By Topic

Computer Security Applications, 2000. ACSAC '00. 16th Annual Conference

11-15 Dec. 2000

Filter Results

Displaying Results 1 - 25 of 46
  • Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00) [front matter]

    Publication Year: 2000
    Request permission for commercial reuse | PDF file iconPDF (248 KB)
    Freely Available from IEEE
  • A flexible access control service for Java mobile code

    Publication Year: 2000, Page(s):356 - 365
    Cited by:  Papers (5)  |  Patents (11)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (960 KB)

    Mobile code (MC) technologies provide appealing solutions for the development of Internet applications. For instance, Java technology facilitates dynamic loading of application code from remote servers on to heterogeneous clients distributed all over the Internet. However, executing foreign code that has been loaded from the network raises significant security concerns which limit the diffusion of... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Index of authors

    Publication Year: 2000, Page(s):411 - 412
    Request permission for commercial reuse | PDF file iconPDF (77 KB)
    Freely Available from IEEE
  • Defining, computing and interpreting trust

    Publication Year: 2000, Page(s): 88
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (76 KB)

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Experience with software watermarking

    Publication Year: 2000, Page(s):308 - 316
    Cited by:  Papers (28)  |  Patents (13)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (692 KB)

    There are at least four US patents on software watermarking, and an idea for further advancing the state of the art was presented by C. Collberg and C. Thomborsen (1999). The new idea is to embed a watermark in dynamic data structures, thereby protecting against many program-transformation attacks. Until now there have been no reports on practical experience with this technique. We have implemente... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Secure smart homes using Jini and UIUC SESAME

    Publication Year: 2000, Page(s):77 - 85
    Cited by:  Papers (10)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1176 KB)

    We discuss our approach to constructing a dynamic and secure smart home environment and tackling the challenges associated with it. We envision a smart home as an active environment populated with smart, dynamically configurable consumer devices capable of interacting with humans and other smart devices. In such a dynamic and active environment, there is a great need for an agile, lightweight, dis... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using attribute certificates with mobile policies in electronic commerce applications

    Publication Year: 2000, Page(s):298 - 307
    Cited by:  Papers (3)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (784 KB)

    Many electronic commerce applications, including those developed for business-to-consumer (B2C) and business-to-business (B2B) uses, require operations in computing environments that are truly distributed. That is, users can request data access from multiple locations within a distributed computing system. To complicate this type of operation, however, data can be distributed and represented in mu... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Extending Java for package based access control

    Publication Year: 2000, Page(s):67 - 76
    Cited by:  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (708 KB)

    This paper describes an extension of the Java language that provides programmable security. The approach augments the Java syntax with constructs for specifying various access control policies for Java packages, including DAC, MAC, RBAC and TBAC. A primitive ticket based mechanism serves as the foundation for programmable security. The implementation incorporates a preprocessor for language transl... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Introducing decryption authority into PKI

    Publication Year: 2000, Page(s):288 - 296
    Cited by:  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (720 KB)

    It is well-known that CA plays the central role in PKI. We introduce a new component into PKI, DA (decryption authority), which decrypts important and sensitive messages for clients under certain conditions. A PKI with DA provides solutions to many security problems in e-commerce and online transactions. If we consider that public key cryptography provides both digital signature and asymmetric enc... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Layering boundary protections: an experiment in information assurance

    Publication Year: 2000, Page(s):60 - 66
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (648 KB)

    The DARPA Information Assurance Program has the aim of developing and executing experiments that test specific hypotheses about defense in depth and dynamic defense capabilities. This paper describes the development and execution of an experiment in layering. The basic hypothesis was that layers of defense, when added in a careful and systematic way to a base system lead to increased protection ag... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Binding identities and attributes using digitally signed certificates

    Publication Year: 2000, Page(s):120 - 127
    Cited by:  Papers (17)  |  Patents (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (540 KB)

    A certificate is digitally signed by a certificate authority (CA) to confirm that the information in the certificate is valid and belongs to the subject. Certificate users can verify the integrity and validity of a certificate by checking the issuing CA's digital signature in the certificate and, if necessary, chasing certificate chain and revocation lists. Usually, we use certificates to provide ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A reliable, scalable general-purpose certificate store

    Publication Year: 2000, Page(s):278 - 287
    Cited by:  Papers (4)  |  Patents (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (952 KB)

    Although there have been various proposals to build large-scale PKIs, there appears to be no research publicly available on the underlying certificate store which will be required to support such a PKI. This paper analyses the requirements for, and presents the design of a general-purpose certificate store which places few constraints on the underlying computer hardware or operating system used, p... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Enabling secure on-line DNS dynamic update

    Publication Year: 2000, Page(s):52 - 58
    Cited by:  Papers (4)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (524 KB)

    Domain Name System (DNS) is the system for the mapping between easily memorizable host names and their IP addresses. Due to its criticality, security extensions to DNS have been proposed in an Internet Engineering Task Force (IETF) working group to provide authentication. We point out two difficulties in the current DNSSEC (DNS Security Extension) standards in the handling of DNS dynamic updates: ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Fair on-line gambling

    Publication Year: 2000, Page(s):394 - 400
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (408 KB)

