By Topic

Proceedings. 1989 IEEE Symposium on Security and Privacy

1-3 May 1989

Filter Results

Displaying Results 1 - 25 of 34
  • Proceedings 1989 IEEE Symposium on Security and Privacy (Cat. No.89CH2703-7)

    Publication Year: 1989
    Request permission for commercial reuse | PDF file iconPDF (54 KB)
    Freely Available from IEEE
  • Authenticated group key distribution scheme for a large distributed network

    Publication Year: 1989, Page(s):300 - 309
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (608 KB)

    The authors propose a decentralized key distribution scheme. In this scheme, there are as many local key centers as needed and each user needs to select a key center at which to register when first joining the network. The most significant feature of the method is that each center needs only a single secret key. All personal keys that it needs for delivering encrypted keys to groups of users can b... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Statistical models of trust: TCBs vs. people

    Publication Year: 1989, Page(s):10 - 19
    Cited by:  Papers (3)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (780 KB)

    The processes of granting security clearances to people and accrediting trusted computer systems are compared, both informally and using preliminary mathematical models of risk probabilities. The risk models support the validity of two hypotheses that were previously merely conjectures: (1) in determining an acceptable accreditation range for a computer one need only consider the highest classific... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Layering central authentication on existing distributed system terminal services

    Publication Year: 1989, Page(s):290 - 299
    Cited by:  Papers (1)  |  Patents (10)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (896 KB)

    An approach to the secure logon problem in distributed systems managed by a single authority is considered in which central authentication is layered onto existing terminal services. This approach suggests itself when a large installed base of computer systems that do not support central authentication already exists. Work to assess the feasibility of this approach was carried out. The results dem... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The hierarchical model of distributed system security

    Publication Year: 1989, Page(s):194 - 203
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (672 KB)

    A description is given of the hierarchical model (HM), an access matrix-based model used to define nondisclosure in distributed multilevel secure applications such as secure file systems, secure switches, and secure upgrade downgrade facilities. The HM explicitly encodes access rights, synchronization primitives, and indirection in its state matrix. Serializability of concurrent commands is formal... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Formal model of a trusted file server

    Publication Year: 1989, Page(s):157 - 166
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (712 KB)

    The authors present a formal, mathematical model for a trusted file server (TFS) for a multilevel secure distributed computer system. The goal is to produce formal verification from the top-level specification down through code for the entire system of which a TFS is one component. By viewing the TFS as a black box, it is possible to specify its security as a relation that must hold invariantly be... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A proposal for a verification-based virus filter

    Publication Year: 1989, Page(s):319 - 324
    Cited by:  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (536 KB)

    An approach for filtering out programs that make unauthorized modifications is outlined. The approach is based on formal specification and verification techniques, is fail-safe, and does not require any special architectural support View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A `new' security policy model

    Publication Year: 1989, Page(s):215 - 228
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1000 KB)

    A model of security is presented which integrates notions of confidentiality and integrity. This model has been developed to fulfil the needs of the RSRE SMITE project because existing modeling approaches proved to be inadequate. The authors introduce the model and subsequently compare and contrast it with existing approaches. Both an inductive confidentiality property and a noninductive integrity... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On the derivation of secure components

    Publication Year: 1989, Page(s):242 - 247
    Cited by:  Papers (20)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (392 KB)

    The author discusses the problems in deriving a system from its specification when that specification includes simple trace-based information-flow security properties as well as safety properties. He presents two fundamental theorems of information-flow security which describe the inherent difficulties of deriving secure implementations and considers the implications of these results. It is conclu... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Network security: the parts of the sum

    Publication Year: 1989, Page(s):2 - 9
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (536 KB)

    Attention is given to the three basic elements of network security, i.e. encryption, network protocols, and trusted computer system protocols. It is noted that each of these measures is needed to achieve overall network security and yet frequently the advocates of individual measures ignore the others for a variety of technical and/or doctrinal reasons. The author attempts to convey the importance... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Transformation of access rights

    Publication Year: 1989, Page(s):259 - 268
    Cited by:  Papers (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (764 KB)

    The author introduces the concept of transformation of access rights to unify a variety of access-control mechanisms. These mechanisms have mostly been proposed independently of each other to deal with various integrity issues. Their common foundation is abstracted in a model called transform. The formalization makes it possible to investigate the minimal features required to support transform. Th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Detection of anomalous computer session activity

    Publication Year: 1989, Page(s):280 - 289
    Cited by:  Papers (40)  |  Patents (43)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (720 KB)

    The authors discusses Wisdom and Sense (W&S), a computer security anomaly detection system. W&S is statistically based. It automatically generates rules from historical data and, in terms of those rules, identifies computer transactions that are at variance with historically established usage patterns. Issues addressed include how W&S generates rules from a necessarily small sample of ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security issues in policy routing

    Publication Year: 1989, Page(s):183 - 193
    Cited by:  Papers (2)  |  Patents (10)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (780 KB)

    Most routing protocols, including proposed policy routing protocols, focus on environments where detection of an attack after it has taken place is sufficient. The authors explore the design of policy routing mechanisms for sensitive environments where more aggressive preventative measures are mandated. In particular, they detail the design of four secure protocol versions that prevent abuse by cr... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A software engineering approach to designing trustworthy software

