[1989 Proceedings] Fifth Annual Computer Security Applications Conference

4-8 Dec. 1989

Filter Results

Displaying Results 1 - 25 of 62
  • A structured risk analysis approach to resolve the data protection and integrity issues for computer-aided acquisition logistics support (CALS)

    Publication Year: 1989, Page(s):4 - 5
    Cited by:  Papers (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (91 KB)

    A structured risk analysis approach that is intended to result in cost-effective data protection and integrity service throughout CALS is described. The structured risk analysis approach would: identify CALS assets; determine threats to CALS data; ascertain CALS vulnerabilities; identify potential risks; use the risk and vulnerability assessment as a baseline for protection and integrity identifyi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Electronic information security in a digital environment

    Publication Year: 1989, Page(s):6 - 9
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (170 KB)

    The protection of sensitive, unclassified industrial information is considered. Context and background are described, and the objectives and objects of security processes are discussed. Common descriptors of data protection and information security applicable to the security of digital information, which the author entitles electronic information security (ELINFOSEC), are suggested. ELINFOSEC is t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The CALS Data Protection and Integrity Industry Working Group

    Publication Year: 1989, Page(s):10 - 11
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (84 KB)

    The CALS (Computer-aided Acquisition and Logistics Support) Data Protection and Integrity (DP&I) Industry Working Group (WG) has been addressing security issues associated with the CALS initiative. The group's mission, structure, composition, activities, accomplishments, and future plans are described. The CALS initiative is a cooperative effort between the Department of Defense and industry t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Data protection requirements in computer-aided acquisition and logistic support

    Publication Year: 1989, Page(s):12 - 13
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (100 KB)

    The author describes computer-aided acquisition and logistic support (CALS), a Department of Defense (DoD) and industry strategy to enable and accelerate the integration of digital technical information for weapon system acquisition, design, manufacture, and support. CALS will provide for an effective transition from current paper-intensive weapon system life-cycle processes to the efficient use o... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Human issues

    Publication Year: 1989, Page(s):16 - 17
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (108 KB)

    It is argued that if a person can be (1) convinced not to initiate criminal behavior, (2) denied opportunity, or (3) made to pay an unacceptable price, EDP crime will be greatly reduced at a cost saving to companies and society. It is suggested that pre-employment screening, training, and awareness programs during employment can form a basis for minimizing crime.<<ETX>> View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Implementing sensitive but unclassified security, today-a workshop proposal

    Publication Year: 1989, Page(s):20 - 24
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (254 KB)

    The status of unclassified systems security in the US and how that status can be changed are discussed. The problem is outlined from the manufacturer's and the user's points of view. The problems of an overwhelmingly large base of installed telecommunications and computer products, of the lack of cost-effective, secure platforms, and of the lack of a systematic security market are addressed. Parti... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A security standard for LANs

    Publication Year: 1989
    Cited by:  Papers (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (56 KB)

    The work of IEEE 802.10, the LAN Security Working Group, in developing the Standard for Interoperable LAN Security (SILS) is described. The areas for security standardization are: a protocol for the secure exchange of data at the data link layer, the management of cryptographic keys at the application layer, and the specification of the network management objects associated with the secure data ex... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • End-to-end encryption at the network layer

    Publication Year: 1989
    Cited by:  Patents (2)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (61 KB)

    Both network-layer and transport-layer encryption are permitted by the OSI Security Addendum. The advantages of network-layer encryption are discussed. Secure data network system (SDNS) protocols are described. In the SDNS, SP is a single, simple encryption protocol between end-systems. This protocol has two descriptions, SP3 (network layer) and SP4 (transport layer). Both definitions are OSI comp... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Electronic messaging security: a comparison of three approaches

    Publication Year: 1989
    Cited by:  Papers (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (61 KB)

    Three approaches to securing electronic mail are described and compared: the 1988 CCITT X.411 Recommendation, RFC 1113, and the Message Security Protocol (MSP). Each approach offers the same basic security services. The MSP approach is found to be the least invasive. Thus, the MSP approach is unable to provide additional security features such as protected reports from MTAs (mail transfer agents) ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The role of vulnerability in risk management

    Publication Year: 1989, Page(s):32 - 38
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (383 KB)

    The treatment of vulnerability at the 1988 Risk Model Builders' Workshop is examined, and a definition of vulnerability that is intuitively satisfying and provides a foundation upon which mathematical models can be built is developed. Two vulnerability models that together appear to capture the general conceptualizations of vulnerability espoused by other authors are presented. The authors also di... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Intrusion and anomaly detection in trusted systems

    Publication Year: 1989, Page(s):39 - 45
    Cited by:  Papers (6)  |  Patents (7)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (605 KB)

    A real-time network and host security monitor that allows both interactive and automatic audit trail analysis is described. Audit records, i.e. tokens of actual user behavior, are examined in the context of user profiles, i.e. measures of expected behavior. This system combines a set of statistical tools for both interactive and automatic analysis of audit data, an expert system that works in conj... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A model of security monitoring

    Publication Year: 1989, Page(s):46 - 52
    Cited by:  Papers (3)  |  Patents (16)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (524 KB)

    A formal model of security monitoring that distinguishes two different methods of recording information (logging) and two different methods of analyzing information (auditing) is presented. From this model, implications for the design and use of security monitoring mechanisms are drawn. The model is then applied to security mechanisms for statistical databases, monitoring mechanisms for computer s... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An approach for evaluating the security of an Air Force type network

