By Topic

Security and Privacy, 2000. S&P 2000. Proceedings. 2000 IEEE Symposium on

Date 17-17 May 2000

Filter Results

Displaying Results 1 - 24 of 24
  • Author index

    Page(s): 256
    Save to Project icon | Request Permissions | PDF file iconPDF (45 KB)  
    Freely Available from IEEE
  • Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000

    Save to Project icon | Request Permissions | PDF file iconPDF (147 KB)  
    Freely Available from IEEE
  • Fang: a firewall analysis engine

    Page(s): 177 - 187
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (192 KB)  

    Today, even a moderately sized corporate intranet contains multiple firewalls and routers, which are all used to enforce various aspects of the global corporate security policy. Configuring these devices to work in unison is difficult, especially if they are made by different vendors. Even testing or reverse engineering an existing configuration (say when a new security administrator takes over) is hard. Firewall configuration files are written in low level formalisms, whose readability is comparable to assembly code, and the global policy is spread over all the firewalls that are involved. To alleviate some of these difficulties, we designed and implemented a novel firewall analysis tool. Our software allows the administrator to easily discover and test the global firewall policy (either a deployed policy or a planned one). Our tool uses a minimal description of the network topology and directly parses the various vendor-specific low level configuration files. It interacts with the user through a query-and-answer session, which is conducted at a much higher level of abstruction. A typical question our tool can answer is “from which machines can our DMZ be reached and with which services?” Thus, the tool complements existing vulnerability analysis tools, as it can be used before a policy is actually deployed it operates on a more understandable level of abstraction, and it deals with all the firewalls at once View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Access control meets public key infrastructure, or: assigning roles to strangers

    Page(s): 2 - 14
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1504 KB)  

    The Internet enables connectivity between many strangers: entities that don't know each other. We present the Trust Policy Language (TPL), used to define the mapping of strangers to predefined business roles, based on certificates issued by third parties. TPL is expressive enough to allow complex policies, e.g. non-monotone (negative) certificates, while being simple enough to allow automated policy checking and processing. Issuers of certificates are either known in advance, or provide sufficient certificates to be considered a trusted authority according to the policy. This allows bottom-up, “grass roots” buildup of trust, as in the real world. We extend, rather than replace, existing role based access control mechanisms. This provides a simple, modular architecture and easy migration from existing systems. Our system automatically collects missing certificates from peer servers. In particular this allows use of standard browsers, which pass only one certificate to the server. We describe our implementation, which can be used as an extension of a Web server or as a separate server with interface to applications View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A more efficient use of delta-CRLs

    Page(s): 190 - 202
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (352 KB)  

    Delta-certificate revocation lists (delta-CRLs) were designed to provide a more efficient way to distribute certificate status information. However, as the paper shows, in some environments the benefits of using delta-CRLs will be minimal if delta-CRLs are used as was originally intended. The paper provides an analysis of delta-CRLs that demonstrates the problems associated with issuing delta-CRLs in the “traditional” manner. A new, more efficient technique for issuing delta-CRLs, sliding window delta-CRLs, is presented View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Authentication tests

    Page(s): 96 - 109
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (368 KB)  

    Suppose a principal in a cryptographic protocol creates and transmits a message containing a new value v, which it later receives back in cryptographically altered form. It can conclude that some principal possessing the relevant key has transformed the message containing v. In some circumstances, this must be a regular participant of the protocol, not the penetrator. An inference of this kind is an authentication test. We introduce two main kinds of authentication test. An outgoing test is one in which the new value v is transmitted in encrypted form, and only a regular participant can extract it from that form. An incoming test is one in which v is received back in encrypted form, and only a regular participant can put it in that form. We combine these two tests with a supplementary idea, the unsolicited test, and a related method for checking that certain values remain secret. Together they determine what authentication properties are achieved by a wide range of cryptographic protocols. We introduce authentication tests and illustrate their power giving new and straightforward proofs of security goals for several protocols. We also illustrate how to use the authentication tests as a heuristic for finding attacks against incorrect protocols. Finally we suggest a protocol design process. We express these ideas in the strand space formalism and prove them correct elsewhere (Gullman and Thayer Fabrega, 2000) View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A security infrastructure for distributed Java applications

    Page(s): 15 - 26
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (292 KB)  

