publication Year: 1999, Page(s):349 - 357
    Cited by:  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (76 KB)

    This paper describes SecurSight, an architecture that combines authentication, authorization, and secure communications. The primary goal of this architecture is to secure access to network resources, while providing a smooth migration path from legacy authentication and authorization methods to a public-key infrastructure. Authentication may utilize either shared secrets or public/private key pai... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An application of machine learning to network intrusion detection

    Publication Year: 1999, Page(s):371 - 377
    Cited by:  Papers (34)  |  Patents (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (72 KB)

    Differentiating anomalous network activity from normal network traffic is difficult and tedious. A human analyst must search through vast amounts of data to find anomalous sequences of network connections. To support the analyst's job, we built an application which enhances domain knowledge with machine learning techniques to create rules for an intrusion detection expert system. We employ genetic... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A process state-transition analysis and its application to intrusion detection

    Publication Year: 1999, Page(s):378 - 387
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (488 KB)

    This paper describes a new technique for detecting security breaches in a computer system. For each Unix process, the user credentials, which are user identifiers, determine the process privilege, including whether a process has gained a high privilege, such as that of the superuser. The state transition technique is applied to a suitably defined process state, identified by certain classes of use... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Modular fair exchange protocols for electronic commerce

    Publication Year: 1999, Page(s):3 - 11
    Cited by:  Papers (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (112 KB)

    Recently, research has focused on enabling fair exchange between payment and electronically shipped items. The reason for this is the growing importance of electronic commerce and the increasing number of applications in this area. Although a considerable number of fair exchange protocols exist, they usually have been defined for special scenarios and thus only work under particular assumptions. F... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.