18th Annual Computer Security Applications Conference, 2002. Proceedings.

9-13 Dec. 2002

Filter Results

Displaying Results 1 - 25 of 44
  • Proceedings 18th Annual Computer Security Applications Conference

    Publication Year: 2002
    Request permission for commercial reuse | PDF file iconPDF (322 KB)
    Freely Available from IEEE
  • Author index

    Publication Year: 2002, Page(s): 4332
    Request permission for commercial reuse | PDF file iconPDF (185 KB)
    Freely Available from IEEE
  • Intrusion detection: current capabilities and future directions

    Publication Year: 2002, Page(s):365 - 367
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (286 KB)

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Wireless security: vulnerabilities and countermeasures

    Publication Year: 2002, Page(s): 91
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (266 KB)

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A model for attribute-based user-role assignment

    Publication Year: 2002, Page(s):353 - 362
    Cited by:  Papers (41)  |  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (441 KB) | HTML iconHTML

    The role-based access control (RBAC) model is traditionally used to manually assign users to appropriate roles, based on a specific enterprise policy, thereby authorizing them to use the roles' permissions. In environments where the service-providing enterprise has a huge customer base this task becomes formidable. An appealing solution is to automatically assign users to roles. The central contri... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security of Internet location management

    Publication Year: 2002, Page(s):78 - 87
    Cited by:  Papers (10)  |  Patents (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (321 KB) | HTML iconHTML

    In the Mobile IPv6 protocol, the mobile node sends binding updates to its correspondents to inform them about its current location. It is well-known that the origin of this location information must be authenticated. This paper discusses several threats created by location management that go beyond unauthentic location data. In particular, the attacker can redirect data to bomb third parties and i... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • GOSSIB vs. IP traceback rumors

    Publication Year: 2002, Page(s):5 - 13
    Cited by:  Papers (17)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (452 KB) | HTML iconHTML

    To identify sources of distributed denial-of-service attacks, path traceback mechanisms have been proposed. Traceback mechanisms relying on probabilistic packet marking (PPM) have received most attention, as they are easy to implement and deploy incrementally. We introduce a new concept, namely Groups Of Strongly SImilar Birthdays (GOSSIB), that can be used by to obtain effects similar to a succes... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Access control for Active Spaces

    Publication Year: 2002, Page(s):343 - 352
    Cited by:  Papers (34)  |  Patents (19)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (414 KB) | HTML iconHTML

    Active Spaces are physical spaces augmented with heterogeneous computing and communication devices along with supporting software infrastructure. This integration facilitates collaboration between users, and promotes greater levels of interaction between users and devices. An Active Space can be configured for different types of applications at different times. We present an access control system ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Beyond the perimeter: the need for early detection of denial of service attacks

    Publication Year: 2002, Page(s):413 - 422
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (300 KB) | HTML iconHTML

    The threat to organisations from network attacks is very real. Current countermeasures to denial of service (DoS) attacks rely on the perimeter model of network security. However, as the case study and analysis in this paper make apparent, the perimeter model, which relies on firewalls and intrusion detection systems, is unable to provide an effective defence against DoS attacks. Therefore, there ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Enforcing resource bound safety for mobile SNMP agents

    Publication Year: 2002, Page(s):69 - 77
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (326 KB) | HTML iconHTML

    The integration of mobile agents with SNMP creates significant advantages for the management of complex networks. Nevertheless, the security concerns of mobile agent technology limit its acceptance in practice. A key issue is to safeguard resource usage abuse by malicious or buggy mobile agents on the hosting system. This paper describes how the TINMAN architecture, a framework and a suite of tool... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Enterprise engineering and security

    Publication Year: 2002, Page(s):293 - 294
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (225 KB)

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Advanced features for enterprise-wide role-based access control

    Publication Year: 2002, Page(s):333 - 342
    Cited by:  Papers (17)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (419 KB) | HTML iconHTML

    The administration of users and access rights in large enterprises is a complex and challenging task. Roles are a powerful concept for simplifying access control, but their implementation is normally restricted to single systems and applications. In this article we define enterprise roles capable of spanning all IT systems in an organisation. We show how the enterprise role-based access control (E... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A security architecture for object-based distributed systems

    Publication Year: 2002, Page(s):161 - 171
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (335 KB) | HTML iconHTML

    Large-scale distributed systems present numerous security problems not present in local systems. We present a general security architecture for a large-scale object-based distributed system. Its main features include ways for servers to authenticate clients, clients to authenticate servers, new secure servers to be instantiated without manual intervention, and ways to restrict which client can per... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Malicious code detection for open firmware

    Publication Year: 2002, Page(s):403 - 412
    Cited by:  Papers (5)  |  Patents (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (305 KB) | HTML iconHTML

    Malicious boot firmware is a largely unrecognized but significant security risk to our global information infrastructure. Since boot firmware executes before the operating system is loaded, it can easily circumvent any operating system-based security mechanism. Boot firmware programs are typically written by third-party device manufacturers and may come from various suppliers of unknown origin. We... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Throttling viruses: restricting propagation to defeat malicious mobile code

