Network and Distributed System Security, 1997. Proceedings., 1997 Symposium on

10-11 Feb. 1997

Filter Results

Displaying Results 1 - 19 of 19
  • Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security

    Publication Year: 1997
    Request permission for reuse | PDF file iconPDF (261 KB)
    Freely Available from IEEE
  • Experimental results of covert channel limitation in one-way communication systems

    Publication Year: 1997, Page(s):2 - 15
    Cited by:  Papers (4)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1399 KB)

    With the increasing growth of electronic communications, it is becoming important to provide a mechanism for enforcing various security policies on network communications. This paper discusses our implementation of several previously proposed protocols that enforce the Bell-LaPadula (1973) security model. We also introduce a new protocol called "Quantized Pump" that offers several advantages, and ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Blocking Java applets at the firewall

    Publication Year: 1997, Page(s):16 - 26
    Cited by:  Papers (17)  |  Patents (9)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1111 KB)

    This paper explores the problem of protecting a site on the Internet against hostile external Java applets while allowing trusted internal applets to run. With careful implementation, a site can be made resistant to current Java security weaknesses as well as those yet to be discovered. In addition, we describe a new attack on certain sophisticated firewalls that is most effectively realized as a ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Continuous assessment of a Unix configuration: integrating intrusion detection and configuration analysis

    Publication Year: 1997, Page(s):27 - 35
    Cited by:  Papers (3)  |  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (928 KB)

    Computer security is a topic of growing concern because, on the one hand, the power of computers continues to increase at exponential speed and all computers are virtually connected to each other and because, on the other hand, the lack of reliability of software systems may cause dramatic and unrecoverable damage to computer systems and hence to the newly emerging computerized society. Among the ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Panel: The Security Of Downloadable Past, Present And Future

    Publication Year: 1997, Page(s): 38
    Request permission for reuse | PDF file iconPDF (91 KB)
    Freely Available from IEEE
  • An interface specification language for automatically analyzing cryptographic protocols

    Publication Year: 1997, Page(s):40 - 51
    Cited by:  Papers (13)  |  Patents (4)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1124 KB)

    This paper describes a simple interface specification language (ISL) for cryptographic protocols and their desired properties, and an automatic authentication protocol analyzer (AAPA) that automatically either proves-using an extension of the Gong, Needham, Yahalom (1990) belief logic-that specified protocols have their desired properties, or identifies precisely where these proof attempts fail. T... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Probable plaintext cryptanalysis of the IP security protocols

    Publication Year: 1997, Page(s):52 - 59
    Cited by:  Papers (6)  |  Patents (4)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (868 KB)

    The Internet Engineering Task Force (IETF) is in the process of adopting standards for IP-layer encryption and authentication (IPSEC). We describe how "probable plaintext" can be used to aid in cryptanalytic attacks, and analyze the protocol to show how much probable plaintext is available. We also show how traffic analysis is a powerful aid to the cryptanalyst. We conclude by outlining some likel... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Misplaced trust: Kerberos 4 session keys

    Publication Year: 1997, Page(s):60 - 70
    Cited by:  Papers (2)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1084 KB)

    One of the commonly accepted principles of software design for security is that making the source code openly available leads to better security. The presumption is that the open publication of source code will lead others to review the code for errors, however this openness is no guarantee of correctness. One of the most widely published and used pieces of security software in recent memory is th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Panel on security of the internet infrastructure

    Publication Year: 1997, Page(s): 72
    Request permission for reuse | PDF file iconPDF (100 KB)
    Freely Available from IEEE
  • Securing the Nimrod routing architecture

    Publication Year: 1997, Page(s):74 - 84
    Cited by:  Papers (13)  |  Patents (5)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1165 KB)

    This paper describes the work undertaken to secure Nimrod, a complex and sophisticated routing system that unifies interior and exterior routing functions. The focus of this work is countering attacks that would degrade or deny service to network subscribers. The work began with an analysis of security requirements for Nimrod, based on a hybrid approach that refines top-down requirements generatio... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Securing distance-vector routing protocols

    Publication Year: 1997, Page(s):85 - 92
    Cited by:  Papers (47)  |  Patents (4)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (773 KB)

    We analyze the security requirements of distance-vector routing protocols, identify their vulnerabilities, and propose countermeasures to these vulnerabilities. The innovation we propose involves the use of mechanisms from the path-finding class of distance-vector protocols as a solution to the security problems of distance-vector protocols. The result is a proposal that effectively and efficientl... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Reducing the cost of security in link-state routing

    Publication Year: 1997, Page(s):93 - 99
    Cited by:  Papers (32)  |  Patents (8)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (590 KB)

    Security in link-state routing protocols is a feature that is both desirable and costly. This paper examines the cost of security and presents two techniques for efficient and secure processing of link state updates. The first technique is geared towards a relatively stable internetwork environment while the second is designed with a more volatile environment in mind. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Securing Web access with DCE

    Publication Year: 1997, Page(s):102 - 108
    Cited by:  Patents (4)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (686 KB)

    Internet tools, especially Web browsers and servers, are being widely used for information access. However, these tools have some limitations in terms of the security available for those information accesses and of the robustness and availability of the infrastructure used to provide that security. This paper describes work done to utilize the security services and infrastructure of the Open Softw... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Panel: Security And The World-wide Web

    Publication Year: 1997, Page(s): 109
    Cited by:  Patents (5)
    Request permission for reuse | PDF file iconPDF (75 KB)
    Freely Available from IEEE
  • Hierarchical organization of certification authorities for secure environments

    Publication Year: 1997, Page(s):112 - 121
    Cited by:  Papers (2)  |  Patents (7)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1113 KB)

    The paper presents a model of hierarchical organization of certification authorities which can be applied to any open system network. In order to study the feasibility of the proposed model, a pilot experiment within a university environment is being carried out. The authors have developed an application which provides the users with security services using X.509 certificates. The authors have als... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Trust models in ICE-TEL

    Publication Year: 1997, Page(s):122 - 133
    Cited by:  Papers (2)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1242 KB)

    Public key certification provides mechanisms that can be used to build truly scaleable security services, such as allowing people who have never met to have assurance of each other's identity. Authentication involves syntactic verification of a certificate chain followed by a semantic look at the policies under which the certificates were issued. This results in a level of assurance that the ident... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Distributed authentication in Kerberos using public key cryptography

    Publication Year: 1997, Page(s):134 - 141
    Cited by:  Papers (22)  |  Patents (53)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (804 KB)

    The authors describe a method for fully distributed authentication using public key cryptography within the Kerberos ticket framework. By distributing most of the authentication workload away from the trusted intermediary and to the communicating parties, significant enhancements to security and scalability can be achieved as compared to Kerberos V5. Privacy of Kerberos clients is also enhanced. A... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Panel: Web Privacy And Anonymity

    Publication Year: 1997, Page(s): 144
    Request permission for reuse | PDF file iconPDF (70 KB)
    Freely Available from IEEE
  • Author index

    Publication Year: 1997, Page(s): 145
    Request permission for reuse | PDF file iconPDF (33 KB)
    Freely Available from IEEE