Proceedings. 1989 IEEE Symposium on Security and Privacy

1-3 May 1989

Filter Results

Displaying Results 1 - 25 of 34
  • Proceedings 1989 IEEE Symposium on Security and Privacy (Cat. No.89CH2703-7)

    Publication Year: 1989
    Request permission for reuse | PDF file iconPDF (54 KB)
    Freely Available from IEEE
  • Network security: the parts of the sum

    Publication Year: 1989, Page(s):2 - 9
    Cited by:  Papers (5)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (530 KB)

    Attention is given to the three basic elements of network security, i.e. encryption, network protocols, and trusted computer system protocols. It is noted that each of these measures is needed to achieve overall network security and yet frequently the advocates of individual measures ignore the others for a variety of technical and/or doctrinal reasons. The author attempts to convey the importance... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Statistical models of trust: TCBs vs. people

    Publication Year: 1989, Page(s):10 - 19
    Cited by:  Papers (3)  |  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (773 KB)

    The processes of granting security clearances to people and accrediting trusted computer systems are compared, both informally and using preliminary mathematical models of risk probabilities. The risk models support the validity of two hypotheses that were previously merely conjectures: (1) in determining an acceptable accreditation range for a computer one need only consider the highest classific... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Symbol security condition considered harmful

    Publication Year: 1989, Page(s):20 - 46
    Cited by:  Papers (8)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (2321 KB)

    The author identifies. interprets, and examines the requirements in the Department of Defense trusted computer system evaluation criteria (TCSEC) for the application of formal methods to the system design. The requirements are placed in their historical context to trace their origin. The TCSEC is found to have eliminated some widely-accepted, and critical, security assurance and analysis processes... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • New methods for immediate revocation

    Publication Year: 1989, Page(s):48 - 55
    Cited by:  Papers (2)  |  Patents (4)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (509 KB)

    The author introduces two techniques for immediate revocation of access rights: revocation with event counts and revocation by chaining. The two algorithms are appropriate for shared and unshared page tables, respectively, and can be used for both access control list and capability-based systems. The proposed techniques are much simpler to implement and more efficient in operation than previous re... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A secure identity-based capability system

    Publication Year: 1989, Page(s):56 - 63
    Cited by:  Papers (50)  |  Patents (22)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (630 KB)

    The author presents the design of an identity-based capability protection system called ICAP, which is aimed at a distributed system in a network environment. The semantics of traditional capabilities are modified to incorporate subject identities. This enables the monitoring, mediating, and recording of capability propagations to enforce security policies. It also supports administrative activiti... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Access meditation in a message passing kernel

    Publication Year: 1989, Page(s):66 - 72
    Cited by:  Papers (15)  |  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (586 KB)

    The authors describe how mandatory and discretionary access mediation are performed in the trusted mach (TMach) kernel, a system that uses message passing as its primary means of communication both between tasks and with the kernel. As a consequence, control of interprocess communication in the TMach kernel is a central concern whereas controlled sharing of segments is the central focus in trusted... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A formal model for Unix setuid

    Publication Year: 1989, Page(s):73 - 83
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (624 KB)

    The Unix setuid (set user identification) mechanism is described in the context of the GEMSOS architecture. Motivation for modeling setuid is given, and modeling and policy requirements for the control of the setuid mechanism are presented. The GEMSOS formal security policy model is compared with the Bell and LaPadula model. The Bell and LaPadula model is shown not to admit the actions of a setuid... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Policy vs. mechanism in the Secure TUNIS operating system

    Publication Year: 1989, Page(s):84 - 93
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (630 KB)

    The trusted computing base (TCB) of a secure operating system can have its security policy enforced by a small, provably correct security manager. The design of the Secure TUNIS (Toronto University system) operating system divides security concerns into policy (implemented by its security manager) and mechanism (implemented by the rest of the operating system). It is shown that this separation is ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The incorporation of multi-level IPC into Unix

    Publication Year: 1989, Page(s):94 - 99
    Cited by:  Patents (4)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (421 KB)

    The author discusses the design, interface, and implementation issues that need to be addressed for Unix to support multilevel synchronized file access, pipes (FIFOs), messages, and semaphores. It is shown that, by changing some of Unix's underlying mechanisms and by making additions to system calls and the run-time library, it is possible architecturally to support more flexible sharing and commu... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Aggregation and inference: facts and fallacies

    Publication Year: 1989, Page(s):102 - 109
    Cited by:  Papers (39)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (679 KB)

    The author examines inference and aggregation problems that can arise in multilevel relational database systems and points out some fallacies in current thinking about these problems that may hinder real progress from being made toward their solution. She distinguishes several different types of aggregation and inference problems and shows that the different types of problems are best addressed by... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A security model for object-oriented databases

    Publication Year: 1989, Page(s):110 - 115
    Cited by:  Papers (16)  |  Patents (3)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (345 KB)

    An authorization model for object-oriented databases is developed. This model consists of a set of policies, a structure for authorization rules, and an algorithm to evaluate access requests against the authorization rules. The model is illustrated by a specific database system intended for CAD/CAM (computer-aided design/manufacturing) applications, and incorporates knowledge rules with a database... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A security policy for an A1 DBMS (a trusted subject)

    Publication Year: 1989, Page(s):116 - 125
    Cited by:  Papers (2)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (680 KB)

