By Topic

Research in Security and Privacy, 1994. Proceedings., 1994 IEEE Computer Society Symposium on

Date 16-18 May 1994

Filter Results

Displaying Results 1 - 20 of 20
  • Prudent engineering practice for cryptographic protocols

    Page(s): 122 - 136
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1210 KB)  

    We present principles for the design of cryptographic protocols. The principles are neither necessary nor sufficient for correctness. They are however helpful, in that adherence to them would have avoided a considerable number of published errors. Our principles are informal guidelines. They complement formal methods, but do not assume them. In order to demonstrate the actual applicability of these guidelines, we discuss some instructive examples from the literature. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy

    Save to Project icon | Request Permissions | PDF file iconPDF (85 KB)  
    Freely Available from IEEE
  • Collecting garbage in multilevel secure object stores

    Page(s): 106 - 120
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (952 KB)  

    This paper addresses the problem of garbage collection in persistent object stores that are multilevel. The proposed approach is able to preserve referential integrity, while ensuring that security is not violated. we first discuss some general principles that should underlie any approach to garbage collection in secure environments. Then, we present a secure garbage collection algorithm, based on the copying approach View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Elimination of inference channels by optimal upgrading

    Page(s): 168 - 174
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (512 KB)  

    An inference channel exists if it is possible for a low-clearance user to infer high-classification data from low-classification data. Inference channels can be blocked by upgrading the security classification of some of the low-level data. The task of eliminating inference channels is formulated for solution by the Davis-Putnam theorem-proving procedure. The procedure is augmented to search for solutions with minimum total upgrade cost View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On unifying some cryptographic protocol logics

    Page(s): 14 - 28
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1256 KB)  

    We present a logic for analyzing cryptographic protocols. This logic encompasses a unification of four of its predecessors in the BAN family of logics, namely those given by Li Gong et al. (1990); M. Abadi, M. Tuttle (1991); P.C. van Oorschot (1993); and BAN itself (M. Burrows et al., 1989). We also present a model-theoretic semantics with respect to which the logic is sound. The logic presented captures all of the desirable features of its predecessors and more; nonetheless, it accomplishes this with no more axioms or rules than the simplest of its predecessors View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Eliminating formal flows in automated information flow analysis

    Page(s): 30 - 38
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (668 KB)  

    Automated flow tools for formal specification languages have the potential to increase assurance and productivity of covert channel analysts by automating much of the work, but they are not reaching that potential now. Perhaps the most serious flaw in existing flow tools is that they typically report large numbers of so-called formal flows. The paper examines the causes of formal flows and describes a technique for eliminating many of them. The result is more practical automated flow analysis. The paper describes an extension for eliminating the formal flows identified by T. Fine (1992), as the major flaw in the ft-policy, and a technique for implementing the extended ft-policy in flow tools. The technique uses a construct called an opaque definition, which is essentially a hint from the specification writer to the flow tool, suggesting semantic information that might be useful in the flow analysis View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A model for secure protocols and their compositions

    Page(s): 2 - 13
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (928 KB)  

    We give a formal model of protocol security. The model allows us to reason about the security of protocol, and considers issues of beliefs of agents, time, and secrecy. We prove a composition theorem which allows us to state sufficient conditions on two secure protocols A and B such that they may be combined to form a new secure protocol C. Moreover, we give counter-examples to show that when the conditions are not met, the protocol C may not be secure View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Ensuring data security in interrelated tabular data

    Page(s): 96 - 105
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (532 KB)  

    Several service agencies including government organizations are engaged in publishing tabular economic data. On the one hand, it is desirable to publish as much data as possible, for use by the public. On the other hand, it is necessary to ensure that confidential data is not divulged. Cell suppression is a popular method that is used for this purpose. Earlier research has focused on cell suppression at the level of individual tables. We present a method that considers interrelationships between tables while attempting to ensure data confidentiality. The method is general enough to be applied to tables with different geometrical structures, and accommodates different cell suppression procedures at the table level View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A low cost, high speed encryption system and method

    Page(s): 147 - 154
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (724 KB)  

    Multiple independent binary bit streams per clock cycle are produced from a single underlying shift register based keystream generator with multiple combining circuits. Logic designs are derived from de Bruijn functions. Multiplicity of keystream facilitates using just a single cryptographic device to support high speed, large quantity data transfers over networks. Low cost implementations are also possible since the underlying algorithm operates at some fraction of the network data rate. Empirical tests indicate the keystream satisfies many statistical randomness metrics View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Simple timing channels

    Page(s): 56 - 64
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (636 KB)  

    We discuss the different ways of defining channel capacity for certain types of illicit communication channels. We also correct some errors from the literature, offer new proofs of some historical results, and give bounds for channel capacity. Special function techniques are employed to express the results in closed form. We are interested in a specific type of covert channel, a timing channel. A timing channel exists if it is possible for High to interfere with the system response time to an input by Low. Therefore, a timing channel is a communication channel where the output alphabet is constructed from different time values. However, the thrust of the paper is the analysis of timing channels that are discrete, memoryless, and noiseless. We call such a timing channel a simple timing channel (STC) View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Asynchronous composition and required security conditions

    Page(s): 68 - 78
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (800 KB)  

