By Topic

Computer Security Applications, 2000. ACSAC '00. 16th Annual Conference

Date 11-15 Dec. 2000

Filter Results

Displaying Results 1 - 25 of 46
  • Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00) [front matter]

    Save to Project icon | Request Permissions | PDF file iconPDF (248 KB)  
    Freely Available from IEEE
  • Index of authors

    Page(s): 411 - 412
    Save to Project icon | Request Permissions | PDF file iconPDF (77 KB)  
    Freely Available from IEEE
  • Framework for role-based delegation models

    Page(s): 168 - 176
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (536 KB)  

    The basic idea behind delegation is that some active entity in a system delegates authority to another active entity to carry out some functions on behalf of the former. Delegation in computer systems can take many forms: human to human, human to machine, machine to machine, and perhaps even machine to human. We focuses on the human to human form of delegation using roles. As we show, there are many different ways in which role-based human-to-human delegation can occur. We develop a framework for identifying interesting cases that can be used for building role-based delegation models. This is accomplished by identifying the characteristics related to delegation, using these characteristics to generate possible delegation cases, and using a systematic approach to reduce the large number of cases into few useful cases which can be used to build delegation models View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A network audit system for host-based intrusion detection (NASHID) in Linux

    Page(s): 178 - 187
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (624 KB)  

    Recent work has shown that conventional operating system audit trails are insufficient to detect low-level network attacks. Because audit trails are typically based upon system calls or application sources, operations in the network protocol stack go unaudited. Earlier work has determined the audit data needed to detect low-level network attacks. We describe an implementation of an audit system which collects this data and analyze the issues that guided the implementation. Finally, we report the performance impact on the system and the rate of audit data accumulation in a test network View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security architecture for federated cooperative information systems

    Page(s): 208 - 216
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (692 KB)  

    We describe the design and implementation of a security architecture for a cooperative information system implemented with CORBA technologies. We first define a role-based policy for a specific case study. We then show how this policy is enforced by an architecture made of a selection of commercial off the shelf components and a small number of developed components. Finally, we focus on the interoperability of the security architecture we have designed View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Less harm, less worry or how to improve network security by bounding system offensiveness

    Page(s): 188 - 195
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (620 KB)  

    We describe a new class of tools for protecting computer systems from security attacks. Their distinguished feature is the principle they are based on. Host or network protection is not achieved by strengthening their defenses but by weakening the enemy's offensive capabilities. A prototype tool has been implemented that demonstrates that such an approach is feasible and effective. We show that some of the most popular DoS attacks are effectively blocked with limited impact on the sender's performance. Measurements of the implemented prototype show that controlling the outgoing traffic does not affect performance at the sender machine, when traffic is not hostile. If traffic is hostile, the limited slow down experienced at the source is the price to pay to make the Internet a safer place for all its users. The limited performance impact and the efficacy in attack prevention make tools like the one presented a new component of security architectures. Furthermore, such a type of tools represents an effective way to address security problems that are still unsolved or for which only partial solutions are available, such as the liability problem, intranet security, security tools performance and the use of distributed tools for intrusion View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Applications in health care using public-key certificates and attribute certificates

    Page(s): 128 - 137
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (864 KB)  

    Security infrastructures are increasingly used in the health care and welfare sector, particularly for providing security such as confidentiality, authenticity, integrity, non-repudiation and auditing. Especially within the health care sector, there is a need for different kinds of certificates, namely public-key certificates and attribute certificates. This necessity is caused by the huge range of processes and procedures deriving front different application areas within the health care sector. This leads to a large amount of specific and different roles, rules, access rights, and permissions for each health professional. An important security token within health care is represented by a smart card, called the health professional card (HPC). Existing solutions e.g. the German HPC, prototypes and European as well as national projects, activities, and initiatives, show the state of the art with respect to certificates. Finally, we point out unsolved problems regarding security infrastructures, jurisdiction, data protection, and advertizing via the Internet View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Experience with software watermarking

    Page(s): 308 - 316
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (692 KB)  

    There are at least four US patents on software watermarking, and an idea for further advancing the state of the art was presented by C. Collberg and C. Thomborsen (1999). The new idea is to embed a watermark in dynamic data structures, thereby protecting against many program-transformation attacks. Until now there have been no reports on practical experience with this technique. We have implemented and experimented with a watermarking system for Java based on the ideas of Collberg and Thomborsen. Our experiments show that watermarking can be done efficiently with moderate increases in code size, execution times and heap-space usage, while making the watermarked code resilient to a variety of program-transformation attacks. For a particular representation of watermarks, the time to retrieve a watermark is on the order of one minute per megabyte of heap space. Our implementation is not designed to resists all possible attacks; to do that, it should be combined with other protection techniques, such as obfuscation and tamperproofing View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Implementing security policies using the Safe Areas of Computation approach