    Publication Year: 1989, Page(s):148 - 156
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (756 KB)

    Some specific formal techniques that have proven useful in the SMMS design are examined. Attention is given to a simplified example derived from experience with the actual design. The formal techniques examined incorporate the use of a formal security model, formal specifications of module interfaces, and proofs of correspondence between the two. The use of a proof-driven design approach ensured t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A security policy for an A1 DBMS (a trusted subject)

    Publication Year: 1989, Page(s):116 - 125
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (688 KB)

    A security policy for a multilevel secure relational database management system (DBMS) is stated. The DBMS is implemented as a trusted subject that can be hosted on any of a variety of secure operating systems. Accordingly, the policy is stated in two parts: (1) a generic policy for the operating-system TCB (trusted computing base) layer that states requirements that any operating system must meet... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The incorporation of multi-level IPC into Unix

    Publication Year: 1989, Page(s):94 - 99
    Cited by:  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (428 KB)

    The author discusses the design, interface, and implementation issues that need to be addressed for Unix to support multilevel synchronized file access, pipes (FIFOs), messages, and semaphores. It is shown that, by changing some of Unix's underlying mechanisms and by making additions to system calls and the run-time library, it is possible architecturally to support more flexible sharing and commu... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Defending systems against viruses through cryptographic authentication

    Publication Year: 1989, Page(s):312 - 318
    Cited by:  Papers (6)  |  Patents (163)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (448 KB)

    The author describes the use of cryptographic authentication for controlling computer viruses. The objective is to protect against viruses infecting software distributions, updates, and programs stored or executed on a system. The authentication determines the source and integrity of an executable, relying on the source to produce virus-free software. The scheme relies on a trusted (and verifiable... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Symbol security condition considered harmful

    Publication Year: 1989, Page(s):20 - 46
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (2328 KB)

    The author identifies. interprets, and examines the requirements in the Department of Defense trusted computer system evaluation criteria (TCSEC) for the application of formal methods to the system design. The requirements are placed in their historical context to trace their origin. The TCSEC is found to have eliminated some widely-accepted, and critical, security assurance and analysis processes... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Chinese Wall security policy

    Publication Year: 1989, Page(s):206 - 214
    Cited by:  Papers (193)  |  Patents (14)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (568 KB)

    The authors explore a commercial security policy (the Chinese Wall) which represents the behavior required of those persons who perform corporate analysis for financial institutions. It can be distinguished from Bell-LaPadula-like policies by the way that a user's permitted accesses are constrained by the history of his previous accesses. It is shown that the formal representation of the policy co... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • LOCK trek: navigating uncharted space

    Publication Year: 1989, Page(s):167 - 175
    Cited by:  Papers (14)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (636 KB)

    The design principles of the logical coprocessing kernel (LOCK) project are considered. LOCK is an advanced development of hardware-based computer security and cryptographic service modules. Much of the design and some of the implementation specifications are complete. The formal top level specification (FTLS) also is complete and the advanced noninterference proofs are beginning. This hardware-ba... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • With microscope and tweezers: an analysis of the Internet virus of November 1988

    Publication Year: 1989, Page(s):326 - 343
    Cited by:  Papers (30)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1260 KB)

    In early November 1988 the Internet, a collection of networks consisting of 60,000 host computers implementing the TCP/IP protocol suite, was attacked by a virus, a program which broke into computers on the network and which spread from one machine to another. The authors present a detailed analysis of the virus program. The describe the lessons that this incident has taught the Internet community... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A framework for expressing models of security policy

    Publication Year: 1989, Page(s):229 - 239
    Cited by:  Papers (7)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (908 KB)

    The authors first describe some issues that arise from the interplay between the security requirements for an integrated project support environment (IPSE) for the development of a trusted system, and the security requirements of the trusted system itself. All of these issues derive from security policy and the modeling of security policy. A framework is then presented which allows security polici... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A model for secure information flow

    Publication Year: 1989, Page(s):248 - 258
    Cited by:  Papers (10)  |  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (600 KB)

    A model that characterizes systems that restrict information flow is proposed. The model, called the confinement model, provides greater flexibility in the binding of entities to their security classes than the current static case. A consequence of the nature of security class binding in the confinement model is its ability to enforce nontransitive information-flow policies. A framework of informa... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A model for specifying multi-granularity integrity policies

    Publication Year: 1989, Page(s):269 - 277
    Cited by:  Papers (6)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (760 KB)

    Systems which provide integrity controls are presented in terms of a request-response paradigm. This paradigm involves modeling the manner in which valid requests are made, a system's method of deciding whether or not to service a request, and the manner in which a system state are performed only in authorized ways. A novel feature of the model is that integrity policies, which are restrictions on... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On the cell suppression by merging technique in the lattice model of summary tables

    Publication Year: 1989, Page(s):126 - 135
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (452 KB)

    The authors investigate the suitability of the cell suppression by merging (CSM) technique as an SDB (statistical database) protection mechanism, and give various heuristic algorithms for the minimum information loss. They first revise the definition for the information loss when query probabilities are taken into account. This definition reflects the actual utilization of cells in the lattice. Th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.