By Topic

Computer Security Applications Conference, 1999. (ACSAC '99) Proceedings. 15th Annual

Date 6-10 Dec. 1999

Filter Results

Displaying Results 1 - 25 of 44
  • Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99)

    Publication Year: 1999
    Request permission for commercial reuse | PDF file iconPDF (83 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 1999, Page(s):v - x
    Request permission for commercial reuse | PDF file iconPDF (140 KB)
    Freely Available from IEEE
  • Author index

    Publication Year: 1999, Page(s):389 - 390
    Request permission for commercial reuse | PDF file iconPDF (8 KB)
    Freely Available from IEEE
  • Using abuse case models for security requirements analysis

    Publication Year: 1999, Page(s):55 - 64
    Cited by:  Papers (98)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (44 KB)

    The relationships between the work products of a security engineering process can be hard to understand, even for persons with a strong technical background but little knowledge of security engineering. Market forces are driving software practitioners who are not security specialists to develop software that requires security features. When these practitioners develop software solutions without ap... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Architecture and concepts of the ARGuE Guard

    Publication Year: 1999, Page(s):45 - 54
    Cited by:  Papers (8)  |  Patents (11)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (132 KB)

    ARGuE (Advanced Research Guard for Experimentation) is a prototype guard being developed as a basis for experimentation. ARGuE is based on Network Associates' Gauntlet firewall. By integrating capabilities developed under several government programs, we were able to create a system which is easier to extend than other guards, provides significant new features (such as integration with an intrusion... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A prototype secure workflow server

    Publication Year: 1999, Page(s):129 - 133
    Cited by:  Papers (8)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (64 KB)

    Workflow systems provide automated support that enables organizations to efficiently and reliably move important data through their routine business processes. For some organizations, the information processed by their workflow systems is highly valued and in need of protection from disclosure or corruption. Current workflow systems do not help organizations to adequately protect this important da... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Safe areas of computation for secure computing with insecure applications

    Publication Year: 1999, Page(s):35 - 44
    Cited by:  Papers (5)  |  Patents (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (120 KB)

    Currently the computer systems and software used by the average user offer virtually no security. Because of this, many attacks, both simulated and real, have been described by the security community and have appeared in the popular press. The paper presents an approach to increase the level of security provided to users when interacting with otherwise unsafe applications and computing systems. Th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Application-level isolation using data inconsistency detection

    Publication Year: 1999, Page(s):119 - 126
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (112 KB)

    Recently, application-level isolation was introduced as an effective means of containing the damage that a suspicious user could inflict on data. In most cases, only a subset of the data items needs to be protected from damage due to the criticality level or integrity requirements of the data items. In such a case, complete isolation of a suspicious user can consume more resources than necessary. ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An application of machine learning to network intrusion detection

    Publication Year: 1999, Page(s):371 - 377
    Cited by:  Papers (31)  |  Patents (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (72 KB)

    Differentiating anomalous network activity from normal network traffic is difficult and tedious. A human analyst must search through vast amounts of data to find anomalous sequences of network connections. To support the analyst's job, we built an application which enhances domain knowledge with machine learning techniques to create rules for an intrusion detection expert system. We employ genetic... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • How to cheat at the lottery (or, massively parallel requirements engineering)

    Publication Year: 1999, Page(s):XIX - XXVII
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (476 KB)

    Collaborative software projects such as Linux and Apache have shown that a large, complex system can be built and maintained by many developers working in a highly parallel, relatively unstructured way. The author reports on an experiment to see whether a high quality system specification can also be produced by a large number of people working in parallel with minimum communication View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A language for modelling secure business transactions

    Publication Year: 1999, Page(s):22 - 31
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (104 KB)

    Among other areas, electronic commerce includes the fields of electronic markets and workflow management. Workflow management systems are usually used to specify and manage inter- and intra-organisational business processes. Although workflow management techniques are capable of specifying and conducting at least parts of market transactions, these techniques are not or are very rarely used for th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • SCR: a practical approach to building a high assurance COMSEC system

    Publication Year: 1999, Page(s):109 - 118
    Cited by:  Papers (6)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (524 KB)

    To date, the tabular based SCR (Software Cost Reduction) method has been applied mostly to the development of embedded control systems. The paper describes the successful application of the SCR method, including the SCR* toolset, to a different class of system, a COMSEC (Communications Security) device called CD that must correctly manage encrypted communications. The paper summarizes how the tool... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Design of LAN-Lock, a system for securing wireless networks

    Publication Year: 1999, Page(s):170 - 177
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (72 KB)

    Wireless LANs are becoming increasingly available, affordable and attractive due to their increasing speeds and decreasing costs, in addition to their ability to offer easy configuration and reconfiguration of nodes in a LAN. However, most commercial wireless LAN products have limited security over the link, and none that we are aware of use NSA-approved cryptographic methods. This paper describes... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • SAM: Security Adaptation Manager

    Publication Year: 1999, Page(s):361 - 370
    Cited by:  Papers (9)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (164 KB)

