By Topic

Computer Security Applications, 2000. ACSAC '00. 16th Annual Conference

11-15 Dec. 2000

Filter Results

Displaying Results 1 - 25 of 46
  • Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00) [front matter]

    Publication Year: 2000
    Request permission for commercial reuse | PDF file iconPDF (248 KB)
    Freely Available from IEEE
  • A flexible access control service for Java mobile code

    Publication Year: 2000, Page(s):356 - 365
    Cited by:  Papers (5)  |  Patents (11)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (960 KB)

    Mobile code (MC) technologies provide appealing solutions for the development of Internet applications. For instance, Java technology facilitates dynamic loading of application code from remote servers on to heterogeneous clients distributed all over the Internet. However, executing foreign code that has been loaded from the network raises significant security concerns which limit the diffusion of... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Index of authors

    Publication Year: 2000, Page(s):411 - 412
    Request permission for commercial reuse | PDF file iconPDF (77 KB)
    Freely Available from IEEE
  • Security agility in response to intrusion detection

    Publication Year: 2000, Page(s):11 - 20
    Cited by:  Papers (11)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (964 KB)

    Cooperative frameworks for intrusion detection and response exemplify a key area of today's computer research: automating defenses against malicious attacks that increasingly are taking place at grander speeds and scales to enhance the survivability of distributed systems and maintain mission critical functionality. At the individual host-level, intrusion response often includes security policy re... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security against compelled disclosure

    Publication Year: 2000, Page(s):2 - 10
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (784 KB)

    Various existing and pending legislation can be used to force individuals and organisations to disclose confidential information. Courts may order a wide variety of data to be turned over by either party in civil and criminal cases. Government agencies are explicitly tasked with protecting national economic security. Organised crime will target information just like any other valuable asset. In a ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Denial of service protection the nozzle

    Publication Year: 2000, Page(s):32 - 41
    Cited by:  Papers (2)  |  Patents (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (660 KB)

    A denial of service attack is a dominating conversation with a network resource designed to preclude other conversations with that resource. This type of attack can cost millions of dollars when the target is a critical resource such as a Web server or domain name server. Traditional methods, such as firewalls and intrusion detection systems have failed to provide adequate protection from this typ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Enabling secure on-line DNS dynamic update

    Publication Year: 2000, Page(s):52 - 58
    Cited by:  Papers (4)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (524 KB)

    Domain Name System (DNS) is the system for the mapping between easily memorizable host names and their IP addresses. Due to its criticality, security extensions to DNS have been proposed in an Internet Engineering Task Force (IETF) working group to provide authentication. We point out two difficulties in the current DNSSEC (DNS Security Extension) standards in the handling of DNS dynamic updates: ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Fair on-line gambling

    Publication Year: 2000, Page(s):394 - 400
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (408 KB)

    This paper proposes a fair electronic gambling scheme for the Internet. The proposed scheme provides a unique link between payment and gambling outcome so that the winner can be ensured to get the payment. Since an optimal fair exchange method is used in gambling message exchange the proposed system guarantees that no one can successfully cheat during a gambling process. Our system requires an off... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • ITS4: a static vulnerability scanner for C and C++ code

    Publication Year: 2000, Page(s):257 - 267
    Cited by:  Papers (66)  |  Patents (16)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (896 KB)

    We describe ITS4, a tool for statically scanning security-critical C source code for vulnerabilities. Compared to other approaches, our scanning technique stakes out a new middle ground between accuracy and efficiency. This method is efficient enough to offer real-time feedback to developers during coding while producing few false negatives. Unlike other techniques, our method is also simple enoug... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Efficient commerce protocols based on one-time pads

    Publication Year: 2000, Page(s):317 - 326
    Cited by:  Patents (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (720 KB)

    Presents a new commerce protocol that allows customers and merchants to conduct face-to-face credit-card authorizations with a credit card company securely, with the option of anonymity for the customer, the merchant, or both. Our protocol guarantees that both parties agree to and know the outcome of each transaction. Our protocol has three advantages over others. First, we need only two message a... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • History based distributed filtering - a tagging approach to network-level access control

    Publication Year: 2000, Page(s):373 - 382
    Cited by:  Papers (1)  |  Patents (9)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (916 KB)

    Discusses a network-level access control technique that applies the non-discretionary access control model to individual data packets that are exchanged between hosts or subnets. The proposed technique examines the incoming data's integrity properties to prevent applications within a node or subnetwork from so-called subversive channels. It checks outgoing data's secrecy requirements before transm... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using operating system wrappers to increase the resiliency of commercial firewalls

    Publication Year: 2000, Page(s):236 - 245
    Cited by:  Papers (1)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (784 KB)

    Operating system wrappers technology provides a means for providing fine grained controls on the operation of applications software. Application proxy firewalls can gain from this technology by wrapping the proxies, thus preventing bugs (or malicious software) in the proxy from subverting the intent of the firewall. We describe several experiments we performed with wrappers and firewalls, using se... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A network audit system for host-based intrusion detection (NASHID) in Linux

    Publication Year: 2000, Page(s):178 - 187
    Cited by:  Papers (2)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (624 KB)

    Recent work has shown that conventional operating system audit trails are insufficient to detect low-level network attacks. Because audit trails are typically based upon system calls or application sources, operations in the network protocol stack go unaudited. Earlier work has determined the audit data needed to detect low-level network attacks. We describe an implementation of an audit system wh... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A policy-based access control mechanism for the corporate Web