    This paper proposes a fair electronic gambling scheme for the Internet. The proposed scheme provides a unique link between payment and gambling outcome so that the winner can be ensured to get the payment. Since an optimal fair exchange method is used in gambling message exchange the proposed system guarantees that no one can successfully cheat during a gambling process. Our system requires an off... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A network audit system for host-based intrusion detection (NASHID) in Linux

    Publication Year: 2000, Page(s):178 - 187
    Cited by:  Papers (2)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (624 KB)

    Recent work has shown that conventional operating system audit trails are insufficient to detect low-level network attacks. Because audit trails are typically based upon system calls or application sources, operations in the network protocol stack go unaudited. Earlier work has determined the audit data needed to detect low-level network attacks. We describe an implementation of an audit system wh... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Protection profiles for remailer mixes. Do the new evaluation criteria help?

    Publication Year: 2000, Page(s):107 - 118
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (984 KB)

    Early IT security evaluation criteria such as the TCSEC and the ITSEC suffered much criticism for their lack of coverage of privacy-related requirements. Recent evaluation criteria, such as the CC and the ISO-ECITS now contain components assigned to privacy. This is a step towards enhanced privacy protection, especially for non-experts. We examined the suitability and use of these components and t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security against compelled disclosure

    Publication Year: 2000, Page(s):2 - 10
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (784 KB)

    Various existing and pending legislation can be used to force individuals and organisations to disclose confidential information. Courts may order a wide variety of data to be turned over by either party in civil and criminal cases. Government agencies are explicitly tasked with protecting national economic security. Organised crime will target information just like any other valuable asset. In a ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A novel approach to on-line status authentication of public-key certificates

    Publication Year: 2000, Page(s):270 - 277
    Cited by:  Papers (8)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (564 KB)

    The widespread use of public networks, such as the Internet, for the exchange of sensitive data, like legally valid documents and business transactions, poses severe security constraints. The approach relying on public-key certificates certainly represents a valuable solution from the viewpoint of data integrity and authentication. The effectiveness of the approach, however, may be arguable, espec... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using operating system wrappers to increase the resiliency of commercial firewalls

    Publication Year: 2000, Page(s):236 - 245
    Cited by:  Papers (1)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (784 KB)

    Operating system wrappers technology provides a means for providing fine grained controls on the operation of applications software. Application proxy firewalls can gain from this technology by wrapping the proxies, thus preventing bugs (or malicious software) in the proxy from subverting the intent of the firewall. We describe several experiments we performed with wrappers and firewalls, using se... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Usability meets security - the Identity-Manager as your personal security assistant for the Internet

    Publication Year: 2000, Page(s):344 - 353
    Cited by:  Papers (14)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1168 KB)

    In today's applications, most users disregard the security functionality. They do not have the knowledge and/or the motivation to configure or to use the existing security functions correctly. In this paper, we present a new concept to improve the usability of security mechanisms, introducing an extended classification of protection goals. As a result, the everyday use of security functionality ca... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security architecture for federated cooperative information systems

    Publication Year: 2000, Page(s):208 - 216
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (692 KB)

    We describe the design and implementation of a security architecture for a cooperative information system implemented with CORBA technologies. We first define a role-based policy for a specific case study. We then show how this policy is enforced by an architecture made of a selection of commercial off the shelf components and a small number of developed components. Finally, we focus on the intero... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Virtual enterprise networks: the next generation of secure enterprise networking

    Publication Year: 2000, Page(s):42 - 51
    Cited by:  Papers (1)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (884 KB)

    We present a vision of computing environments in which enterprise networks are built using untrusted public infrastructures. The vision allows for networks to dynamically change depending on the need of their users, rather than forcing the users to build organizations around networks. This vision is realized through a design abstraction called virtual enterprise networking, or short Supernetworkin... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Chinese Remainder Theorem and its application in a high-speed RSA crypto chip

    Publication Year: 2000, Page(s):384 - 393
    Cited by:  Papers (7)  |  Patents (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (660 KB)

    The performance of RSA hardware is primarily determined by an efficient implementation of the long-integer modular arithmetic and the ability to utilize the Chinese Remainder Theorem (CRT) for the private key operations. This paper presents the multiplier architecture of the RSAγ crypto-chip, a high-speed hardware accelerator for long-integer modular arithmetic. The RSAγ multiplier dat... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Framework for role-based delegation models

    Publication Year: 2000, Page(s):168 - 176
    Cited by:  Papers (80)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (536 KB)

    The basic idea behind delegation is that some active entity in a system delegates authority to another active entity to carry out some functions on behalf of the former. Delegation in computer systems can take many forms: human to human, human to machine, machine to machine, and perhaps even machine to human. We focuses on the human to human form of delegation using roles. As we show, there are ma... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Implementing security policies using the Safe Areas of Computation approach

    Publication Year: 2000, Page(s):90 - 99
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1000 KB)

    The World Wide Web is playing a major role in reducing business costs and in providing convenience to users. Digital libraries capitalize on this technology to distribute documents that are stored in their servers. Online banks capitalize on this technology to reduce their operating costs and to offer 24 hour services to their clients. These two services are examples of services that require a hig... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.