By Topic

Proceedings 1996 IEEE Symposium on Security and Privacy

6-8 May 1996

Filter Results

Displaying Results 1 - 23 of 23
  • Proceedings 1996 IEEE Symposium on Security and Privacy

    Publication Year: 1996
    Request permission for commercial reuse | PDF file iconPDF (228 KB)
    Freely Available from IEEE
  • Index of authors

    Publication Year: 1996
    Request permission for commercial reuse | PDF file iconPDF (35 KB)
    Freely Available from IEEE
  • Limitations on design principles for public key protocols

    Publication Year: 1996, Page(s):62 - 72
    Cited by:  Papers (4)  |  Patents (40)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1104 KB)

    Recent papers have taken a new look at cryptographic protocols from the perspective of proposing design principles. For years, the main approach to cryptographic protocols has been logical, and a number of papers have examined the limitations of those logics. This paper takes a similar cautionary look at the design principle approach. Limitations and exceptions are offered on some of the previousl... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A fair non-repudiation protocol

    Publication Year: 1996, Page(s):55 - 61
    Cited by:  Papers (56)  |  Patents (25)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (484 KB)

    A fair non-repudiation protocol should not give the sender of a message an advantage over the receiver, or vice versa. We present a fair non-repudiation protocol that requires a trusted third party but attempts to minimize its involvement in the execution of the protocol. We draw particular attention to the nonstandard use of encryption in our protocol and discuss some aspects of its formal verifi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Defining noninterference in the temporal logic of actions

    Publication Year: 1996, Page(s):12 - 21
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1060 KB)

    Covert channels are a critical concern for multilevel secure (MLS) systems. Due to their subtlety, it is desirable to use formal methods to analyze MLS systems for the presence of covert channels. This paper describes an approach for using Abadi & Lamport's (1993) temporal logic of actions (TLA) to specify noninterference properties. In addition to providing a more intuitive definition of noni... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Supporting multiple access control policies in database systems

    Publication Year: 1996, Page(s):94 - 107
    Cited by:  Papers (24)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1204 KB)

    Although there are several choices of policies for protection of information, access control models have been developed for a fixed set pre-defined access control policies that are then built into the corresponding access control mechanisms. This becomes a problem, however, if the access control requirements of an application are different from the policies built into a mechanism. In most cases, t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • What do we mean by entity authentication?

    Publication Year: 1996, Page(s):46 - 54
    Cited by:  Papers (19)  |  Patents (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (832 KB)

    The design of authentication protocols has proven to be surprisingly error-prone. We suggest that this is partly due to a language problem. The objectives of entity authentication are usually given in terms of human encounters while we actually implement message passing protocols. We propose various translations of the high-level objectives into a language appropriate for communication protocols. ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Cryptovirology: extortion-based security threats and countermeasures

    Publication Year: 1996, Page(s):129 - 140
    Cited by:  Papers (11)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1176 KB)

    Traditionally, cryptography and its applications are defensive in nature, and provide privacy, authentication, and security to users. In this paper we present the idea of Cryptovirology which employs a twist on cryptography, showing that it can also be used offensively. By being offensive we mean that it can be used to mount extortion based attacks that cause loss of access to information, loss of... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An analysis of the timed Z-channel

    Publication Year: 1996, Page(s):2 - 11
    Cited by:  Papers (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (760 KB)

    Our timed Z-channel (a general case of the Z-channel) appears as the basis for a large class of covert channels. Golomb (1980) analyzed the Z-channel, a memoryless channel with two input symbols and two output symbols, where one of the input symbols is transmitted with noise while the other is transmitted without noise, and the output symbol transmission times are equal. We introduce the timed Z-c... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Secure network objects

    Publication Year: 1996, Page(s):211 - 221
    Cited by:  Papers (7)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (952 KB)

    We describe the design and implementation of secure network objects, which provide security for object-oriented network communication. The design takes advantage of objects and subtyping to present a simple but expressive programming interface for security, supporting both access control lists and capabilities. The implementation of this design fits nicely within the structure of the existing netw... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • View-based access control with high assurance

    Publication Year: 1996, Page(s):85 - 93
    Cited by:  Papers (3)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (808 KB)

    View-based access control enables content-based and context-based security, as opposed to the container-based security provided in operating systems. However, view-based access control in multilevel secure (MLS) databases suffers from two problems: safety and assurance. We investigate view-based access control in MLS relational databases for a large class of views expressible as project-select-joi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A security policy model for clinical information systems

    Publication Year: 1996, Page(s):30 - 43
    Cited by:  Papers (42)  |  Patents (20)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1332 KB)

    The protection of personal health information has become a live issue in a number of countries, including the USA, Canada, Britain and Germany. The debate has shown that there is widespread confusion about what should be protected, and why. Designers of military and banking systems can refer to Bell & LaPadula (1973) and Clark & Wilson (1987) respectively, but there is no comparable securi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A sense of self for Unix processes