    Publication Year: 1989, Page(s):53 - 62
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (492 KB)

    An approach for assessing the security of an Air-Force-type network environment at the AFR 205-16 sensitive/unclassified Trusted Network Interpretation C2 levels is discussed. The first step in this approach was to assess the security for each stand-alone system. For the target network this was done using two separate assessment processes. The first was to assess the security profiles of functiona... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security standards for open systems

    Publication Year: 1989, Page(s):64 - 67
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (31 KB)

    A panel on security standards for open systems is summarized. The topics discussed are ISO/IEC work on OSI (open systems interconnection) security standards, CCITT DAF (framework for the support of distributed applications) security, and ECMA security standards.<<ETX>> View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Protection of call detail records data in federal telecommunications

    Publication Year: 1989, Page(s):70 - 77
    Cited by:  Patents (2)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (395 KB)

    Techniques for protection of the call detail records (CDR) in US federal government telecommunications systems, such as the FTS2000 and agency PABXs, are identified. CDR data flow, its use in telecommunication, and its protection requirements are described. Descriptions of threats and countermeasures are provided. Recommendations for handling and protection of the CDR database are made for the fol... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security audit for embedded avionics systems

    Publication Year: 1989, Page(s):78 - 84
    Cited by:  Papers (1)  |  Patents (2)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (332 KB)

    The design of security audit subsystems for real-time embedded avionics systems is described. The selection criteria of auditable events and the design of the audit functions are described. The data storage requirements and the data compression features of embedded avionics systems are analyzed. Two data compression algorithms applicable to avionics systems are described. Huffman encoding is optim... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Development of a multi level data generation application for GEMSOS

    Publication Year: 1989, Page(s):86 - 90
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (274 KB)

    The Gemini computer, which uses the Gemini Multiprocessing Secure Operating System (GEMSOS), is one of only a handful of computers which are designed to meet A1 level requirements. Martin Marietta's approach to using the Gemini computer as a process, device, and memory manager is discussed. An example application which was developed in 25 man-days with 125 lines of trusted code is presented. The e... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Designing a trusted client-server distributed network

    Publication Year: 1989, Page(s):91 - 94
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (182 KB)

    The client-server distributed network model was analyzed from a security perspective, and an expanded client-server model which includes security-relevant properties was developed. A network-oriented security policy was produced as the next step in developing a trusted client-server network. The various services provided on the distributed network map into NTCB partitions, producing an easily spec... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The security policy of the secure distributed operating system prototype

    Publication Year: 1989, Page(s):95 - 102
    Cited by:  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (596 KB)

    The experimental secure distributed operating system (SDOS) is described. It uses a composable property as its mandatory security policy. The security policy includes a fine granularity of discretionary access control immune to Trojan horse attacks. The high degree of assurance that composability makes practical and the richness of the discretionary controls lead SDOS to use balanced assurance. In... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Does TCB subsetting enhance trust?

    Publication Year: 1989
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (58 KB)

    Trusted computing base (TCB) subsetting consists of subdividing a large TCB into smaller separate TCBs, each of which can be separately designed, implemented, and analyzed. The idea of TCB subsetting is attractive because it can simplify the difficult task of constructing TCBs. However, there are many unanswered questions, connected in particular with determinating the useful and meaningful ways o... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Considerations on TCB subsetting

    Publication Year: 1989, Page(s):105 - 106
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (111 KB)

    The hierarchical trusted computing base (TCB) subsetting architecture, which is intended to allow database management systems (DBMSs) to take advantage of the effort expended in producing and evaluating trusted multilevel operating systems, is discussed. The advantages and disadvantages that result from the use of this security architecture are explored. Another architecture, functional modulariza... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • TCB subset architecture

    Publication Year: 1989
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (48 KB)

    The advantages of using TCB (trusted computing base) subset architecture in designing secure RDBMS (relational database management system) products are described. These advantages include ease of evaluation, portability, full operating system features, performance, standards, and assurance. TCB subset architecture extends the existing security mechanisms of a secure operating system with complemen... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Gemini developers: facts, myths, and war stories

    Publication Year: 1989, Page(s):110 - 111
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (76 KB)

    The role of Gemini at the Grumman Corporation is described. Particular attention is given to the development environment, the project architecture from a book perspective, and the project status. Gemini experience with performance, features, and support is discussed, and an evaluation of the hardware/software defect/success rate is presented.<<ETX>> View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A summary of the Unisys experience with GEMSOS

    Publication Year: 1989
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (31 KB)

    Summary form only given. In 1984, the Unisys Corporation was awarded a government contract to design and develop a multilevel secure communications system. This system contains multilevel administrative hosts that manage the connectivity between users on a network. The connectivity was driven by mandatory and discretionary policies. An early decision was made to use GEMSOS (Gemini Standard Operati... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Process execution controls as a mechanism to ensure consistency

    Publication Year: 1989, Page(s):114 - 120
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (436 KB)

    A mechanism for ensuring that the changes to a system and its data occur in a consistent manner is presented. The mechanism, process execution controls, imposes restrictions on the method of access to the data, unlike access controls which impose restrictions upon which users can access the data. This mechanism imposes another layer to the currently existing access control restrictions, but one th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.