    We describe the design and implementation of a security infrastructure for a distributed Java application. This work is inspired by SDSI/SPKI, but has a few twists of its own. We define a logic for access control, such that access is granted iff a proof that it should be granted is derivable in the logic. Our logic supports linked local name spaces, privilege delegation across administrative domains, and attribute certificates. We use SSL to establish secure channels through which principals can “speak”, and have implemented our access control system in Java. While we implemented our infrastructure for the Placeless Documents System, our design is applicable to other applications as well. We discuss general issues related to building secure, distributed Java applications that we discovered View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Practical techniques for searches on encrypted data

    Page(s): 44 - 55
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (308 KB)  

    It is desirable to store data on data storage servers such as mail servers and file servers in encrypted form to reduce security and privacy risks. But this usually implies that one has to sacrifice functionality for security. For example, if a client wishes to retrieve only documents containing certain words, it was not previously known how to let the data storage server perform the search and answer the query, without loss of data confidentiality. We describe our cryptographic schemes for the problem of searching on encrypted data and provide proofs of security for the resulting crypto systems. Our techniques have a number of crucial advantages. They are provably secure: they provide provable secrecy for encryption, in the sense that the untrusted server cannot learn anything about the plaintext when only given the ciphertext; they provide query isolation for searches, meaning that the untrusted server cannot learn anything more about the plaintext than the search result; they provide controlled searching, so that the untrusted server cannot search for an arbitrary word without the user's authorization; they also support hidden queries, so that the user may ask the untrusted server to search for a secret word without revealing the word to the server. The algorithms presented are simple, fast (for a document of length n, the encryption and search algorithms only need O(n) stream cipher and block cipher operations), and introduce almost no space and communication overhead, and hence are practical to use today View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security and source code access: issues and realities

    Page(s): 124 - 125
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (48 KB)  

    This paper addresses some of the benefits and drawbacks for security of open access to source code. After a discussion of alternative models for open access to source code, the paper reviews the positive and negative implications of each for system security. The paper concludes that source code review can have real benefits for security, but that those benefits are not realized automatically, and that some source code access models introduce significant drawbacks View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Verifying the EROS confinement mechanism

    Page(s): 166 - 176
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (260 KB)  

    Capability systems can be used to implement higher-level security policies including the *-property if a mechanism exists to ensure confinement. The implementation can be efficient if the “weak” access restriction described in this paper is introduced. In the course of developing EROS, a pure capability system, it became clear that verifying the correctness of the confinement mechanism was necessary in establishing the security of the operating system. We present a verification of the EROS confinement mechanism with respect to a broad class of capability architectures (including EROS). We give a formal statement of the requirements, construct a model of the architecture's security policy and operational semantics, and show that architectures covered by this model enforce the confinement requirements if a small number of initial static checks on the confined subsystem are satisfied. The method used generalizes to any capability system View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Privacy technology lessons from healthcare

    Page(s): 78 - 79
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (36 KB)  

    The probability that information will be abused depends both on its value and on the number of people, who have access. The modern trend to ever larger databases increases both of these risk factors at the same time. Compartmented security policies can solve many of the technical issues, and there are applications such as healthcare where they have been developed in some detail. But the big problem isn't technical; it is legal and regulatory. Insurers, employers and governments won't adopt compartmented systems, or will allow them to be adopted only in places such as hospitals which are not where the real threats lie View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Logic induction of valid behavior specifications for intrusion detection

    Page(s): 142 - 153
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (288 KB)  

    This paper introduces an automated technique for constructing valid behavior specifications of programs (at the system call level) that are independent of system vulnerabilities and are highly effective in identifying intrusions. The technique employs a machine learning method, inductive logic programming (ILP), for synthesizing first order logic formulas that describe the valid operations of a program from the normal runs of the program. ILP backed by theories and techniques extended from computational logic, allows the use of complex domain-specific background knowledge in the learning process to produce sound and consistent knowledge. A specification induction engine has been developed by extending an existing ILP tool and has been used to construct specifications for several (>10) privileged programs in Unix. Coupling with rich background knowledge in systems and security, the prototype induction engine generates human understandable and analytable specifications that are as good as those specified by a human. Preliminary experiments with existing attacks show that the generated specifications are highly effective in detecting attacks that subvert privileged programs to gain unauthorized accesses to resources View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Open source in security: visiting the bizarre

