Proceedings 12th Annual Computer Security Applications Conference

9-13 Dec. 1996

Filter Results

Displaying Results 1 - 25 of 30
  • Security Applications Conference [front matter]

    Publication Year: 1996, Page(s):iii - vii
    Request permission for reuse | PDF file iconPDF (186 KB)
    Freely Available from IEEE
  • The Internet rules but the emperor has no clothes

    Publication Year: 1996, Page(s):XIV - XIX
    Cited by:  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (586 KB)

    Today's Internet is a virtually free resource. Its existence is based upon end-users freely communicating in an open environment. However, this free and open environment does not imply any value beyond the ability to communicate. Thus most of the information currently being exchanged is not deemed "valuable" in the business sense. However, as more and more business-related information is made avai... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An evaluation of the Java security model

    Publication Year: 1996, Page(s):2 - 14
    Cited by:  Papers (2)  |  Patents (10)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1403 KB)

    Java is a new programming language that has been developed by Sun Microsystems. They claim that Java has a number of advantages over traditional programming languages. One of these advantages is the ability to execute untrusted programs in a secure environment. After a brief introduction to the Java language this paper investigates the problems that would arise when running untrusted programs with... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Implementing security policy in a large defence procurement

    Publication Year: 1996, Page(s):15 - 23
    Cited by:  Papers (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1115 KB)

    At the 1993 ACSAC conference a previous paper was presented describing the security policy developed for a large, integrated defence procurement, the United Kingdom Royal Air Force Logistics Information Technology System (LITS). The current paper describes some of the practical difficulties encountered in implementing that security policy during subsequent stages of the LITS system development. Is... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An authenticated camera

    Publication Year: 1996, Page(s):24 - 30
    Cited by:  Papers (5)  |  Patents (12)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (595 KB)

    We develop protocols for an authenticated camera that allows people to verify that a given digital image was taken by a specific camera at a specific time and specific place. These protocols require interaction between the camera and base station both before and after a series of images are taken. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A case study of two NRL Pump prototypes

    Publication Year: 1996, Page(s):32 - 43
    Cited by:  Papers (5)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (932 KB)

    As computer systems become more open and interconnected, the need for reliable and secure communication also increases. The NRL (Naval Research Laboratory) Pump was introduced by Kang and Moskowitz (1993) to balance the requirements of reliability, congestion control, fairness and good performance against those of threats from covert channels and denial-of-service attacks. In this paper, we descri... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Asymmetric isolation

    Publication Year: 1996, Page(s):44 - 54
    Cited by:  Papers (5)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1254 KB)

    Examines a surprisingly simple application of unidirectional security that supports essentially risk-free MLS (multi-level security). It is an unusual environment because security rules can be absolutely enforced. Not only security violations, but also multi-level communication handshaking and most downgrading is not simply disallowed, but prevented. Experiments conducted using hardware multiple s... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Starlight: Interactive Link

    Publication Year: 1996, Page(s):55 - 63
    Cited by:  Papers (11)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (955 KB)

    The Interactive Link forms part of a suite of products being developed as part of the Starlight research program. This research program is investigating methods for achieving military-relevant information security capabilities which are genuinely cost-effective. The Interactive Link is a retrofittable device which fits to commercial off-the-shelf workstations and PCs which are connected to classif... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Common Criteria Activities And Alternative Assurance

    Publication Year: 1996, Page(s): 65
    Request permission for reuse | PDF file iconPDF (73 KB)
    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Sse-CMM Pilot Results

    Publication Year: 1996, Page(s): 67
    Request permission for reuse | PDF file iconPDF (68 KB)
    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security measures for the Austrian "PAYCHIP" electronic purse application

    Publication Year: 1996, Page(s):69 - 77
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (812 KB)

    Shows a management-oriented description of the background, design principles and security measures of the Austrian nationwide electronic purse scheme ("QUICK"), as well as an experience report about the ongoing process of stating a national security policy and evaluating the level of security for the electronic purse. The considerations address decision-makers and experts interested in the practic... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On the design of secure electronic payment schemes for Internet

    Publication Year: 1996, Page(s):78 - 87
    Cited by:  Papers (2)  |  Patents (4)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (918 KB)

    Considers the design of secure electronic credit card based payment schemes for the Internet, and reveals some of the issues that have not been adequately addressed in the proposed protocols to date. This paper proposes additional mechanisms that need to be incorporated as part of the design phase of the scheme to deal efficiently with the disputes that can arise. The design methods described in t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Innovative secure payments on the Internet using the German electronic purse

    Publication Year: 1996, Page(s):88 - 93
    Cited by:  Papers (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (538 KB)

    In this paper, an innovative and secure method for payments on the Internet is described which uses the German electronic purse. We describe how the method of payment using the German electronic purse is used today at off-line terminals at the merchant's site. The security mechanisms of the payment system are described in detail. We discuss the adaption of this method to secure payments on the Int... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Proxies for anonymous routing

    Publication Year: 1996, Page(s):95 - 104
    Cited by:  Papers (19)  |  Patents (37)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1006 KB)

