By Topic

Proceedings of 9th Annual Computer Security Applications Conference

6-10 Dec. 1993

Filter Results

Displaying Results 1 - 25 of 29
  • Proceedings of 9th Annual Computer Security Applications Conference

    Publication Year: 1993
    Request permission for commercial reuse | PDF file iconPDF (26 KB)
    Freely Available from IEEE
  • Modeling constructs for describing a complex system-of-systems

    Publication Year: 1993, Page(s):140 - 148
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (728 KB)

    To gather and organize the information needed to perform a risk analysis of a complex system-of-systems, a risk analyst needs a well-defined set of modeling constructs. This paper describes the system/network modeling constructs being incorporated into Version 2.0 of the ANSSR (Analysis of Networked Systems Security Risks) prototype. These allow an analyst to describe a complex system-of-systems a... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On the shortest path to network security

    Publication Year: 1993, Page(s):149 - 158
    Cited by:  Papers (1)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (924 KB)

    The resource constrained shortest path model is a general framework for evaluating and understanding the security of computer networks. This paper derives the model from established computer security and risk analysis principles to provide an informal proof that a network security model based on the resource constrained shortest path is “correct”. Thus the resource constrained shortest... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • COMPUSEC, a personal view

    Publication Year: 1993, Page(s):X - XVIII
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (824 KB)

    This paper expresses a personal view of the state of computer security technology and its practice based on 20 years of experience. The paper contains a discussion of some of the events and concepts that have influenced the technology, a discussion of how computer system architectures have changed, creating gaps in our knowledge about how to design and certify multilevel secure computer systems, a... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Database design and MLS DBMSs: an unhappy alliance?

    Publication Year: 1993, Page(s):232 - 243
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (808 KB)

    Although much work has been performed in the areas of database design and MLS DBMSs, little has been done to marry the two areas together. It is shown that the implementation of a secure database design is not a trivial matter. Two MLS DBMSs, SWORD and SeaView, are used to demonstrate the problems of implementing simple secure application requirements View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A rigorous approach to determining objects

    Publication Year: 1993, Page(s):159 - 168
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (788 KB)

    This paper describes RODA-the Rigorous Object Determination Approach. RODA is a way of determining the objects that require protection in a trusted system in a consistent fashion, as opposed to the current ad-hoc methods. It is applicable to all trusted systems, but is most useful in low to medium assurance systems. It begins by examining accessibility through the TCB interface and developing a li... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Integration of security services into the NORAD/USSPACECOM technical infrastructure: a case study

    Publication Year: 1993, Page(s):2 - 10
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (604 KB)

    There is a growing trend to describe information system architectures in terms of reference models. This paper is a case study of how security services and mechanisms were integrated into one specific reference model, the NORAD/USSPACECOM Technical Infrastructure (N/U TI). The identification of security services and their placement in the N/U TI was motivated by a preliminary set of N/U security p... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The deductive filter approach to MLS database prototyping

    Publication Year: 1993, Page(s):244 - 253
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (756 KB)

    This paper proposes building a prototyping environment as part of the standard design process of multilevel secure database applications. For this paper we see the following contributions: First, based on a careful study of multilevel security requirements we developed a security constraints language (SCL) for specifying application dependent database security semantics. Second, we implemented SCL... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The rationale behind the Canadian criteria

    Publication Year: 1993, Page(s):170 - 179
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (768 KB)

    Version 3.0 of the CTCPEC was released in May of 1993. It represents the culmination of a five year effort to create the definitive information technology security criteria. This paper presents the rationale behind the CTCPEC: the why's and what-for's that are usually asked of the original team, but that are seldom written down, let alone in a single paper View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A methodology for the use of single level RDBMS software in a multi-level secured system

    Publication Year: 1993, Page(s):11 - 20
    Cited by:  Papers (1)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (872 KB)

    Considers the problem of implementing multilevel security on a compartmented mode workstation using single level relational database management software. A discussion of a large, military information management system is presented in terms of its architecture and security requirements. Trusted managers of the object abstractions used in the solution are explained, as well as the programming concer... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • User interface for a high assurance, windowing system

    Publication Year: 1993, Page(s):256 - 264
    Cited by:  Papers (2)  |  Patents (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (672 KB)

    High assurance graphical user interfaces must walk a fine line between providing user-friendly features and providing so much functionality that the trusted portion of the user interface can no longer be considered “minimal”. This paper describes the user interface provided by TRW's Trusted X prototype and some of the tradeoffs made in its construction View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Real-time trust with `System Build': lessons learned

    Publication Year: 1993, Page(s):130 - 136
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (568 KB)

    This paper describes our experiences in designing an embedded avionics system which must satisfy both real-time processing and security requirements. Our approach centers around the use of a trusted `System Build' concept (T. Vickers Benzel et al., 1990). When the concept was first developed, the full extent to which it would drive the design of an embedded operating system was not fully appreciat... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Applying noninterference to composition of systems: a more practical approach

    Publication Year: 1993, Page(s):210 - 220
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (908 KB)

    As we know, current hookup or composable properties may impose over-strong security requirements on component systems. To overcome this problem, connectivities of the components have to be considered in order to appropriately handle their composition. Based on such a consideration, in this paper we adopt the concept of rely- and guarantee-conditions to present a composable property of noninterfere... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Transmission schedules to prevent traffic analysis

