Computer Security Applications, 2000. ACSAC '00. 16th Annual Conference

11-15 Dec. 2000

Filter Results

Displaying Results 1 - 25 of 46
  • Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00) [front matter]

    Publication Year: 2000
    Request permission for commercial reuse | PDF file iconPDF (248 KB)
    Freely Available from IEEE
  • A flexible access control service for Java mobile code

    Publication Year: 2000, Page(s):356 - 365
    Cited by:  Papers (5)  |  Patents (11)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (960 KB)

    Mobile code (MC) technologies provide appealing solutions for the development of Internet applications. For instance, Java technology facilitates dynamic loading of application code from remote servers on to heterogeneous clients distributed all over the Internet. However, executing foreign code that has been loaded from the network raises significant security concerns which limit the diffusion of... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Index of authors

    Publication Year: 2000, Page(s):411 - 412
    Request permission for commercial reuse | PDF file iconPDF (77 KB)
    Freely Available from IEEE
  • Experience with software watermarking

    Publication Year: 2000, Page(s):308 - 316
    Cited by:  Papers (30)  |  Patents (14)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (692 KB)

    There are at least four US patents on software watermarking, and an idea for further advancing the state of the art was presented by C. Collberg and C. Thomborsen (1999). The new idea is to embed a watermark in dynamic data structures, thereby protecting against many program-transformation attacks. Until now there have been no reports on practical experience with this technique. We have implemente... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using attribute certificates with mobile policies in electronic commerce applications

    Publication Year: 2000, Page(s):298 - 307
    Cited by:  Papers (3)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (784 KB)

    Many electronic commerce applications, including those developed for business-to-consumer (B2C) and business-to-business (B2B) uses, require operations in computing environments that are truly distributed. That is, users can request data access from multiple locations within a distributed computing system. To complicate this type of operation, however, data can be distributed and represented in mu... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Introducing decryption authority into PKI

    Publication Year: 2000, Page(s):288 - 296
    Cited by:  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (720 KB)

    It is well-known that CA plays the central role in PKI. We introduce a new component into PKI, DA (decryption authority), which decrypts important and sensitive messages for clients under certain conditions. A PKI with DA provides solutions to many security problems in e-commerce and online transactions. If we consider that public key cryptography provides both digital signature and asymmetric enc... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A reliable, scalable general-purpose certificate store

    Publication Year: 2000, Page(s):278 - 287
    Cited by:  Papers (4)  |  Patents (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (952 KB)

    Although there have been various proposals to build large-scale PKIs, there appears to be no research publicly available on the underlying certificate store which will be required to support such a PKI. This paper analyses the requirements for, and presents the design of a general-purpose certificate store which places few constraints on the underlying computer hardware or operating system used, p... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Binding identities and attributes using digitally signed certificates

    Publication Year: 2000, Page(s):120 - 127
    Cited by:  Papers (19)  |  Patents (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (540 KB)

    A certificate is digitally signed by a certificate authority (CA) to confirm that the information in the certificate is valid and belongs to the subject. Certificate users can verify the integrity and validity of a certificate by checking the issuing CA's digital signature in the certificate and, if necessary, chasing certificate chain and revocation lists. Usually, we use certificates to provide ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Dynamic access control through Petri net workflows

    Publication Year: 2000, Page(s):159 - 167
    Cited by:  Papers (25)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (600 KB)

    Access control is an important protection mechanism for information systems. An access control matrix grants subjects privileges to objects. Today, access control matrices are static they rarely change over time. This paper shows how to make access control matrices dynamic by means of workflows. Access rights are granted according to the state of the workflow. By this practice the risk of data mis... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A novel approach to on-line status authentication of public-key certificates

    Publication Year: 2000, Page(s):270 - 277
    Cited by:  Papers (8)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (564 KB)

    The widespread use of public networks, such as the Internet, for the exchange of sensitive data, like legally valid documents and business transactions, poses severe security constraints. The approach relying on public-key certificates certainly represents a valuable solution from the viewpoint of data integrity and authentication. The effectiveness of the approach, however, may be arguable, espec... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Protection profiles for remailer mixes. Do the new evaluation criteria help?

    Publication Year: 2000, Page(s):107 - 118
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (984 KB)

    Early IT security evaluation criteria such as the TCSEC and the ITSEC suffered much criticism for their lack of coverage of privacy-related requirements. Recent evaluation criteria, such as the CC and the ISO-ECITS now contain components assigned to privacy. This is a step towards enhanced privacy protection, especially for non-experts. We examined the suitability and use of these components and t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Calculating costs for quality of security service

    Publication Year: 2000, Page(s):334 - 343
    Cited by:  Papers (11)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (904 KB)

    Presents a quality-of-security-service (QoSS) costing framework and a demonstration of it. A method for quantifying costs related to the security service and for storing and retrieving security information is illustrated. We describe a security model for tasks, which incorporates the ideas of variant security services invoked by the task, dynamic network modes, abstract security level choices and ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A policy-based access control mechanism for the corporate Web

    Publication Year: 2000, Page(s):150 - 158
    Cited by:  Papers (3)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (676 KB)

    Current Web technologies use access control lists (ACLs) for enforcing regulations and practices governing businesses today. Having the policy hard-coded into ACLs causes management and security problems which have sofar prevented intranets from achieving their full potential. This paper is about a concrete design of a mechanism that supports policies for regulating access to information via corpo... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • ITS4: a static vulnerability scanner for C and C++ code