    Publication Year: 1996, Page(s):120 - 128
    Cited by:  Papers (355)  |  Patents (67)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (804 KB)

    A method for anomaly detection is introduced in which “normal” is defined by short-range correlations in a process' system calls. Initial experiments suggest that the definition is stable during normal behaviour for standard UNIX programs. Further; it is able to detect several common intrusions involving sendmail and 1pr. This work is part of a research program aimed at building comput... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On two proposals for on-line bankcard payments using open networks: problems and solutions

    Publication Year: 1996, Page(s):201 - 210
    Cited by:  Patents (13)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (976 KB)

    Recently, two major bankcard payment instrument operators VISA and MasterCard published specifications for securing bankcard payment transactions on open networks for open scrutiny. (VISA: Secure Transaction Technology, STT; MasterCard: Secure Electronic Payment Protocol, SEPP.) Based on their success in operating the existing on-line payment systems, both proposals use advanced cryptographic tech... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security properties and CSP

    Publication Year: 1996, Page(s):174 - 187
    Cited by:  Papers (43)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1104 KB)

    Security properties such as confidentiality and authenticity may be considered in terms of the flow of messages within a network. To the extent that this characterisation is justified, the use of a process algebra such as Communicating Sequential Processes (CSP) seems appropriate to describe and analyse them. This paper explores ways in which security properties may be described as CSP specificati... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Ensuring atomicity of multilevel transactions

    Publication Year: 1996, Page(s):74 - 84
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (964 KB)

    Ensuring atomicity is a major outstanding problem with present methods of handling multilevel transactions. The chief difficulty is that a high section of a transaction may be unable to complete due to violations of the integrity constraints, and a rollback of sections can be exploited to implement a covert channel. We define a notion of semantic atomicity which guarantees that either all or none ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Computer security training and education: a needs analysis

    Publication Year: 1996, Page(s):26 - 27
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (208 KB)

    This paper examines, from an employer's perspective, the kind of education and training that today's computer security practitioners need. It suggests answers to three important questions: (1) What are we educating people to do? (2) What should be included in education and training programs? (3) What can industry do to help? View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An immunological approach to change detection: algorithms, analysis and implications

    Publication Year: 1996, Page(s):110 - 119
    Cited by:  Papers (89)  |  Patents (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (912 KB)

    We present new results on a distributable change-detection method inspired by the natural immune system. A weakness in the original algorithm was the exponential cost of generating detectors. Two detector-generating algorithms are introduced which run in linear time. The algorithms are analyzed, heuristics are given for setting parameters based on the analysis, and the presence of holes in detecto... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A security model of dynamic labelling providing a tiered approach to verification

    Publication Year: 1996, Page(s):142 - 153
    Cited by:  Papers (3)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1024 KB)

    In the proposed mandatory access control model, arbitrary, label changing policies can be expressed. The relatively simple model can capture a wide variety of security policies, including high-water marks, downgrading, separation of duties, and Chinese Walls. The model forms the basis for a tiered approach to the formal development of secure systems, whereby security verification can be spread acr... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Run-time security evaluation (RTSE) for distributed applications

    Publication Year: 1996, Page(s):222 - 232
    Cited by:  Papers (2)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (984 KB)

    Formal security specifications for a distributed application can be checked for compliance at run-time using executable security assertions. We propose the run-time security evaluation (RTSE) method which makes use of histories/traces of events, assertions and operational evaluation in the distributed environment to ensure the security specifications for the application are fulfilled at run-time. ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Java security: from HotJava to Netscape and beyond

    Publication Year: 1996, Page(s):190 - 200
    Cited by:  Papers (44)  |  Patents (90)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1048 KB)

    The introduction of Java applets has taken the World Wide Web by storm. Information servers can customize the presentation of their content with server-supplied code which executes inside the Web browser. We examine the Java language and both the HotJava and Netscape browsers which support it, and find a significant number of flaws which compromise their security. These flaws arise for several rea... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A communication agreement framework for access/action control

    Publication Year: 1996, Page(s):154 - 163
    Cited by:  Papers (8)  |  Patents (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1200 KB)

    We introduce a framework for access/action control which shifts the emphasis from the participants to their relationships. The framework is based on a communication model in which participants negotiate the mutually agreed-upon boundary conditions of their relationships, and create social reference points by encapsulating them in compact “communication pacts”, called “commpacts&r... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Decentralized trust management

    Publication Year: 1996, Page(s):164 - 173
    Cited by:  Papers (492)  |  Patents (69)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (932 KB)

    We identify the trust management problem as a distinct and important component of security in network services. Aspects of the trust management problem include formulating security policies and security credentials, determining whether particular sets of credentials satisfy the relevant policies, and deferring trust to third parties. Existing systems that support security in networked applications... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.