    A security policy for a multilevel secure relational database management system (DBMS) is stated. The DBMS is implemented as a trusted subject that can be hosted on any of a variety of secure operating systems. Accordingly, the policy is stated in two parts: (1) a generic policy for the operating-system TCB (trusted computing base) layer that states requirements that any operating system must meet... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On the cell suppression by merging technique in the lattice model of summary tables

    Publication Year: 1989, Page(s):126 - 135
    Cited by:  Papers (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (445 KB)

    The authors investigate the suitability of the cell suppression by merging (CSM) technique as an SDB (statistical database) protection mechanism, and give various heuristic algorithms for the minimum information loss. They first revise the definition for the information loss when query probabilities are taken into account. This definition reflects the actual utilization of cells in the lattice. Th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using narrowing in the analysis of key management protocols

    Publication Year: 1989, Page(s):138 - 147
    Cited by:  Papers (24)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (883 KB)

    The author develops methods for analyzing cryptographic protocols using techniques developed for the solutions of equations in a term rewriting system. In particular, she describes a model of a class of cryptographic protocols and possible attacks on those protocols as term rewriting systems. She also describes a software tool based on the narrowing algorithm that can be used in the analysis of su... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A software engineering approach to designing trustworthy software

    Publication Year: 1989, Page(s):148 - 156
    Cited by:  Papers (5)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (749 KB)

    Some specific formal techniques that have proven useful in the SMMS design are examined. Attention is given to a simplified example derived from experience with the actual design. The formal techniques examined incorporate the use of a formal security model, formal specifications of module interfaces, and proofs of correspondence between the two. The use of a proof-driven design approach ensured t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Formal model of a trusted file server

    Publication Year: 1989, Page(s):157 - 166
    Cited by:  Papers (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (705 KB)

    The authors present a formal, mathematical model for a trusted file server (TFS) for a multilevel secure distributed computer system. The goal is to produce formal verification from the top-level specification down through code for the entire system of which a TFS is one component. By viewing the TFS as a black box, it is possible to specify its security as a relation that must hold invariantly be... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • LOCK trek: navigating uncharted space

    Publication Year: 1989, Page(s):167 - 175
    Cited by:  Papers (17)  |  Patents (2)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (629 KB)

    The design principles of the logical coprocessing kernel (LOCK) project are considered. LOCK is an advanced development of hardware-based computer security and cryptographic service modules. Much of the design and some of the implementation specifications are complete. The formal top level specification (FTLS) also is complete and the advanced noninterference proofs are beginning. This hardware-ba... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Tea and I: an allergy (computer security)

    Publication Year: 1989, Page(s):178 - 182
    Cited by:  Papers (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (445 KB)

    Problems associated with the application of the connectivity approach to computer system security are addressed. The failure of trusted connectivity to protect computer systems is indicated. The work is presented in the form of an allergy.<<ETX>> View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security issues in policy routing

    Publication Year: 1989, Page(s):183 - 193
    Cited by:  Papers (6)  |  Patents (10)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (774 KB)

    Most routing protocols, including proposed policy routing protocols, focus on environments where detection of an attack after it has taken place is sufficient. The authors explore the design of policy routing mechanisms for sensitive environments where more aggressive preventative measures are mandated. In particular, they detail the design of four secure protocol versions that prevent abuse by cr... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The hierarchical model of distributed system security

    Publication Year: 1989, Page(s):194 - 203
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (667 KB)

    A description is given of the hierarchical model (HM), an access matrix-based model used to define nondisclosure in distributed multilevel secure applications such as secure file systems, secure switches, and secure upgrade downgrade facilities. The HM explicitly encodes access rights, synchronization primitives, and indirection in its state matrix. Serializability of concurrent commands is formal... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Chinese Wall security policy

    Publication Year: 1989, Page(s):206 - 214
    Cited by:  Papers (272)  |  Patents (14)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (561 KB)

    The authors explore a commercial security policy (the Chinese Wall) which represents the behavior required of those persons who perform corporate analysis for financial institutions. It can be distinguished from Bell-LaPadula-like policies by the way that a user's permitted accesses are constrained by the history of his previous accesses. It is shown that the formal representation of the policy co... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A 'new' security policy model

    Publication Year: 1989, Page(s):215 - 228
    Cited by:  Papers (7)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (993 KB)

    A model of security is presented which integrates notions of confidentiality and integrity. This model has been developed to fulfil the needs of the RSRE SMITE project because existing modeling approaches proved to be inadequate. The authors introduce the model and subsequently compare and contrast it with existing approaches. Both an inductive confidentiality property and a noninductive integrity... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A framework for expressing models of security policy

    Publication Year: 1989, Page(s):229 - 239
    Cited by:  Papers (9)  |  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (902 KB)

    The authors first describe some issues that arise from the interplay between the security requirements for an integrated project support environment (IPSE) for the development of a trusted system, and the security requirements of the trusted system itself. All of these issues derive from security policy and the modeling of security policy. A framework is then presented which allows security polici... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On the derivation of secure components

    Publication Year: 1989, Page(s):242 - 247
    Cited by:  Papers (31)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (387 KB)

    The author discusses the problems in deriving a system from its specification when that specification includes simple trace-based information-flow security properties as well as safety properties. He presents two fundamental theorems of information-flow security which describe the inherent difficulties of deriving secure implementations and considers the implications of these results. It is conclu... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.