Scheduled System Maintenance
On Tuesday, January 22, IEEE Xplore will undergo scheduled maintenance from 1:00-4:00 PM ET
During this time, there may be intermittent impact on performance. We apologize for any inconvenience.

Tenth Annual Computer Security Applications Conference

5-9 Dec. 1994

Filter Results

Displaying Results 1 - 25 of 33
  • Role-based access control: a multi-dimensional view

    Publication Year: 1994, Page(s):54 - 62
    Cited by:  Papers (21)  |  Patents (11)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (749 KB)

    Recently there has been considerable interest in role-based access control (RBAC) as an alternative, and supplement, to the traditional discretionary and mandatory access controls (DAC and MAC) embodied in the Orange Book. The roots of RBAC can be traced back to the earliest access control systems. Roles have been used in a number of systems for segregating various aspects of security and system a... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Applying the Abadi-Lamport composition theorem in real-world secure system integration environments

    Publication Year: 1994, Page(s):44 - 53
    Cited by:  Papers (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1044 KB)

    This paper describes research that addresses application of the Abadi Lamport Composition theorem to the integration of real-world systems. The Formal Development Methodology (FDM) was used to describe system and component security properties, including access control, label consistency, and communications constraints. These descriptions were then used as input to the FDM theorem prover to prove t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Editorial: a view of cryptography in TCSEC products

    Publication Year: 1994, Page(s):308 - 309
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (225 KB)

    The U.S. National Computer Security Center (NCSC) recently announced a change in its historical policy of not accepting encryption of any kind as a protection mechanism for TCSEC evaluated products. This editorial presents an view of this change from a vendor's perspective and raises some of the issues associated with the new policy.<<ETX>> View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Editorial: why bad things happen to good systems, and what to do about it

    Publication Year: 1994, Page(s):306 - 307
    Cited by:  Papers (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (196 KB)

    Perfection in large software systems is improbable; therefore, it is prudent to enhance security by anticipating failures and preparing for contingencies. We propose an analogy with medicine, supporting curative as well as preventive action. Information technology (IT) security needs to allocate resources to contingency resolution mechanisms that can be used to complement prevention mechanisms.<... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Where we stand in multilevel security (MLS): requirements, approaches, issues, and lessons learned

    Publication Year: 1994, Page(s):304 - 305
    Cited by:  Papers (1)  |  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (188 KB)

    Many government planners and trusted system vendors have an oversimplified view of actual user needs for multilevel security (MLS). The purpose of this paper is to improve insight into what users really need and want in the name of MLS. This paper is primarily derived from work performed under Contract DAAB07-94-C-H601 for the Defense Information Systems Agency (DISA).<<ETX>> View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Performance analysis of a method for high level prevention of traffic analysis using measurements from a campus network

    Publication Year: 1994, Page(s):288 - 297
    Cited by:  Papers (15)  |  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (957 KB)

    We provide cost estimates for achieving spatial neutrality under realistic network traffic conditions using two methods. Measurements done on the University of Florida campus wide backbone network (UFNET) provide us with considerable experience to model an actual network better. Simulation results show that the algorithm's improvement over padding alone is greater for a sparse traffic matrix than ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using security models to investigate CMW design and implementation

    Publication Year: 1994, Page(s):278 - 287
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1049 KB)

    Some new security models are presented as a means of understanding the complexities of the Compartmented Mode Workstation dual-label design and the different implementations that are available. The security models, which are based upon a realistic abstraction of a computer, have floating security labels. The models are pessimistic, in that they assume that if information is potentially able to flo... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Ops/Intel interface lessons learned: the integrator's perspective

    Publication Year: 1994, Page(s):268 - 277
    Cited by:  Papers (3)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1018 KB)