    We propose a general model of representation of systems which takes into account asynchronous systems. We show that, as non deducibility on strategies, the causality property is also a hook-up property and we generalize this result to the case of asynchronous machines. The two basic operations we use to represent hook-up-direct product and feedback-are generalizations of the classic operations already defined in case of synchronous systems. Our direct product operation allows us to combine two systems having different clocks and our feedback operation can be used to analyze the security of systems where inputs might be blocked View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Mode security: an infrastructure for covert channel suppression

    Page(s): 39 - 55
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1104 KB)  

    The paper discusses a theory of covert channels called mode security. The general idea is to organize the state transitions of a multilevel state machine into distinct sets called modes. Roughly speaking, each machine mode is totally secure when considered in isolation of all other modes. Covert channels can therefore only occur when the machine executes a mode change decision; thus the name, mode security. The claim that all covert channels in a mode secure system are connected with mode change decisions can be satisfied by a generalization of the Turing test model of non-information flow View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Generating formal cryptographic protocol specifications

    Page(s): 137 - 146
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (756 KB)  

    This paper describes a tool which translates a cryptographic protocol specified in the semi-formal standard notation i. A→B:M into the formal language CKT5. We examine the standard notation syntax, and describe how it is exploited by the tool to infer protocol conditions which must hold for every principal, thereby obtaining a complete, formal specification of the protocol. The translation criteria described herein are applicable to other target languages than CKT5 View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The complexity and composability of secure interoperation

    Page(s): 190 - 200
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (788 KB)  

    Advances in distributed systems and networking technology have made interoperation not only feasible but also increasingly popular. The authors define the interoperation of secure systems and its security, and prove complexity and composability results on obtaining optimal and secure interoperation. Most problems are NP-complete even for systems with very simple access control structures. Nevertheless, composability reduces complexity in that secure global interoperation can be obtained incrementally by composing secure local interoperation. The authors illustrate, through an application, how these theoretical results can help system designers in practice View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Inference channel-free integrity constraints in multilevel relational databases

    Page(s): 158 - 167
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (692 KB)  

    A multilevel relational database with tuple-level labeling is a relational database together with a mapping, which associates a set of levels in a security lattice with every tuple in every relation in the database. Integrity constraints represent the invariant properties of data in a multilevel relational database. We study the relationship between integrity and secrecy, and show that they are not necessarily in fundamental conflict. We identify common classes of constraints whose enforcement is free of both static and dynamic inference channels. We also extend the integrity checking mechanism by proper update semantics to remove dynamic inference channels in the enforcement of more general classes of constraints View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A general theory of composition for trace sets closed under selective interleaving functions

    Page(s): 79 - 93
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1296 KB)  

    This paper presents a general theory of system composition for “possibilistic” security properties. We see that these properties fall outside of the Alpern-Schneider safety/liveness domain and hence, are not subject to the Abadi-Lamport composition principle. We then introduce a set of trace constructors called selective interleaving functions and show that possibilistic security properties are closure properties with respect to different classes of selective interleaving functions. This provides a uniform framework for analyzing these properties and allows us to construct a partial ordering for them. We present a number of composition constructs, show the extent to which each preserves closure with respect to different classes of selective interleaving functions, and show that they are sufficient for forming the general hook-up construction. We see that although closure under a class of selective interleaving functions is generally preserved by product and cascading, it is not generally preserved by feedback, internal system, composition constructs, or refinement. We examine the reason for this View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A secure group membership protocol

    Page(s): 176 - 189
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1036 KB)  

    A group membership protocol enables processes in a distributed system to agree on a group of processes that are currently operational. Membership protocol are a core component of many distributed systems and have proved to be fundamental for maintaining availability and consistency in distributed applications. We present a membership protocol for asynchronous distributed systems that tolerates the malicious corruption of group members. Our protocol ensures that correct members control and consistently observe changes to the group membership, provided that in each instance of the group membership, fewer than one-third of the members are corrupted or fail benignly. The protocol has many potential applications in secure systems and, in particular, is a central component of a toolkit for constructing high-integrity distributed services that we are presently implementing View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Extending the schematic protection model. I. Conditional tickets and authentication

    Page(s): 213 - 229
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (648 KB)  

    The Schematic Protection Model, SPM, allows us to specify the protection structure of a system and gives an algorithm to reason about the transmission of privileges in the system. This paper extends the SPM model to include for conditional tickets and to provide authentication. We also extend the decision algorithm of the safety problem to take into account these modifications View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Self-nonself discrimination in a computer

    Page(s): 202 - 212
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (768 KB)  

    The problem of protecting computer systems can be viewed generally as the problem of learning to distinguish self from other. The authors describe a method for change detection which is based on the generation of T cells in the immune system. Mathematical analysis reveals computational costs of the system, and preliminary experiments illustrate how the method might be applied to the problem of computer viruses View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On the minimality of testing for rights in transformation models

    Page(s): 230 - 241
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (896 KB)  

    Defines and analyzes a family of access control models, called transformation models, which are based on the concept of transformation of rights. In these models, propagation of access rights is authorized entirely by existing rights for the object in question. Transformation models are useful for expressing various kinds of consistency, confidentiality, and integrity controls. These models also generalize the monotonic transform model of Sandhu, and its non-monotonic extension (NMT) by Sandhu and Suri. The authors argue that NMT is inadequate for expressing the document release example discussed by Sandhu and Suri, because it can test only one access matrix cell in its state changing commands. They then analyze the relative expressive power of testing two access matrix cells in state changing commands versus testing more than two. The conclusion is that it suffices to allow testing for two cells View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.