    Page(s): 90 - 99
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1000 KB)  

    The World Wide Web is playing a major role in reducing business costs and in providing convenience to users. Digital libraries capitalize on this technology to distribute documents that are stored in their servers. Online banks capitalize on this technology to reduce their operating costs and to offer 24 hour services to their clients. These two services are examples of services that require a high degree of security. Therefore, they require a higher level of protection than the existing technologies commonly used in the World Wide Web. An approach that can be used to protect Internet transactions, called Safe Areas of Computation, was described in (dos Santos and Kemmerer, 1999). This paper describes the access control lists used by the Safe Areas of Computation approach, the operations on these access control lists supported by the approach, and how the access control lists can be customized for implementing many different security policies. This paper also describes example policies that can be used to protect digital libraries and online bank services. The paper uses the bank services as an example of how the generic security policies supported by the SAC approach can be composed View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using attribute certificates with mobile policies in electronic commerce applications

    Page(s): 298 - 307
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (784 KB)  

    Many electronic commerce applications, including those developed for business-to-consumer (B2C) and business-to-business (B2B) uses, require operations in computing environments that are truly distributed. That is, users can request data access from multiple locations within a distributed computing system. To complicate this type of operation, however, data can be distributed and represented in multiple forms. As a result, system administrators are encountering increasing difficulty in developing and managing application-specific policies for users and data. A multi-tier (N-tier) architecture can provide a powerful solution for meeting the diverse needs of the electronic commerce applications. However, a drawback to multi-tier architectures is that they require that a user's credentials and the policy-to-data mapping context must be available in the middle tier of the system architecture. This paper addresses the management of users and data by presenting a framework for combining attribute certificates with a mobile policy for effective application-specific control specification and administration in a distributed computing environment. Attribute certificates provide mobility to credentials and also provide fine-grained information about security principles. A mobile policy allows application-specific policies to move along with the data to other elements of the distributed computing system. We propose a high-level definition language to specify policies that are application-specific and mobile, and present an algorithm for enforcing attribute-based mobile policies View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • ITS4: a static vulnerability scanner for C and C++ code

    Page(s): 257 - 267
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (896 KB)  

    We describe ITS4, a tool for statically scanning security-critical C source code for vulnerabilities. Compared to other approaches, our scanning technique stakes out a new middle ground between accuracy and efficiency. This method is efficient enough to offer real-time feedback to developers during coding while producing few false negatives. Unlike other techniques, our method is also simple enough to scan C++ code despite the complexities inherent in the language. Using ITS4 we found new remotely-exploitable vulnerabilities in a widely distributed software package as well as in a major piece of e-commerce software. The ITS4 source distribution is available at http://www.rstcorp.com/its4 View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A novel approach to on-line status authentication of public-key certificates

    Page(s): 270 - 277
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (564 KB)  

    The widespread use of public networks, such as the Internet, for the exchange of sensitive data, like legally valid documents and business transactions, poses severe security constraints. The approach relying on public-key certificates certainly represents a valuable solution from the viewpoint of data integrity and authentication. The effectiveness of the approach, however, may be arguable, especially when a trivial strategy is adopted within a public key infrastructure (PKI) to deal with the problem of revoked certificates. This paper presents a novel certificate status handling scheme, based on a purposely-conceived extension of the one-way accumulator (OWA) cryptographic primitive. The distinguishing characteristic of the devised Owa-based Revocation Scheme (ORS) is that it exploits a single directory-signed proof to collectively authenticate the status of all the certificates handled by a certification authority (CA) within a PKI. A thorough investigation on the performance attainable shows that ORS exhibits the same features of the well-known Online Certificate Status Protocol (OCSP) as regards security, scalability and certificate status-updating timeliness, at the same time drastically reducing the directory computational load that, in a high-traffic context, could be nearly unbearable when OCSP is applied View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Efficient commerce protocols based on one-time pads

    Page(s): 317 - 326
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (720 KB)  