    In the trade-offs between security and performance, it seems that security is always the loser. If we allow for adaptive security, we can at least ensure that security and performance are treated somewhat equally. Using adaptive security, we can allow a system to exist in a less secure, more performant state until it comes under attack. We then adapt the system to a more secure, less performant im... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A resource access decision service for CORBA-based distributed systems

    Publication Year: 1999, Page(s):310 - 319
    Cited by:  Papers (11)  |  Patents (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (124 KB)

    Decoupling authorization logic from application logic allows applications with fine-grain access control requirements to be independent of a particular access control policy and from factors that are used in authorization decisions as well as access control models, no matter how dynamic those policies and factors are. It also enables elaborate and consistent access control policies across heteroge... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Fast checking of individual certificate revocation on small systems

    Publication Year: 1999, Page(s):249 - 255
    Cited by:  Patents (28)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (88 KB)

    High-security network transactions require the checking of the revocation status of public key certificates. On mobile systems this may lead to excessive delays and unacceptable performance. This paper examines small system requirements and options, with a view to improving performance. It is shown that the use of keyed hash functions (message authentication codes) with a pre-registration option r... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An asynchronous distributed access control architecture for IP over ATM networks

    Publication Year: 1999, Page(s):75 - 83
    Cited by:  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (188 KB)

    We describe a new architecture providing an access control service in both ATM and IP-over-ATM networks. This architecture is based on agents distributed in network equipment. It is well known that distribution makes the management process more difficult. This issue is raised and we provide an algorithm to distribute the access control policy on our agents. The comparison with other approaches sho... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Tools to support secure enterprise computing

    Publication Year: 1999, Page(s):143 - 152
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (152 KB)

    Secure enterprise programming is a difficult and tedious task. Programmers need tools that support different levels of abstraction and that track all the components that participate in distributed enterprises. Those components must cooperate in a distributed environment to achieve higher level goals. A special case of secure enterprise computing is multilevel secure (MLS) computing. Components tha... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A process state-transition analysis and its application to intrusion detection

    Publication Year: 1999, Page(s):378 - 387
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (488 KB)

    This paper describes a new technique for detecting security breaches in a computer system. For each Unix process, the user credentials, which are user identifiers, determine the process privilege, including whether a process has gained a high privilege, such as that of the superuser. The state transition technique is applied to a suitably defined process state, identified by certain classes of use... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Trustworthy access control with untrustworthy Web servers

    Publication Year: 1999, Page(s):12 - 21
    Cited by:  Papers (4)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (44 KB)

    If sensitive information is to be included in a shared Web, access controls will be required. However, the complex software needed to provide a Web service is prone to failure. To provide access control without relying on such software, encryption can be used. Bob is a prototype system that supports complex access control expressions through the transparent use of encryption View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • TrustedBox: a kernel-level integrity checker

    Publication Year: 1999, Page(s):189 - 198
    Cited by:  Papers (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (144 KB)

    There is a large number of situations in which computer security is unpopular. In fact, common users do not like too much restricted security policies. Usability is often preferred to security. Many users want to be free to use their computers to run untrusted applications. Moreover, it is not possible to require that every computer user is a security expert. As a consequence, it is very easy for ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using checkable types in automatic protocol analysis

    Publication Year: 1999, Page(s):99 - 108
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (196 KB)

    The Automatic Authentication Protocol Analyzer, 2nd Version (AAPA2) is a fast, completely automatic tool for formally analyzing cryptographic protocols. It correctly identifies vulnerabilities or their absence in 43 of 51 protocols studied in the literature, and it finds errors in previously asserted authentication properties of two large commercial protocols. The paper describes the AAPA2 and its... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Towards a practical, secure, and very large scale online election

    Publication Year: 1999, Page(s):161 - 169
    Cited by:  Papers (1)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (172 KB)

    We propose a practical and secure electronic voting protocol for large-scale online elections. Our protocol satisfies a large set of important criteria that has never been put together in a single protocol before. Among all electronic voting schemes in the literature, Sensus, a security-conscious electronic voting protocol proposed by Cranor and Cytron (1997), satisfies most of our criteria. Sensu... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • SecurSight: an architecture for secure information access

    Publication Year: 1999, Page(s):349 - 357
    Cited by:  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (76 KB)

    This paper describes SecurSight, an architecture that combines authentication, authorization, and secure communications. The primary goal of this architecture is to secure access to network resources, while providing a smooth migration path from legacy authentication and authorization methods to a public-key infrastructure. Authentication may utilize either shared secrets or public/private key pai... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security relevancy analysis on the registry of Windows NT 4.0

    Publication Year: 1999, Page(s):331 - 338
    Cited by:  Papers (1)  |  Patents (10)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (116 KB)

    Many security breaches are caused by inappropriate inputs, crafted by people with malicious intents. To enhance the system security, we need either to ensure that inappropriate inputs are filtered out by the program, or to ensure that only trusted people can access those inputs. In the second approach, we certainly do not want to put such a constraint on every input; instead, we only want to restr... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.