    Publication Year: 1993, Page(s):108 - 115
    Cited by:  Papers (8)  |  Patents (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (652 KB)

    We propose scheduling strategies to determine transmission schedules that prevent traffic analysis and the creation of covert channels due to temporal variation in the transmission of packets. In addition to requiring the traffic matrix be neutral we require the transmission schedule be temporally neutral to eliminate that potential coved channel. The static scheduling policy generates temporally ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Expressive power of the single-object typed access matrix model

    Publication Year: 1993, Page(s):184 - 194
    Cited by:  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (676 KB)

    The single-object typed access matrix (SOTAM) model was recently introduced in the literature by Sandhu and Suri (1992). It is a special case of Sandhu's typed access matrix (TAM) model (1992). In SOTAM individual commands are restricted to modifying exactly one column of the access matrix (whereas individual TAM commands in general can modify multiple columns). Sandhu and Suri have outlined a sim... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Migrating a commercial-off-the-shelf application to a multilevel secure environment

    Publication Year: 1993, Page(s):21 - 28
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (744 KB)

    As the number of vendors offering multilevel secure (MLS) operating systems has grown, there have been a corresponding increase in the number of commercial-off-the-shelf (COTS) applications that are designed to incorporate MLS, particularly database management systems (DBMS). However, most existing DBMS applications were designed for non-MLS environments. End users have been reluctant to move to M... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • C2 auditing in the X Display Manager

    Publication Year: 1993, Page(s):265 - 271
    Cited by:  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (332 KB)

    This paper describes the implementation of C2 auditing in the MIT X Consortium X Display Manager (XDM) on a Sun Workstation. This custom implementation of XDM audits user logins, attempted logins and logouts by creating a C2 audit trail in the workstation's audit file. Additionally, when a user has exceeded a specified number of failed login attempts, the user's account and/or workstation may be d... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Specification issues of secure systems

    Publication Year: 1993, Page(s):36 - 45
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (752 KB)

    This paper discusses the development of an accredited multilevel secure (MLS) system. The author reviews the methods and some problems in producing the Descriptive Top Level Specification (DTLS) and the attendant correspondences to the Formal Security Policy Model. Some of the problems encountered stem from the selection of a traditional but insufficient policy model. This paper identifies specifi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A second look at the SDNS key management protocol

    Publication Year: 1993, Page(s):74 - 81
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (468 KB)

    The Secure Data Network System (SDNS) program has developed a security architecture based on the International Standardization Organization (ISO) Reference Model for Open Systems Interconnection (OSI). The SDNS standards include a key management protocol (KMP) designed to provide key material to lower layer security protocols. Unfortunately, although the specification has been publicly available f... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Improved password mechanisms through expert system technology

    Publication Year: 1993, Page(s):272 - 280
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (684 KB)

    The successful verification of a user or entity wishing to use a computer based information system, lies at the core of the security of these systems. Although a vast number of different verification techniques have been proposed, password based methods remain the predominant method of choice. For this reason, if is essential that these methods be as effective as possible. The extensive ongoing re... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • MultiView model for object-oriented database

    Publication Year: 1993, Page(s):222 - 231
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (844 KB)

    Up till now, a few secure models of object oriented databases have been proposed. Most of them support multilevel entities and more or less cover stories. In this paper, we undertake a more natural approach to model object oriented databases supporting multilevel entities which cope with the shortcomings of the previous models, viz the need of trusted mechanisms, the management of polyinstantiated... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Effects of multilevel security on real-time applications

    Publication Year: 1993, Page(s):120 - 129
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (784 KB)

    This paper presents a brief overview of a notional airborne application scenario that requires both multilevel security and real-time processing. It was used to guide decisions related to formation of the security policy interpretation, the operating system interface, and the system services design for a multilevel secure real-time distributed operating system (MLS RT DOS) called Secure Alpha. We ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Representation of mental health application access policy in a monotonic model

    Publication Year: 1993, Page(s):195 - 209
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (712 KB)

    The access policy to patients' records in a mental health hospital has only a verbal specification, and many formal systems fail to represent all the aspects of this problem. This paper uses an extension of SPM, which can represent revocation and conditional tickets, to model part of this access policy. Even with our extension, SPM still remains a monotonic model, where rights can be removed only ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Heterogeneous workstation to STU-III prototype

    Publication Year: 1993, Page(s):100 - 107
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (556 KB)

    Secure communications between heterogeneous workstations via the public telephone utility is necessary in the Department of Defense (DOD) and in the civil agency environments. A prototype was developed using two heterogeneous workstations attached to Secure Telephone Unit-IIIs (STU-IIIs). Custom software was developed to provide an interface between the trusted operating system and the STU-III. Th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Operational requirements for multilevel security

    Publication Year: 1993, Page(s):30 - 35
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (452 KB)

    Multilevel security (MLS) technology offers capabilities to increase the effectiveness, efficiency, and security of operations that rely on information systems. The US unified and specified combatant commands have been surveyed to identify their operational requirements for MLS and near-term solutions to satisfy the common and most pervasive requirements. This paper summarizes the results of those... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.