    Presents a new commerce protocol that allows customers and merchants to conduct face-to-face credit-card authorizations with a credit card company securely, with the option of anonymity for the customer, the merchant, or both. Our protocol guarantees that both parties agree to and know the outcome of each transaction. Our protocol has three advantages over others. First, we need only two message authentication code (MAC) operations per party per transaction, fewer than most popular protocols. Second, our own MAC function, OTPMAC (One-Time Pad MAC), does not rely on the existence of one-way functions or on any other unproven hypothesis. Third, our protocol generates a new one-time identifier per party per transaction, preventing the linkage of multiple transactions to a single party. Additionally, the protocol can operate in modes using alternatives to the one-time pad, including cryptographic pseudo-random number generators and conventional cryptographic MAC functions View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • History based distributed filtering - a tagging approach to network-level access control

    Page(s): 373 - 382
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (916 KB)  

    Discusses a network-level access control technique that applies the non-discretionary access control model to individual data packets that are exchanged between hosts or subnets. The proposed technique examines the incoming data's integrity properties to prevent applications within a node or subnetwork from so-called subversive channels. It checks outgoing data's secrecy requirements before transmission. Security labels are used to identify data packets as members of different categories and security levels. Additional tags store context information to validate the trustworthiness of a packet's content. Labels and tags of a data packet reflect events that may be relevant to access control throughout its life. As opposed to stateful filtering, which is based on the history of a flow of packets, our approach works on the history of an individual packet. Any state information is part of the packet rather than being stored in all the nodes inspecting the packet; i.e. nodes do not need to create and maintain state information View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Policy mediation for multi-enterprise environments

    Page(s): 100 - 106
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (512 KB)  

    Existing software infrastructures and middleware provide uniform security services across heterogeneous information networks. However few, if any, tools exist that support access control policy management for and between large enterprise information networks. Insiders often exploit gaps in policies to mount devastating attacks. This paper presents a Policy Machine and Policy Mediation Architecture for coordinating diverse policies in large information networks. The language-based approach adopted by each of these technologies permits local and global access control policy validation with static analysis and other formal techniques. Together the Policy Machine and Policy Mediation Architecture comprise an effective system for closing policy gaps in multi-enterprise environments View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security against compelled disclosure

    Page(s): 2 - 10
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (784 KB)  

    Various existing and pending legislation can be used to force individuals and organisations to disclose confidential information. Courts may order a wide variety of data to be turned over by either party in civil and criminal cases. Government agencies are explicitly tasked with protecting national economic security. Organised crime will target information just like any other valuable asset. In a less than perfectly ethical world, companies require means to protect their information assets against economic espionage, misuse of discovery processes and criminal coercion. We describe actual and potential examples of compelled disclosure abuses in the US and UK, and legal enhancements to conventional security services for protecting communications and stored data against their recurrence View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A flexible access control service for Java mobile code

    Page(s): 356 - 365
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (832 KB)  

    Mobile code (MC) technologies provide appealing solutions for the development of Internet applications. For instance, Java technology facilitates dynamic loading of application code from remote servers on to heterogeneous clients distributed all over the Internet. However, executing foreign code that has been loaded from the network raises significant security concerns which limit the diffusion of these technologies. Substantial work has already been done to provide security solutions for protecting both hosting nodes and MC. For example, the Java security architecture evolved from a rigid sandbox model to a more flexible solution where downloaded code can perform any kind of operation, depending on its source location and signature. However, the most widespread security solutions for MC platforms today do not support the sophisticated security policies required in modern inter-organisational environments. This requires expressive languages to specify the policy and flexible mechanisms for policy implementation which cater for code mobility. This paper shows how access control policies for MC-based applications can be specified in a concise and declarative language called Ponder, and how these policies can be implemented within the Java security architecture View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security architectures for controlled digital information dissemination

    Page(s): 224 - 233
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (712 KB)  

    Besides securing transmission of digital information at lower layers, several application-level security solutions for controlled dissemination of digital information have been developed using cryptographic, watermarking or use-control technologies. These dissemination control solutions have been designed for different business purposes. Little research, if any, identifies security architectures for controlling or tracking digital information dissemination in general. The identification of such will provide a foundation for developing appropriate security solutions for organizations' secure dissemination of digital information, and provide a better understanding of current application-level security solutions. We identify eight application-level security architectures based on the following three elements: virtual machine, control set and distribution style. Some of the architectures provide control and tracking capabilities for dissemination and usage of digital information, while others provide only tracking capability. We describe the architectures and compare their capabilities, merits and demerits. In addition, we review briefly some of the required mechanisms, including watermarking and use-control technologies. Also, we relate some of commercial solutions to our security architectures in order to provide insight on the current availability of our solutions architectures View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Scalable policy driven and general purpose public key infrastructure (PKI)

