Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000

17-17 May 2000

Filter Results

Displaying Results 1 - 24 of 24
  • Author index

    Publication Year: 2000, Page(s): 256
    Request permission for commercial reuse | PDF file iconPDF (45 KB)
    Freely Available from IEEE
  • Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000

    Publication Year: 2000
    Request permission for commercial reuse | PDF file iconPDF (147 KB)
    Freely Available from IEEE
  • IRM enforcement of Java stack inspection

    Publication Year: 2000, Page(s):246 - 255
    Cited by:  Papers (60)  |  Patents (10)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (476 KB)

    Two implementations are given for Java's stack inspection access-control policy. Each implementation is obtained by generating an inlined reference monitor (IRM) for a different formulation of the policy. Performance of the implementations is evaluated, and one is found to be competitive with Java's less flexible, JVM-resident implementation. The exercise illustrates the power of the IRM approach ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • LOMAC: Low Water-Mark integrity protection for COTS environments

    Publication Year: 2000, Page(s):230 - 245
    Cited by:  Papers (23)  |  Patents (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (336 KB)

    We hypothesize that a form of kernel-resident access control based integrity protection can gain widespread acceptance in commercial off-the-shelf (COTS) environments, provided that it couples some useful protection with a high degree of compatibility with existing software, configurations, and practices. To test this hypothesis, we have developed a highly compatible free open-source prototype cal... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using model checking to analyze network vulnerabilities

    Publication Year: 2000, Page(s):156 - 165
    Cited by:  Papers (108)  |  Patents (15)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (132 KB)

    Even well administered networks are vulnerable to attacks due to the security ramifications of offering a variety of combined services. That is, services that are secure when offered in isolation nonetheless provide an attacker with a vulnerability to exploit when offered simultaneously. Many current tools address vulnerabilities in the context of a single host. We address vulnerabilities due to t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Kronos: a scalable group re-keying approach for secure multicast

    Publication Year: 2000, Page(s):215 - 228
    Cited by:  Papers (83)  |  Patents (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (292 KB)

    The authors describe a novel approach to scalable group re-keying for secure multicast. Our approach, which we call Kronos, is based upon the idea of periodic group re-keying. We first motivate our approach by showing that if a group is re-keyed on each membership change, as the size of the group increases and/or the rate at which members leave and join the group increases, the frequency of rekeyi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security and source code access: issues and realities

    Publication Year: 2000, Page(s):124 - 125
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (48 KB)

    This paper addresses some of the benefits and drawbacks for security of open access to source code. After a discussion of alternative models for open access to source code, the paper reviews the positive and negative implications of each for system security. The paper concludes that source code review can have real benefits for security, but that those benefits are not realized automatically, and ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Logic induction of valid behavior specifications for intrusion detection

    Publication Year: 2000, Page(s):142 - 153
    Cited by:  Papers (12)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (288 KB)

    This paper introduces an automated technique for constructing valid behavior specifications of programs (at the system call level) that are independent of system vulnerabilities and are highly effective in identifying intrusions. The technique employs a machine learning method, inductive logic programming (ILP), for synthesizing first order logic formulas that describe the valid operations of a pr... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An efficient, dynamic and trust preserving public key infrastructure

    Publication Year: 2000, Page(s):203 - 214
    Cited by:  Papers (1)  |  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (288 KB)

    Nested certification is a methodology for efficient certificate path verification. Nested certificates can be used together with classical certificates in the Public Key Infrastructures (PKIs). Such a PKI, which is called nested certificate based PKI (NPKI), is proposed as an alternative to classical PKI. The NPKI formation model is a transition from an existing PKI by issuing nested certificates.... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Privacy technology lessons from healthcare

    Publication Year: 2000, Page(s):78 - 79
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (36 KB)

    The probability that information will be abused depends both on its value and on the number of people, who have access. The modern trend to ever larger databases increases both of these risk factors at the same time. Compartmented security policies can solve many of the technical issues, and there are applications such as healthcare where they have been developed in some detail. But the big proble... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A security infrastructure for distributed Java applications

    Publication Year: 2000, Page(s):15 - 26
    Cited by:  Papers (9)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (292 KB)

    We describe the design and implementation of a security infrastructure for a distributed Java application. This work is inspired by SDSI/SPKI, but has a few twists of its own. We define a logic for access control, such that access is granted iff a proof that it should be granted is derivable in the logic. Our logic supports linked local name spaces, privilege delegation across administrative domai... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using conservation of flow as a security mechanism in network protocols

    Publication Year: 2000, Page(s):132 - 141
    Cited by:  Papers (18)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (184 KB)

    The law of conservation of flow, which states that an input must either be absorbed or sent on as an output (possibly with modification), is an attractive tool with which to analyze network protocols for security properties. One of its uses is to detect disruptive network elements that launch denial of service attacks by absorbing or discarding packets. Its use requires several assumptions about t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A more efficient use of delta-CRLs

    Publication Year: 2000, Page(s):190 - 202
    Cited by:  Papers (28)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (352 KB)