    Page(s): 126 - 127
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (52 KB)  

    Although open-source software development has virtues, there is reason to believe that the approach would not have a significant effect on the security of today's systems. The lion's share of vulnerabilities caused by software bugs is easily dealt with by means other than source code inspections. The tenets of open-source development are inhospitable to business models whose success depends on promoting secure systems View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Protocol-independent secrecy

    Page(s): 110 - 119
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (296 KB)  

    Inductive proofs of secrecy invariants for cryptographic protocols can be facilitated by separating the protocol dependent part from the protocol-independent part. Our secrecy theorem encapsulates the use of induction so that the discharge of protocol-specific proof obligations is reduced to first-order reasoning. Also, the verification conditions are modularly associated with the protocol messages. Secrecy proofs for Otway-Rees (1987) and the corrected Needham-Schroeder protocol are given View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Will openish source really improve security?

    Page(s): 128 - 129
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (120 KB)  

    I am using the term openish source as a reaction to the fact that the OSI has hijacked the term open source and the natural definition most people likely intuit does not apply. The term I am using is ridiculous. I chose an intentionally ridiculous term to emphasize the silly nature of common arguments for making open source mean something it does not mean to most people. The openish source community claims that the movement towards providing free, source-code available programs will result in more secure software. This claim appears to be based on several fallacies briefly presented: the Microsoft fallacy; the Java fallacy; and the many-eyeballs fallacy View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An efficient, dynamic and trust preserving public key infrastructure

    Page(s): 203 - 214
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (288 KB)  

    Nested certification is a methodology for efficient certificate path verification. Nested certificates can be used together with classical certificates in the Public Key Infrastructures (PKIs). Such a PKI, which is called nested certificate based PKI (NPKI), is proposed as an alternative to classical PKI. The NPKI formation model is a transition from an existing PKI by issuing nested certificates. Thus, we can extract efficiently verifiable nested certificate paths instead of classical certificate paths. NPKI is a dynamic system and involves several authorities in order to add a new user to the system. This uses the authorities' idle time to the benefit of the verifiers. We analyze the trade-off between the nested certification overhead and the time improvement on the certificate path verification. This trade-off is acceptable in order to generate quickly verifiable certificate paths. Moreover, PKI-to-NPKI transition preserves the existing hierarchy and trust relationships in the PKI, so that it can be used for strictly hierarchical PKIs View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using model checking to analyze network vulnerabilities

    Page(s): 156 - 165
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (132 KB)  

    Even well administered networks are vulnerable to attacks due to the security ramifications of offering a variety of combined services. That is, services that are secure when offered in isolation nonetheless provide an attacker with a vulnerability to exploit when offered simultaneously. Many current tools address vulnerabilities in the context of a single host. We address vulnerabilities due to the configuration of various hosts in a network. In a different line of research, formal methods are often useful for generating test cases, and model checkers are particularly adept at this task due to their ability to generate counterexamples. We address the network vulnerabilities problem with test cases, which amount to attack scenarios, generated by a model checker. We encode the vulnerabilities in a state machine description suitable for a model checker and then assert that an attacker cannot acquire a given privilege on a given host. The model checker either offers assurance that the assertion is true on the actual network or provides a counterexample detailing each step of a successful attack View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A practically implementable and tractable delegation logic

    Page(s): 27 - 42
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (360 KB)  

    We address the goal of making Delegation Logic (DL) into a practically implementable and tractable trust management system. DL (N. Li et al., 1999) is a logic based knowledge representation (i.e., language) for authorization in large scale, open, distributed systems. DL inferencing is computationally intractable and highly impractical to implement. We introduce a new version of Delegation Logic that remedies these difficulties. To achieve this, we impose a syntactic restriction and redefine the semantics somewhat. We show that, for this revised version of DL, inferencing is computationally tractable under the same commonly met restrictions for which Ordinary Logic Programs (OLP) inferencing is tractable (e.g., Datalog and bounded number of logical variables per rule). We give an implementation architecture for this version of DL; it uses a delegation compiler from DL to OLP and can modularly exploit a variety of existing OLP inference engines. As proof of concept, we have implemented a large expressive subset of this version of DL, using this architecture View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Searching for a solution: engineering tradeoffs and the evolution of provably secure protocols