    Using traffic analysis, it is possible to infer who is talking to whom over a public network. This paper describes a flexible communications infrastructure, called onion routing, which is resistant to traffic analysis. Onion routing lies just beneath the application layer, and is designed to interface with a wide variety of unmodified Internet services by means of proxies. Onion routing has been i... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Design choices for symmetric key based inter-domain authentication protocols in distributed systems

    Publication Year: 1996, Page(s):105 - 116
    Cited by:  Patents (14)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (928 KB)

    Authentication is a key requirement in the establishment of secure interactions between network entities. Several authentication and key establishment protocols have been proposed in recent years. Most of these protocols were designed for an intra-domain environment (i.e. one where the communicating parties reside in a single domain) and then extrapolated to the inter-domain environment. In this p... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Verifying the correctness of cryptographic protocols using "Convince"

    Publication Year: 1996, Page(s):117 - 128
    Cited by:  Papers (4)  |  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1025 KB)

    The paper describes Convince, a tool being developed to facilitate the modeling and analysis of cryptographic protocols, particularly those supporting authentication. Convince uses a belief logic to facilitate the analysis and proof of desired properties of these protocols. Convince incorporates in its front-end a commercial computer aided software engineering tool, StP/OMT, so that an analyst can... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security issues in an EDI environment

    Publication Year: 1996, Page(s):129 - 136
    Cited by:  Papers (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (816 KB)

    EDI (Electronic Data Interchange) means electronic transmission, processing, and storage of commercial, business, or trade related documents. The paper surveys the security threats posed to an EDI system, and outlines the techniques and services used to counter these threats. Most importantly, the paper has gone into great depth to address an EDI specific security requirement-non repudiation of re... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security And The National Telecommunications Infrastructure

    Publication Year: 1996, Page(s): 138
    Request permission for reuse | PDF file iconPDF (69 KB)
    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using Fortezza for transparent file encryption

    Publication Year: 1996, Page(s):140 - 147
    Cited by:  Papers (1)  |  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (740 KB)

    SISTex's Assure(R) Basic product provides security features including access controls and transparent file encryption (using the Data Encryption Standard) in a DOS/Windows environment. To meet the needs of certain customers, we converted the DES based file encryption to use NSA's Fortezza card, which uses the Skipjack algorithm. Despite our expectations, Fortezza was not a clean replacement for DE... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An extended capability architecture to enforce dynamic access control policies

    Publication Year: 1996, Page(s):148 - 157
    Cited by:  Patents (3)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (960 KB)

    Capability has been widely used as a fundamental mechanism for access control in distributed systems. When an object manager receives a capability from a user process for accessing an object, it verifies the genuineness of the capability and checks whether the access request is allowed with the access rights placed on the capability. Capabilities have been recognized to be more suitable than centr... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • SIGMA: security for distributed object interoperability between trusted and untrusted systems

    Publication Year: 1996, Page(s):158 - 168
    Cited by:  Papers (2)  |  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1184 KB)

    The SIGMA project is researching the integration and interoperation of security technologies into distributed computing environments based on CORBA, the Common Object Request Broker Architecture. The architectural results described in the paper are focused on security technologies that allow controlled, selective exchange of object oriented services among separate distributed systems that differ i... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Operation chain link: the deployment of a firewall at Hanscom Air Force Base

    Publication Year: 1996, Page(s):170 - 177
    Cited by:  Patents (3)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (670 KB)

    In March 1995, the Electronic Systems Center (ESC) based at the Hanscom Air Force Base (AFB), Massachusetts, commissioned the development and installation of a firewall around its unclassified network. Heightened awareness of Internet threats, concern over results of recent network security assessments, and a hacker break-in at a sister Air Force installation prompted this action. The paper addres... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Mandatory protection for Internet server software

    Publication Year: 1996, Page(s):178 - 184
    Cited by:  Papers (1)  |  Patents (3)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (661 KB)

    Server software on the Internet is today's high point for software at risk. Ongoing reports of security flaws suggest that conventional Internet server software packages are intrinsically vulnerable to "server overrun", an attack that subverts the server's behavior and causes it to run attack code instead. The attack code then penetrates other portions of the server host or site unless there are a... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using a proxy X server to facilitate COTS application integration

    Publication Year: 1996, Page(s):185 - 190
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (546 KB)

    The paper documents the development of a proxy X Window System server, XPatch, that facilitates integration of COTS applications on systems with trusted X Window system implementations. The XPatch design and architecture are described, portability issues addressed, and accreditation issues identified. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A comparison of multilevel structured query language (SQL) implementations

    Publication Year: 1996, Page(s):192 - 202
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (914 KB)

    The current commercial multilevel secure (MLS) database management system (DBMS) products provide extensions to SQL to support multilevel database applications. However, the DBMS vendors have implemented a variety of mechanisms that are both difficult to understand and ineffective in addressing a number of application concerns. The paper documents and compares the SQL extensions for Informix Onlin... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.