    Publication Year: 2000, Page(s):150 - 158
    Cited by:  Papers (3)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (676 KB)

    Current Web technologies use access control lists (ACLs) for enforcing regulations and practices governing businesses today. Having the policy hard-coded into ACLs causes management and security problems which have sofar prevented intranets from achieving their full potential. This paper is about a concrete design of a mechanism that supports policies for regulating access to information via corpo... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Binding identities and attributes using digitally signed certificates

    Publication Year: 2000, Page(s):120 - 127
    Cited by:  Papers (17)  |  Patents (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (540 KB)

    A certificate is digitally signed by a certificate authority (CA) to confirm that the information in the certificate is valid and belongs to the subject. Certificate users can verify the integrity and validity of a certificate by checking the issuing CA's digital signature in the certificate and, if necessary, chasing certificate chain and revocation lists. Usually, we use certificates to provide ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using attribute certificates with mobile policies in electronic commerce applications

    Publication Year: 2000, Page(s):298 - 307
    Cited by:  Papers (3)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (784 KB)

    Many electronic commerce applications, including those developed for business-to-consumer (B2C) and business-to-business (B2B) uses, require operations in computing environments that are truly distributed. That is, users can request data access from multiple locations within a distributed computing system. To complicate this type of operation, however, data can be distributed and represented in mu... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Implementing security policies using the Safe Areas of Computation approach

    Publication Year: 2000, Page(s):90 - 99
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1000 KB)

    The World Wide Web is playing a major role in reducing business costs and in providing convenience to users. Digital libraries capitalize on this technology to distribute documents that are stored in their servers. Online banks capitalize on this technology to reduce their operating costs and to offer 24 hour services to their clients. These two services are examples of services that require a hig... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Secure compartmented data access over an untrusted network using a COTS-based architecture

    Publication Year: 2000, Page(s):217 - 223
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (496 KB)

    We present an approach to secure compartmented data access over an untrusted network using a secure network computing architecture. We describe the architecture and show how application-level firewalls and other commercial-off-the-shelf (COTS) products may be used to implement compartmentalized access to sensitive information and to provide access control over an untrusted network and in a variety... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Two state-based approaches to program-based anomaly detection

    Publication Year: 2000, Page(s):21 - 30
    Cited by:  Papers (16)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (768 KB)

    This paper describes two intrusion detection algorithms, and gives experimental results on their performance. The algorithms detect anomalies in execution audit data. One is a simply constructed finite-state machine, and the other monitors statistical deviations from normal program behavior. The performance of these algorithms is evaluated as a function of the amount of available training data, an... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Virtual enterprise networks: the next generation of secure enterprise networking

    Publication Year: 2000, Page(s):42 - 51
    Cited by:  Papers (1)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (884 KB)

    We present a vision of computing environments in which enterprise networks are built using untrusted public infrastructures. The vision allows for networks to dynamically change depending on the need of their users, rather than forcing the users to build organizations around networks. This vision is realized through a design abstraction called virtual enterprise networking, or short Supernetworkin... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Layering boundary protections: an experiment in information assurance

    Publication Year: 2000, Page(s):60 - 66
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (648 KB)

    The DARPA Information Assurance Program has the aim of developing and executing experiments that test specific hypotheses about defense in depth and dynamic defense capabilities. This paper describes the development and execution of an experiment in layering. The basic hypothesis was that layers of defense, when added in a careful and systematic way to a base system lead to increased protection ag... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A high-speed ECC-based wireless authentication on an ARM microprocessor

    Publication Year: 2000, Page(s):401 - 409
    Cited by:  Papers (4)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (588 KB)

    We present the results of our implementation of elliptic curve cryptography (ECC) over the field GF(p) on an 80-MHz, 32-bit ARM microprocessor. We have produced a practical software library which supports variable length implementation of the elliptic curve digital signature algorithm (ECDSA). We implemented the ECDSA and a recently proposed ECC-based wireless authentication protocol using the lib... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A novel approach to on-line status authentication of public-key certificates

    Publication Year: 2000, Page(s):270 - 277
    Cited by:  Papers (8)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (564 KB)

    The widespread use of public networks, such as the Internet, for the exchange of sensitive data, like legally valid documents and business transactions, poses severe security constraints. The approach relying on public-key certificates certainly represents a valuable solution from the viewpoint of data integrity and authentication. The effectiveness of the approach, however, may be arguable, espec... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Policy-based authentication and authorization: secure access to the network infrastructure

    Publication Year: 2000, Page(s):328 - 333
    Cited by:  Papers (2)  |  Patents (28)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (508 KB)

    A gaping hole in many of today's networks is the weak security surrounding the network devices themselves-the routers, the switches and the access servers. In all public networks and in some private networks, the network devices are shared virtually among different user communities. Access to the configuration schemes and command lines is most often an “all or nothing” proposition-the ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Chinese Remainder Theorem and its application in a high-speed RSA crypto chip

    Publication Year: 2000, Page(s):384 - 393
    Cited by:  Papers (6)  |  Patents (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (660 KB)

    The performance of RSA hardware is primarily determined by an efficient implementation of the long-integer modular arithmetic and the ability to utilize the Chinese Remainder Theorem (CRT) for the private key operations. This paper presents the multiplier architecture of the RSAγ crypto-chip, a high-speed hardware accelerator for long-integer modular arithmetic. The RSAγ multiplier dat... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.