    Publication Year: 2002, Page(s):61 - 68
    Cited by:  Papers (91)  |  Patents (25)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (300 KB) | HTML iconHTML

    Modern computer viruses spread incredibly quickly, far faster than human-mediated responses. This greatly increases the damage that they cause. This paper presents an approach to restricting this high speed propagation automatically. The approach is based on the observation that during virus propagation, an infected machine will connect to as many different machines as fast as possible. An uninfec... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Voice over IPsec: analysis and solutions

    Publication Year: 2002, Page(s):261 - 270
    Cited by:  Papers (30)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (807 KB) | HTML iconHTML

    In this paper we present the results of the experimental analysis of the transmission of voice over secure communication links implementing IPsec. Critical parameters characterizing the real-time transmission of voice over an IPsec-ured Internet connection, as well as techniques that could be adopted to overcome some of the limitations of VoIPsec (Voice over IPsec), are presented Our results show ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Representing TCP/IP connectivity for topological analysis of network security

    Publication Year: 2002, Page(s):25 - 31
    Cited by:  Papers (29)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (2338 KB) | HTML iconHTML

    The individual vulnerabilities of hosts on a network can be combined by an attacker to gain access that would not be possible if the hosts were not interconnected. Currently available tools report vulnerabilities in isolation and in the context of individual hosts in a network. Topological vulnerability analysis (TVA) extends this by searching for sequences of interdependent vulnerabilities, distr... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Evaluating the impact of automated intrusion response mechanisms

    Publication Year: 2002, Page(s):301 - 310
    Cited by:  Papers (43)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (322 KB) | HTML iconHTML

    Intrusion detection systems (IDSs) have reached a high level of sophistication and are able to detect intrusions with a variety of methods. Unfortunately, system administrators neither can keep up with the pace that an IDS is delivering alerts, nor can they react upon these within adequate time limits. Automatic response systems have to take over that task. In case of an identified intrusion, thes... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Gender-preferential text mining of e-mail discourse

    Publication Year: 2002, Page(s):282 - 289
    Cited by:  Papers (21)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (295 KB) | HTML iconHTML

    This paper describes an investigation of authorship gender attribution mining from e-mail text documents. We used an extended set of predominantly topic content-free e-mail document features such as style markers, structural characteristics and gender-preferential language features together with a support vector machine learning algorithm. Experiments using a corpus of e-mail documents generated b... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Detecting and defending against Web-server fingerprinting

    Publication Year: 2002, Page(s):321 - 330
    Cited by:  Papers (6)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (298 KB) | HTML iconHTML

    Cyber attacks continue to increase in sophistication. Advanced attackers often gather information about a target system before launching a precise attack to exploit a discovered vulnerability. This paper discusses techniques for remote identification of web servers and suggests possible defenses to the probing activity. General concepts of finger-printing and their application to the identificatio... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Controlled physical random functions

    Publication Year: 2002, Page(s):149 - 160
    Cited by:  Papers (116)  |  Patents (71)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (338 KB) | HTML iconHTML

    A physical random function (PUF) is a random function that can only be evaluated with the help of a complex physical system. We introduce controlled physical random functions (CPUFs) which are PUFs that can only be accessed via an algorithm that is physically bound to the PUF in an inseparable way. CPUFs can be used to establish a shared secret between a physical device and a remote user. We prese... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security architecture of the Austrian citizen card concept

    Publication Year: 2002, Page(s):391 - 400
    Cited by:  Papers (31)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (321 KB) | HTML iconHTML

    When admitting electronic media as a means for citizens to approach public authorities (e-government), security is an indispensable precondition for concerns of legal certainty and for achieving acceptance by the citizens. While the security-enabling technologies such as smartcards, digital signatures, and PKI are mature, questions of scalability, technology-neutrality, and forward-compatibility a... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Thirty years later: lessons from the Multics security evaluation

    Publication Year: 2002, Page(s):119 - 126
    Cited by:  Papers (22)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (284 KB) | HTML iconHTML

    Almost thirty years ago a vulnerability assessment of Multics identified significant vulnerabilities, despite the fact that Multics was more secure than other contemporary (and current) computer systems. Considerably more important than any of the individual design and implementation flaws was the demonstration of subversion of the protection mechanism using malicious software (e.g., trap doors an... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Protecting data from malicious software

    Publication Year: 2002, Page(s):199 - 208
    Cited by:  Papers (6)  |  Patents (109)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (330 KB) | HTML iconHTML

    Corruption or disclosure of sensitive user documents can be among the most lasting and costly effects of malicious software attacks. Many malicious programs specifically target files that are likely to contain important user data. Researchers have approached this problem by developing techniques for restricting access to resources on an application-by-application basis. These so-called "sandbox en... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Protecting Web usage of credit cards using One-Time Pad cookie encryption

    Publication Year: 2002, Page(s):51 - 58
    Cited by:  Papers (2)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (246 KB) | HTML iconHTML

    The blooming e-commerce is demanding better methods to protect online users' privacy, especially the credit card information that is widely used in online shopping. Holding all these data in a central database of the Web sites would attract hackers' attacks, impose unnecessary liability on the merchant Web sites, and raise the customers' privacy concerns. We introduce and discuss in detail the sec... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.