    Page(s): 138 - 147
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (724 KB)  

    This paper describes a flexible and general purpose PKI platform. Providing an easily interoperable security infrastructure. Developed at AT&T Labs, the architecture is part of the UCAID/Internet2 efforts in PKI and scalable security. The architecture can host multiple certificate authorities (CAs) from different vendors in a uniform and scalable manner. This facilitates scalable operation with third-party CA systems. It acts as a CA distributor driven by uniform enrollment procedures based on vendor independent PKI policies. The design of seamless integration facilitates easy integration with third party CA services such as Verisign. The architecture adapts software components into a framework for secure, authenticated IP services over the open Internet or within internal intranets. Policy descriptions, written in XML, support explicit controls upon certificate sources and contents. These XML-encoded policies define issuance and acceptance of X.509v3 certificates from multiple CAs supporting the obligations and warrantees, even if the policy is neither recorded anywhere nor referenced in the certificate. The PKI component has been developed within a general middleware platform View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Personal security environment on Palm PDA

    Page(s): 366 - 372
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (592 KB)  

    Digital signature schemes are based on the assumption that the signing key is kept in secret. Ensuring that this assumption holds is one of the most crucial problems for all current digital signature applications. This paper describes the solution developed and prototyped by the authors - using a mobile computing device with a smart-card reader for creating digital signatures. We give an overview of several common settings for digital signature applications and the problems they have, also describing several frameworks for mobile security applications. A discussion about the choice of devices, design issues, concrete solutions and their security concerns follows. We conclude that although nothing can prevent careless private key handling, careful management is easier and more convenient when using our solution View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Full text access may be available. Click article title to sign in or learn about subscription options.
  • Dynamic access control through Petri net workflows

    Page(s): 159 - 167
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (600 KB)  

    Access control is an important protection mechanism for information systems. An access control matrix grants subjects privileges to objects. Today, access control matrices are static they rarely change over time. This paper shows how to make access control matrices dynamic by means of workflows. Access rights are granted according to the state of the workflow. By this practice the risk of data misuse is decreased which is proven through an equation given in the paper. The concept of workflow is defined by Petri nets which offer a solid mathematical foundation and are well suited to represent discrete models such as workflows View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A reliable, scalable general-purpose certificate store

    Page(s): 278 - 287
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (952 KB)  

    Although there have been various proposals to build large-scale PKIs, there appears to be no research publicly available on the underlying certificate store which will be required to support such a PKI. This paper analyses the requirements for, and presents the design of a general-purpose certificate store which places few constraints on the underlying computer hardware or operating system used, provides a high degree of scalability (from single end users up to the corporate/CA level), and provides the level of reliability, availability and error recovery required of such an application and stipulated in a number of standards which cover CA operation View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Binding identities and attributes using digitally signed certificates

    Page(s): 120 - 127
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (540 KB)  

    A certificate is digitally signed by a certificate authority (CA) to confirm that the information in the certificate is valid and belongs to the subject. Certificate users can verify the integrity and validity of a certificate by checking the issuing CA's digital signature in the certificate and, if necessary, chasing certificate chain and revocation lists. Usually, we use certificates to provide the integrity of identity or attribute information of the subject. Attributes must be coupled with the corresponding identities. We introduce comprehensive approaches to bind identity and attribute certificates, identifying three different techniques: monolithic, autonomic, and chained signatures. We describe each technique and analyze the relative advantages and disadvantages of each View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On computer viral infection and the effect of immunization

    Page(s): 246 - 256
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1496 KB)  

    Viruses remain a significant threat to modern networked computer systems. Despite the best efforts of those who develop anti-virus systems, new viruses and new types of virus that are not dealt with by existing protection schemes appear regularly. In addition, the rate at which a virus can spread has risen dramatically with the increase in connectivity. Defenses against infections by known viruses rely at present on immunization yet, for a variety of reasons, immunization is often only effective on a subset of the nodes in a network and many nodes remain unprotected. Little is known about either the way in which a viral infection proceeds in general or the way that immunization affects the infection process. We present the results of a simulation study of the way in which virus infections propagate through certain types of network and of the effect that partial immunization has on the infection. The key result is that relatively low levels of immunization can slow an infection significantly View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.