    This paper describes our experiences in integrating and fielding the Operations/Intelligence (Ops/Intel) Interface. The Ops/Intel Interface integrates secure commercial off-the-shelf (COTS) technology with untrusted applications to produce a trusted Ops/Intel workstation. The Ops/Intel Interface enables the intelligence analyst to bridge the gap between the Sensitive Compartmented Information and ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Availability: theory and fundamentals for practical evaluation and use

    Publication Year: 1994, Page(s):258 - 264
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (557 KB)

    What the currently available security criteria are still missing is a functional structure of the concept of availability. The intention of the article is to define a functional structure of the concept of availability in terms of basic functions, similar to the Generic Headings in the ITSEC (IT Security Criteria). The article gives the basic definitions and terms as well as a terminological intro... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The effects of trusted technology on distributed applications

    Publication Year: 1994, Page(s):246 - 255
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1061 KB)

    The paper examines the effect of trusted technology on a distributed application being transitioned to a trusted system. Two styles of operation are examined: restricting the operation of all components of the application to a single sensitivity level and allowing the user interface components of the application to operate across a range of sensitivity levels. Within these operational styles, the ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • AOS: an avionics operating system for multi-level secure real-time environments

    Publication Year: 1994, Page(s):236 - 245
    Cited by:  Papers (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (940 KB)

    In parallel with advances in the design of real-time systems there is an increasing need for real-time systems that can provide multilevel security. This need is highlighted by the DOD's endorsed move towards integrated avionics to enable real-time avionics and tactical applications to share a common processing platform. A generic Integrated Avionics Platform (IAP) is a heterogeneous distributed s... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • System-of-systems security engineering

    Publication Year: 1994, Page(s):228 - 235
    Cited by:  Papers (9)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (811 KB)

    There is an increasing trend to treat a collection of individual systems that support a common mission as a single entity and to perform systems engineering activities for that entity. A security engineering process is proposed for systems-of-systems. This process addresses such issues as how to identify and mitigate risks resulting from connectivity, how to integrate security into a target archit... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • EINet: a secure, open network for electronic commerce

    Publication Year: 1994, Page(s):219 - 226
    Cited by:  Patents (31)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (849 KB)

    Corporate users are by far the most rapidly growing segment of the Internet community, supplementing the existing base of government and academic users. Both corporate and government organizations want to use the Internet to "integrate" their enterprises, and foresee using the Internet to conduct electronic commerce as well. However, the lack of security services on the Internet deters its use for... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The MITRE security perimeter

    Publication Year: 1994, Page(s):212 - 218
    Cited by:  Patents (4)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (694 KB)

    To protect MITRE's unclassified computing resources from unauthorized use, MITRE maintains a network firewall between the MITRE corporate network and the Internet, and limits dial-in to three modem pools. The firewall limits Internet connectivity to a small set of computer systems called boundary hosts. The boundary hosts and the modem pools use a smartcard-based user authentication scheme to ensu... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A secure Email gateway (building an RCAS external interface)

    Publication Year: 1994, Page(s):202 - 211
    Cited by:  Papers (1)  |  Patents (47)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (971 KB)

    Fielding secure computer systems requires tradeoffs between functionality, flexibility, and security to meet the users' needs. Multilevel secure (MLS) computer systems provide better control over classified information than traditional systems and allow users from a diverse population access to information they need while protecting sensitive data. Users want the functionality of non-MLS computer ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A validated security policy modeling approach

    Publication Year: 1994, Page(s):189 - 200
    Cited by:  Papers (3)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1184 KB)

    The paper presents a security policy modeling approach that can be applied to many types of systems, including networks and distributed systems. The approach is driven by security requirements and by system architecture. It is compatible with the modeling principles offered by recent modeling guidelines and the TCSEC modeling requirements at the B1-A1 assurance levels. The approach has been valida... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A prototype multilevel-secure DoD directory

    Publication Year: 1994, Page(s):180 - 188
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (784 KB)