    Delta-certificate revocation lists (delta-CRLs) were designed to provide a more efficient way to distribute certificate status information. However, as the paper shows, in some environments the benefits of using delta-CRLs will be minimal if delta-CRLs are used as was originally intended. The paper provides an analysis of delta-CRLs that demonstrates the problems associated with issuing delta-CRLs... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Authentication tests

    Publication Year: 2000, Page(s):96 - 109
    Cited by:  Papers (24)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (368 KB)

    Suppose a principal in a cryptographic protocol creates and transmits a message containing a new value v, which it later receives back in cryptographically altered form. It can conclude that some principal possessing the relevant key has transformed the message containing v. In some circumstances, this must be a regular participant of the protocol, not the penetrator. An inference of this kind is ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Verifying the EROS confinement mechanism

    Publication Year: 2000, Page(s):166 - 176
    Cited by:  Papers (17)  |  Patents (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (260 KB)

    Capability systems can be used to implement higher-level security policies including the *-property if a mechanism exists to ensure confinement. The implementation can be efficient if the “weak” access restriction described in this paper is introduced. In the course of developing EROS, a pure capability system, it became clear that verifying the correctness of the confinement mechanism... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Open source in security: visiting the bizarre

    Publication Year: 2000, Page(s):126 - 127
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (52 KB)

    Although open-source software development has virtues, there is reason to believe that the approach would not have a significant effect on the security of today's systems. The lion's share of vulnerabilities caused by software bugs is easily dealt with by means other than source code inspections. The tenets of open-source development are inhospitable to business models whose success depends on pro... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Access control meets public key infrastructure, or: assigning roles to strangers

    Publication Year: 2000, Page(s):2 - 14
    Cited by:  Papers (95)  |  Patents (13)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1504 KB)

    The Internet enables connectivity between many strangers: entities that don't know each other. We present the Trust Policy Language (TPL), used to define the mapping of strangers to predefined business roles, based on certificates issued by third parties. TPL is expressive enough to allow complex policies, e.g. non-monotone (negative) certificates, while being simple enough to allow automated poli... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A practically implementable and tractable delegation logic

    Publication Year: 2000, Page(s):27 - 42
    Cited by:  Papers (10)  |  Patents (12)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (360 KB)

    We address the goal of making Delegation Logic (DL) into a practically implementable and tractable trust management system. DL (N. Li et al., 1999) is a logic based knowledge representation (i.e., language) for authorization in large scale, open, distributed systems. DL inferencing is computationally intractable and highly impractical to implement. We introduce a new version of Delegation Logic th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Protocol-independent secrecy

    Publication Year: 2000, Page(s):110 - 119
    Cited by:  Papers (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (296 KB)

    Inductive proofs of secrecy invariants for cryptographic protocols can be facilitated by separating the protocol dependent part from the protocol-independent part. Our secrecy theorem encapsulates the use of induction so that the discharge of protocol-specific proof obligations is reduced to first-order reasoning. Also, the verification conditions are modularly associated with the protocol message... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Fang: a firewall analysis engine

    Publication Year: 2000, Page(s):177 - 187
    Cited by:  Papers (89)  |  Patents (11)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (192 KB)

    Today, even a moderately sized corporate intranet contains multiple firewalls and routers, which are all used to enforce various aspects of the global corporate security policy. Configuring these devices to work in unison is difficult, especially if they are made by different vendors. Even testing or reverse engineering an existing configuration (say when a new security administrator takes over) i... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Will openish source really improve security?

    Publication Year: 2000, Page(s):128 - 129
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (120 KB)

    I am using the term openish source as a reaction to the fact that the OSI has hijacked the term open source and the natural definition most people likely intuit does not apply. The term I am using is ridiculous. I chose an intentionally ridiculous term to emphasize the silly nature of common arguments for making open source mean something it does not mean to most people. The openish source communi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Practical techniques for searches on encrypted data

    Publication Year: 2000, Page(s):44 - 55
    Cited by:  Papers (216)  |  Patents (25)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (308 KB)

    It is desirable to store data on data storage servers such as mail servers and file servers in encrypted form to reduce security and privacy risks. But this usually implies that one has to sacrifice functionality for security. For example, if a client wishes to retrieve only documents containing certain words, it was not previously known how to let the data storage server perform the search and an... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Efficient authentication and signing of multicast streams over lossy channels

    Publication Year: 2000, Page(s):56 - 73
    Cited by:  Papers (294)  |  Patents (20)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (520 KB)

    Multicast stream authentication and signing is an important and challenging problem. Applications include the continuous authentication of radio and TV Internet broadcasts, and authenticated data distribution by satellite. The main challenges are fourfold. First, authenticity must be guaranteed even when only the sender of the data is trusted. Second, the scheme needs to scale to potentially milli... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Searching for a solution: engineering tradeoffs and the evolution of provably secure protocols

    Publication Year: 2000, Page(s):82 - 95
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (412 KB)

    Tradeoffs are an important part of engineering security. Protocol security is important. So are efficiency and cost. The paper provides an early framework for handling such aspects in a uniform way based on combinatorial optimisation techniques. BAN logic is viewed as both a specification and proof system and as a “protocol programming language”. The paper shows how evolutionary search... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.