    Publication Year: 2000, Page(s):257 - 267
    Cited by:  Papers (72)  |  Patents (18)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (896 KB)

    We describe ITS4, a tool for statically scanning security-critical C source code for vulnerabilities. Compared to other approaches, our scanning technique stakes out a new middle ground between accuracy and efficiency. This method is efficient enough to offer real-time feedback to developers during coding while producing few false negatives. Unlike other techniques, our method is also simple enoug... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Denial of service protection the nozzle

    Publication Year: 2000, Page(s):32 - 41
    Cited by:  Papers (2)  |  Patents (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (660 KB)

    A denial of service attack is a dominating conversation with a network resource designed to preclude other conversations with that resource. This type of attack can cost millions of dollars when the target is a critical resource such as a Web server or domain name server. Traditional methods, such as firewalls and intrusion detection systems have failed to provide adequate protection from this typ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Policy mediation for multi-enterprise environments

    Publication Year: 2000, Page(s):100 - 106
    Cited by:  Papers (1)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (512 KB)

    Existing software infrastructures and middleware provide uniform security services across heterogeneous information networks. However few, if any, tools exist that support access control policy management for and between large enterprise information networks. Insiders often exploit gaps in policies to mount devastating attacks. This paper presents a Policy Machine and Policy Mediation Architecture... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A self-extension monitoring for security management

    Publication Year: 2000, Page(s):196 - 203
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (708 KB)

    In the coming age of information warfare, information security patterns take on a more offensive than defensive stance. However most existing security systems remain passive and do not provide an active form of security protection. It is necessary to develop an active form of offensive approach to security protection in order to guard vital information infrastructures and thwart hackers. This pape... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Policy-based authentication and authorization: secure access to the network infrastructure

    Publication Year: 2000, Page(s):328 - 333
    Cited by:  Papers (2)  |  Patents (29)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (508 KB)

    A gaping hole in many of today's networks is the weak security surrounding the network devices themselves-the routers, the switches and the access servers. In all public networks and in some private networks, the network devices are shared virtually among different user communities. Access to the configuration schemes and command lines is most often an “all or nothing” proposition-the ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Scalable policy driven and general purpose public key infrastructure (PKI)

    Publication Year: 2000, Page(s):138 - 147
    Cited by:  Papers (1)  |  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (724 KB)

    This paper describes a flexible and general purpose PKI platform. Providing an easily interoperable security infrastructure. Developed at AT&T Labs, the architecture is part of the UCAID/Internet2 efforts in PKI and scalable security. The architecture can host multiple certificate authorities (CAs) from different vendors in a uniform and scalable manner. This facilitates scalable operation wit... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security architecture for federated cooperative information systems

    Publication Year: 2000, Page(s):208 - 216
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (692 KB)

    We describe the design and implementation of a security architecture for a cooperative information system implemented with CORBA technologies. We first define a role-based policy for a specific case study. We then show how this policy is enforced by an architecture made of a selection of commercial off the shelf components and a small number of developed components. Finally, we focus on the intero... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security architectures for controlled digital information dissemination

    Publication Year: 2000, Page(s):224 - 233
    Cited by:  Papers (17)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (712 KB)

    Besides securing transmission of digital information at lower layers, several application-level security solutions for controlled dissemination of digital information have been developed using cryptographic, watermarking or use-control technologies. These dissemination control solutions have been designed for different business purposes. Little research, if any, identifies security architectures f... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On computer viral infection and the effect of immunization

    Publication Year: 2000, Page(s):246 - 256
    Cited by:  Papers (30)  |  Patents (9)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1496 KB)

    Viruses remain a significant threat to modern networked computer systems. Despite the best efforts of those who develop anti-virus systems, new viruses and new types of virus that are not dealt with by existing protection schemes appear regularly. In addition, the rate at which a virus can spread has risen dramatically with the increase in connectivity. Defenses against infections by known viruses... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Two state-based approaches to program-based anomaly detection

    Publication Year: 2000, Page(s):21 - 30
    Cited by:  Papers (16)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (768 KB)

    This paper describes two intrusion detection algorithms, and gives experimental results on their performance. The algorithms detect anomalies in execution audit data. One is a simply constructed finite-state machine, and the other monitors statistical deviations from normal program behavior. The performance of these algorithms is evaluated as a function of the amount of available training data, an... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Implementing security policies using the Safe Areas of Computation approach

    Publication Year: 2000, Page(s):90 - 99
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1000 KB)

    The World Wide Web is playing a major role in reducing business costs and in providing convenience to users. Digital libraries capitalize on this technology to distribute documents that are stored in their servers. Online banks capitalize on this technology to reduce their operating costs and to offer 24 hour services to their clients. These two services are examples of services that require a hig... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Less harm, less worry or how to improve network security by bounding system offensiveness

    Publication Year: 2000, Page(s):188 - 195
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (620 KB)

    We describe a new class of tools for protecting computer systems from security attacks. Their distinguished feature is the principle they are based on. Host or network protection is not achieved by strengthening their defenses but by weakening the enemy's offensive capabilities. A prototype tool has been implemented that demonstrates that such an approach is feasible and effective. We show that so... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.