    The US Department of Defense (DoD) has begun to plan for the implementation of a DoD Directory capability based on the CCITT X.500 series recommendations, which define the data communication network directory. The DoD Directory statement of requirements has established the need to hold data of different classifications (UNCLASSIFIED to SECRET) and to serve users with different clearances. We descr... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • STU-III-multilevel secure computer interface

    Publication Year: 1994, Page(s):170 - 179
    Cited by:  Papers (2)  |  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1065 KB)

    The interconnection of the STU-III (Secure Telephone Unit) and a multilevel secure (MLS) host computer is a layered composition of systems. The composed systems that form the layers result from the connection processing done to establish the host-to-host link. To ensure that the system represented by each composed layer is consistent with the security policy, an additional agent must be added to t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Property-based testing of privileged programs

    Publication Year: 1994, Page(s):154 - 163
    Cited by:  Papers (8)  |  Patents (19)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (943 KB)

    Addresses the problem of testing security-relevant software, especially privileged (typically, setuid root) and daemon programs in UNIX. The problem is important, since it is these programs that are the source of most UNIX security flaws. For some programs, such as the UNIX sendmail program, new security flaws are still being discovered, despite being in use for many years. For special-purpose sys... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Networked information discovery and retrieval tools: security capabilities and needs

    Publication Year: 1994, Page(s):145 - 153
    Cited by:  Patents (6)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (879 KB)

    The Internet is a rapidly growing global network of networks. Users employ the Internet to search for and retrieve information, access remote resources, and collaborate with other users. More and more information is becoming available on the Internet. Networked information discovery and retrieval (NIDR) tools, such as Gopher, Wide Area Information Server (WAIS) and World Wide Web (WWW), have been ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Automated detection of vulnerabilities in privileged programs by execution monitoring

    Publication Year: 1994, Page(s):134 - 144
    Cited by:  Papers (60)  |  Patents (29)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1026 KB)

    Presents a method for detecting exploitations of vulnerabilities in privileged programs by monitoring their execution using audit trails, where the monitoring is with respect to specifications of the security-relevant behavior of the programs. Our work is motivated by the intrusion detection paradigm, but is an attempt to avoid ad hoc approaches to codifying misuse behavior. Our approach is based ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The design of an audit trail analysis tool

    Publication Year: 1994, Page(s):126 - 132
    Cited by:  Papers (1)  |  Patents (23)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (603 KB)

    Discusses the design of a tool that automatically removes security-sensitive information from intruder activity log files collected at a compromised site. The sanitization of sensitive information enables researchers to study the log files without further compromising the security of the affected sites. This paper begins with a brief discussion of the importance of such a tool and a description of... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Audit reduction and misuse detection in heterogeneous environments: framework and application

    Publication Year: 1994, Page(s):117 - 125
    Cited by:  Papers (5)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (880 KB)

    Audit data analysis is a non-invasive method for security assurance that may be used to detect computer misuse and mitigate security risks in large, distributed, open architecture environments. In most real-world environments, the heterogeneous nature of the available audit data combined with environment-specific detection requirements makes it difficult to integrate re-usable detection mechanisms... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A practical approach to user authentication

    Publication Year: 1994, Page(s):108 - 116
    Cited by:  Papers (6)  |  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (686 KB)

    A method for user authentication is presented which analyzes keystroking data as the user types his or her name. This study utilizes the ADALINE (ADAptive LINear Element) and backpropagation neural nets to identify the typing pattern characteristic of a particular user. A simple measure of geometric distance is also used for comparison. This paper provides a brief introduction to this type of neur... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Organizing MLS databases from a data modelling point of view

    Publication Year: 1994, Page(s):96 - 105
    Cited by:  Papers (3)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (893 KB)

    The conceptual and logical design of multilevel secure (MLS) database applications are treated in an integrated way. For the conceptual design, a powerful semantic data model is suggested in order to represent the data and security semantics of the application domain. For the logical design, a two-phase approach is developed. Phase one consists of the transformation of the database conceptualizati... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.