    Page(s): 82 - 95
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (412 KB)  

    Tradeoffs are an important part of engineering security. Protocol security is important. So are efficiency and cost. The paper provides an early framework for handling such aspects in a uniform way based on combinatorial optimisation techniques. BAN logic is viewed as both a specification and proof system and as a “protocol programming language”. The paper shows how evolutionary search in the form of genetic algorithms can be utilised to “grow” correct and efficient BAN protocols and shows how goals and assumptions can co-evolve, effectively engaging in “specification synthesis” View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using conservation of flow as a security mechanism in network protocols

    Page(s): 132 - 141
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (184 KB)  

    The law of conservation of flow, which states that an input must either be absorbed or sent on as an output (possibly with modification), is an attractive tool with which to analyze network protocols for security properties. One of its uses is to detect disruptive network elements that launch denial of service attacks by absorbing or discarding packets. Its use requires several assumptions about the protocols being analyzed. We examine the WATCHERS algorithm to detect misbehaving routers. We show that it uses conservation of flow without sufficient verification of its assumptions, and can consequently be defeated. We suggest improvements to make the use of conservation of flow valid View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • LOMAC: Low Water-Mark integrity protection for COTS environments

    Page(s): 230 - 245
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (336 KB)  

    We hypothesize that a form of kernel-resident access control based integrity protection can gain widespread acceptance in commercial off-the-shelf (COTS) environments, provided that it couples some useful protection with a high degree of compatibility with existing software, configurations, and practices. To test this hypothesis, we have developed a highly compatible free open-source prototype called LOMAC, and released it on the Internet. LOMAC is a dynamically loadable extension for COTS Linux kernels that provides integrity protection based on Low Water-Mark access control. We present a classification of existing access control models with regard to compatibility, concluding that models similar to Low Water-Mark are especially well suited to high-compatibility solutions. We also describe our practical strategies for dealing with the pathological cases in the Low Water-Mark model's behavior which include a small extension of the model, and an unusual application of its concepts View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Efficient authentication and signing of multicast streams over lossy channels

    Page(s): 56 - 73
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (520 KB)  

    Multicast stream authentication and signing is an important and challenging problem. Applications include the continuous authentication of radio and TV Internet broadcasts, and authenticated data distribution by satellite. The main challenges are fourfold. First, authenticity must be guaranteed even when only the sender of the data is trusted. Second, the scheme needs to scale to potentially millions of receivers. Third, streamed media distribution can have high packet loss. Finally the system needs to be efficient to support fast packet rates. We propose two efficient schemes, TESLA and EMSS, for secure lossy multicast streams. TESLA (Timed Efficient Stream Loss-tolerant Authentication), offers sender authentication, strong loss robustness, high scalability and minimal overhead at the cost of loose initial time synchronization and slightly delayed authentication. EMSS (Efficient Multi-chained Stream Signature), provides nonrepudiation of origin, high loss resistance, and low overhead, at the cost of slightly delayed verification View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • IRM enforcement of Java stack inspection

    Page(s): 246 - 255
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (476 KB)  

    Two implementations are given for Java's stack inspection access-control policy. Each implementation is obtained by generating an inlined reference monitor (IRM) for a different formulation of the policy. Performance of the implementations is evaluated, and one is found to be competitive with Java's less flexible, JVM-resident implementation. The exercise illustrates the power of the IRM approach for enforcing security policies View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Kronos: a scalable group re-keying approach for secure multicast

    Page(s): 215 - 228
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (292 KB)  

    The authors describe a novel approach to scalable group re-keying for secure multicast. Our approach, which we call Kronos, is based upon the idea of periodic group re-keying. We first motivate our approach by showing that if a group is re-keyed on each membership change, as the size of the group increases and/or the rate at which members leave and join the group increases, the frequency of rekeying becomes the primary bottle neck for scalable group re-keying. In contrast, Kronos can scale to handle large and dynamic groups because the frequency of re-keying is independent of the size and membership dynamics of the group. Next, we describe how Kronos can be used in conjunction with distributed key management frameworks such as IGKMP (T. Hardjono et al., 1998) that use a single group-wide session key for encrypting communications between members of the group. Using a detailed simulation, we compare the performance tradeoffs between Kronos and other key management protocols View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.