[1990] Proceedings of the Sixth Annual Computer Security Applications Conference

3-7 Dec. 1990

Filter Results

Displaying Results 1 - 25 of 46
  • A solution to the cascade problem for dynamic network

    Publication Year: 1990, Page(s):2 - 8
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (388 KB)

    A potential problem in all multilevel networks is cascading. This problem can be eliminated in static networks by applying the nesting condition. The nature of dynamic networks prevents the use of the nesting condition. The author introduces the concept of a unidirectional nesting condition and provides proofs that show the unidirectional nesting condition sufficient and sometimes necessary to pre... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An example application of the trusted network interpretation

    Publication Year: 1990, Page(s):9 - 19
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1080 KB)

    The National Computer Security Center has issued guidance for trusted computer networks called the Trusted Network Interpretation (TNI) of the Trusted Computer System Evaluation Criteria (TCSEC). The TNI provides requirements for trusted computer networks that extend the guidance provided for traditional stand-alone computer systems by the TCSEC. It is expected that this Department of Defense (DOD... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A security analysis of the NTP protocol version 2

    Publication Year: 1990, Page(s):20 - 29
    Cited by:  Papers (9)  |  Patents (2)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (955 KB)

    The network time protocol (NTP) is being used throughout the Internet to provide an accurate time service. The author examines the security requirements of such a service, analyzes version 2 of the NTP protocol to determine how well it meets these requirements, and suggests improvements where appropriate. Five types of security attacks on a time service are possible. An attacker could cause a nont... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Formal specification and verification of control software for cryptographic equipment

    Publication Year: 1990, Page(s):32 - 43
    Cited by:  Papers (3)  |  Patents (4)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1062 KB)

    A description is given of the application of formal specification and verification methods to two microprocessor-based cryptographic devices: a 'smart token' system that controls access to a network of workstations, and a message authentication device implementing the ANSI X9.9 message authentication standard. Formal specification and verification were found to be practical, cost-effective tools f... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Hierarchical group oriented key management method HGK

    Publication Year: 1990, Page(s):44 - 49
    Cited by:  Papers (2)  |  Patents (3)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (497 KB)

    A cryptographic scheme can be used for controlling access to information, since any user who does not have a proper key can not decipher. But for this purpose, a user would have to manage a huge number of keys when he tries to communicate with a lot of people. The practical utilization method of access control by cryptography is discussed. The authors propose a typical organizational structure cal... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Integrating cryptography in the trusted computing base

    Publication Year: 1990, Page(s):50 - 56
    Cited by:  Papers (1)  |  Patents (5)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (443 KB)

    Secure distributed systems are not easily constructed, as they combine mechanisms based on very different theories of security (encryption and reference monitors). The authors show how these mechanisms may be integrated via the Unix STREAMS mechanism Examples are given of how this architecture can support existing security protocols and it is shown why it is consistent with the Bell-LaPadula and B... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On models for a trusted application system

    Publication Year: 1990, Page(s):58 - 67
    Cited by:  Papers (2)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (794 KB)

    A trusted application system must support the processing needs of a specific operating environment. Its security policy includes many constraints that are specific to the application, so the trusted application system can be more difficult to develop and evaluate than a trusted product. One approach for reducing the development and evaluation effort for a trusted application system is to build the... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A multilevel security model for a distributed object-oriented system

    Publication Year: 1990, Page(s):68 - 78
    Cited by:  Papers (7)  |  Patents (4)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1047 KB)

    Distributed systems are vulnerable to a number of security attacks. The authors look at the security problems of object-based distributed systems, and propose a model based on labelling for multilevel security. The purpose of this model is to preserve the information flow security in a distributed object-oriented system. The authors consider the basic concepts of the object paradigm, and also the ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Entropy as a measure of database information

    Publication Year: 1990, Page(s):80 - 87
    Cited by:  Papers (6)  |  Patents (3)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (650 KB)

    An estimate of the information a database contains and the quantification of the vulnerability of that database to compromise by inferential methods is discussed. Such a measure could be used to evaluate the deterrent value of extant protection methods and provide a measure of the potential for inferential compromise through the use of one of the known attack tools. The authors explore the use of ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Secure query processing in distributed database management systems-design and performance studies

    Publication Year: 1990, Page(s):88 - 102
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1021 KB)

    Distributed systems are vital for the efficient processing required in military applications. For these applications it is especially important that the distributed database management systems (DDBMS) should operate in a secure manner. For example, the DDBMS should allow users, who are cleared to different levels, access to the database consisting of data at a variety of sensitivity levels without... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Update semantics for multilevel relations

    Publication Year: 1990, Page(s):103 - 112
    Cited by:  Papers (5)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (815 KB)

    A formal operational semantics is given for update operations on multilevel relations, i.e., relations in which individual data elements are classified at different levels. For this purpose, the familiar INSERT, UPDATE and DELETE operations of SQL are suitably generalized to cope with polyinstantiation. The authors conjecture that these operations are consistent (or sound) in that all relations wh... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Natural change in dynamic databases as a deterrent to compromise by trackers

    Publication Year: 1990, Page(s):116 - 124
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (809 KB)

    There has been considerable research in database security and inference control; however, that research deals primarily with statistical databases. Although some of the mechanisms proposed to deter compromise artificially introduce dynamicism into these otherwise static databases, very little effort has been devoted to the area of natural dynamics. The purpose of the work presented is to determine... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Architecture for an embedded secure data base management system

