Proceedings of the Symposium on Network and Distributed System Security

16-17 Feb. 1995

Filter Results

Displaying Results 1 - 16 of 16
  • A new approach to the X.509 framework: allowing a global authentication infrastructure without a global trust model

    Publication Year: 1995, Page(s):172 - 189
    Cited by:  Papers (9)  |  Patents (6)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1836 KB)

    Isolated network are currently being integrated in order to create a universal and virtual inter-network. In this context, the existence of a common authentication infrastructure is extremely important. CCITT Recommendation X.509 defines a public key-based "Authentication Framework" in which the Directory Service can be used to provide key management facilities for open applications. We propose a ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • PEMToolKit: building a top-down certification hierarchy for PEM from the bottom up

    Publication Year: 1995, Page(s):161 - 171
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1110 KB)

    A top-down public-key certification hierarchy is viewed by some as, and has arguably proven in practice to be, an impediment to widespread deployment and use of the technology. This paper considers an approach to building a top-down public-key certification hierarchy from the bottom up. Two critical requirements of a public key certification hierarchy-trust model and information retrieval-are disc... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Certificate Management System: structure, functions and protocols

    Publication Year: 1995, Page(s):153 - 160
    Cited by:  Papers (2)  |  Patents (2)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (664 KB)

    The Certificate Management System (CMS) is a networked system for generation, distribution, storage and verification of certificates for use in a variety of security enhanced applications. The structure of a certificate is defined in the X.509 standard. The Internet PEM specification describes the structure and functionality of a global certification hierarchy, as well as the structure of its inte... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • GSS-API security for ONC RPC

    Publication Year: 1995, Page(s):144 - 151
    Cited by:  Papers (4)  |  Patents (3)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (743 KB)

    We extended ONC RPC to provide strong authentication as well as data integrity and privacy protection using the GSS-API. The new system fits seamlessly into new and existing ONC RPC-based applications with extremely minor code changes and is protocol compatible with existing ONC RPC servers. To our knowledge, it was also the first production system based on a complete implementation of the GSS-API... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Yaksha: augmenting Kerberos with public key cryptography

    Publication Year: 1995, Page(s):132 - 143
    Cited by:  Papers (18)  |  Patents (38)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1068 KB)

    The Kerberos authentication system is based on the trusted third-party Needham-Schroeder (1978) authentication protocol. The system is one of the few industry standards for authentication systems and its use is becoming fairly widespread. The system has some limitations, many of which are traceable to the decision of the Kerberos designers to solely use symmetric key cryptosystems. Using asymmetri... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • SESAME V2 public key and authorisation extensions to Kerberos

    Publication Year: 1995, Page(s):114 - 131
    Cited by:  Papers (9)  |  Patents (17)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1516 KB)

    There are increasing requirements for the availability of practical solutions to the problem of providing secure single sign-on for users to applications anywhere on a network, but with affordable security management. Kerberos has been proven to be an effective solution to this problem for a local network, or within closely linked groups of users, but Kerberos is constrained by its current limitat... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Distributed audit trail analysis

    Publication Year: 1995, Page(s):102 - 112
    Cited by:  Papers (10)  |  Patents (29)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (971 KB)

    An implemented system for on-line analysis of multiple distributed data streams is presented. The system is conceptually universal since it does not rely on any particular platform feature and uses format adaptors to translate data streams into its own standard format. The system is as powerful as possible (from a theoretical standpoint) but still efficient enough for on-line analysis thanks to it... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An overview of SNIF: a tool for Surveying Network Information Flow

    Publication Year: 1995, Page(s):94 - 101
    Cited by:  Papers (1)  |  Patents (27)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1161 KB)

    Connection of a local area network to the Internet brings with it a certain amount of risk. Once connected, local computer systems are subject to attacks by other users on the Internet. To maintain system integrity, system administrators need tools to accurately display the status of communication between local hosts and remote hosts. The paper describes an ongoing research and development project... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • NERD: Network Event Recording Device: an automated system for network anomaly detection and notification

    Publication Year: 1995, Page(s):87 - 93
    Cited by:  Papers (1)  |  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (743 KB)

    The Network Event Recording Device is an automated, real-time system for monitoring and detecting network anomalies, as well as providing timely notification to network managers of significant network events. The NERD system allows for continuous monitoring of system and security logs, easily configurable notification options and a central, secure data collection point for distributed system logs.... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Electronic cash on the Internet

    Publication Year: 1995, Page(s):64 - 84
    Cited by:  Papers (16)  |  Patents (24)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1946 KB)

    It is generally realized that the Internet will not be able to offer full-fledged electronic marketplace capabilities without a suitable electronic mechanism for processing payments. The electronic payment mechanism that is presented offers a variety of features that are believed to be particularly appealing in this respect. To participate, an Internet user must interface to his computer a tamper-... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Location-independent information object security

    Publication Year: 1995, Page(s):54 - 62
    Cited by:  Patents (23)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (715 KB)

    Users are mobile and use multiple platforms with differing applications over time. These users have no security service applications which are independent of location or computing environment. The IOS project has developed syntax and applications which provide these services. The IOS Tools allow one or more users to apply security services to documents. The project has also investigated third-part... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Trusted distribution of software over the Internet

    Publication Year: 1995, Page(s):47 - 53
    Cited by:  Papers (4)  |  Patents (36)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (663 KB)

    The paper offers a solution to a problem of software distribution on the lnternet. The problem is that malicious software can be posted to the public with no accountability. When this software is run, it inherits the privileges of the user who runs it. Unfortunately, it is very common for users to execute software obtained on the Internet with no assurance that it is genuine. The solution offered ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • IpAccess-an Internet service access system for firewall installations

    Publication Year: 1995, Page(s):31 - 41
    Cited by:  Patents (51)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (878 KB)

    When running a firewall server for connecting a local area network to the Internet, a method has to be found of granting the users in the LAN access to the services and resources of the Internet without decreasing the security of the LAN or the firewall server. The Internet service access system IpAccess developed at the European Institute for System Security (EISS) allows the users in the interna... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Design of a key agile cryptographic system for OC-12c rate ATM

    Publication Year: 1995, Page(s):17 - 30
    Cited by:  Papers (2)  |  Patents (20)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1172 KB)

    The paper describes an experimental key agile cryptographic system under design at MCNC. The system is compatible with ATM local- and wide-area networks. The system establishes and manages secure connections between hosts in a manner which is transparent to the end users and compatible with existing public network standards. A Cryptographic Unit supports hardware encryption and decryption at the A... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Multicast-specific security threats and counter-measures

    Publication Year: 1995, Page(s):2 - 16
    Cited by:  Papers (36)  |  Patents (12)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1186 KB)

    Security issues in multicast communication have rarely been touched upon to date. We believe that wide-area multicast communication is at a substantially increased risk from specific security threats, compared with the same threats in unicast. This arises both from the lack of any form of effective group access control, and from the fact that multicast traffic traverses potentially many more commu... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Proceedings of the Symposium on Network and Distributed System Security

    Publication Year: 1995
    Request permission for reuse | PDF file iconPDF (93 KB)
    Freely Available from IEEE