    Publication Year: 1990, Page(s):125 - 136
    Cited by:  Papers (1)  |  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1014 KB)

    The architecture for an embedded secure database management system (ESDBMS) applicable to C/sup 3/ environments is presented. The ESDBMS design consists of three major components: the GEMSOS tamperproof security kernel, an embedded system run-time executive and the trusted ORACLE RDBMS. The ESDBMS is designed to support a fully-functional DBMS while meeting high assurance requirements. Future enha... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Single-level multiversion schedulers for multilevel secure database systems

    Publication Year: 1990, Page(s):137 - 147
    Cited by:  Papers (23)  |  Patents (2)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1020 KB)

    The concurrency control algorithms used for standard database systems can conflict with the security policies of multilevel secure database systems. The authors describe two new concurrency control algorithms that are compatible with common security policies. They are based on the multiversion timestamp ordering technique, and are implemented with single-level subjects. The use of only single-leve... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Multilevel security for knowledge based systems

    Publication Year: 1990, Page(s):148 - 159
    Cited by:  Papers (2)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1131 KB)

    Work aimed at defining a multilevel, mandatory security policy for knowledge based systems. The authors address two distinct issues: an effective implementation formalism based on a multilevel, object oriented programming paradigm and requirements for ensuring the correctness of inferences computed on the basis of possibly contradictory information from different access classes. They define requir... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • ODA and POSIX: label liaisons

    Publication Year: 1990, Page(s):162 - 172
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (748 KB)

    Common issues relating to the use of security labels within the secure ODA and secure POSIX environments are identified. The underlying security concepts of the two standards are discussed and mutual requirements highlighted. After an analysis of existing security labels, the author proposes an optimum generic security label. Finally, he discusses how a secure system may utilize the security label... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Network management security

    Publication Year: 1990, Page(s):173 - 180
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (520 KB)

    A review is given of network management security issues and the authors explain how ISO's SC21/WG4 is currently addressing these. Aspects covered include: what network management security is, why it needs to be considered and what issues need to be resolved to achieve this. Within this overall structure, specific details covered include: management as a means of attack on managed system security; ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The lowdown on lower layer security protocols

    Publication Year: 1990, Page(s):181 - 187
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (582 KB)

    Rapid advances in communication technology have accentuated the need for security in distributed processing systems. The broad interconnectivity provided by these technologies amplify both the capabilities of a computer network and the security risks. New developments in communication protocols promise to alleviate security problems by the application of standard security mechanisms. The author ex... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Canadian trusted computer product evaluation criteria

    Publication Year: 1990, Page(s):188 - 196
    Cited by:  Papers (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (726 KB)

    It has become obvious that the Orange Book (TCSEC), is incomplete; integrity and availability are only touched upon. The Orange Book focuses much of its emphasis on disclosure (confidentiality) of data and little to unauthorized modification (integrity) of data. The Canadian Systems Security Centre has begun efforts to create a 'Made in Canada' Orange Book. The Canadian trusted computer product ev... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • MLS and trust issues at the user interface in MLS AISs

    Publication Year: 1990, Page(s):204 - 208
    Cited by:  Papers (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (494 KB)

    A critical element in the widespread application of trusted systems is the availability of user interfaces that support efficient access by users to MLS data. The authors look at functional requirements for an MLS user interface, not in terms of what is typically implemented but in terms of user/system interaction. A model of user/system interaction is presented based on three security levels: ses... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An advanced process model's application to trusted X Window system development

    Publication Year: 1990, Page(s):209 - 220
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (966 KB)

    Presents an overview of the initial application of a risk-driven reasoning-based development paradigm to a trusted X Window system prototype on Trusted Mach. The goal of the prototype is to evolve to a system that, after refinements, will be certifiable at a B3 level of trust. The paper provides a snapshot of research work. It focuses on tailoring of the development paradigm based on the risk iden... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A prototype for Trusted X labeling policies

    Publication Year: 1990, Page(s):221 - 230
    Cited by:  Papers (6)  |  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (498 KB)

    The Trusted X Window System (TX/WS) is a prototype of the X Window System for the TMach (Trusted Mach) operating system. TX/WS is designed to support users manipulating information of different sensitivity labels simultaneously. In TX/WS, each top-level window on the screen may belong to a different application. These applications may be running at a variety of sensitivity labels. Each window is v... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An evaluation system for the physical security of computing systems

    Publication Year: 1990, Page(s):232 - 243
    Cited by:  Papers (3)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (866 KB)

    Physical security technology is being used more often to protect the integrity of computing systems and the assets they contain. A physical security rating system is defined in terms of the difficulty of mounting a successful physical attack against it, quality assurance documentation and system testing. An evaluation system is presented for determining adequate physical security, as a function of... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A brief comparison of two different environmental guidelines for determining 'levels of trust' (computer security)

    Publication Year: 1990, Page(s):244 - 250
    Cited by:  Papers (2)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (449 KB)

    Presents a concise summary and comparison of two environmental guidelines for secure systems: one developed by the National Computer Security Centre (i.e., the 'yellow books') and a competing methodology proposed by (C. Landwehr et al., 1985) of the US Navy. Both methodologies are described and applied to a hypothetical example along with a discussion of the strengths and weaknesses of each.<&l... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Proceedings of the Sixth Annual Computer Security Applications Conference (Cat. No.90TH0351-7)

    Publication Year: 1990
    Request permission for reuse | PDF file iconPDF (29 KB)
    Freely Available from IEEE