Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217)

7-11 Dec. 1998

Filter Results

Displaying Results 1 - 25 of 37
  • Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217)

    Publication Year: 1998
    Request permission for reuse | PDF file iconPDF (210 KB)
    Freely Available from IEEE
  • How to increase security in mobile networks by anomaly detection

    Publication Year: 1998, Page(s):3 - 12
    Cited by:  Papers (14)  |  Patents (8)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (177 KB)

    The increasing complexity of cellular radio networks yields new demands concerning network security. Especially the task of detecting, repulsing and preventing abuse both by in- and outsiders becomes more and more difficult. This paper deals with a relatively new technique that appears to be suitable for solving these issues, i.e. anomaly detection based on profiling mobile users. Mobility pattern... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An architecture for intrusion detection using autonomous agents

    Publication Year: 1998, Page(s):13 - 24
    Cited by:  Papers (143)  |  Patents (22)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (109 KB)

    The intrusion detection system architectures commonly used in commercial and research systems have a number of problems that limit their configurability, scalability or efficiency. The most common shortcoming in the existing architectures is that they are built around a single monolithic entity that does most of the data collection and processing. In this paper, we review our architecture for a di... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • NetSTAT: a network-based intrusion detection approach

    Publication Year: 1998, Page(s):25 - 34
    Cited by:  Papers (77)  |  Patents (14)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (109 KB)

    Network-based attacks have become common and sophisticated. For this reason, intrusion detection systems are now shifting their focus from the hosts and their operating systems to the network itself. Network-based intrusion detection is challenging because network auditing produces large amounts of data, and different events related to a single intrusion may be visible in different places on the n... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The RRA97 model for role-based administration of role hierarchies

    Publication Year: 1998, Page(s):39 - 49
    Cited by:  Papers (8)  |  Patents (11)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (231 KB)

    Role-based access control (RBAC) has recently received a lot of attention due to its flexibility, expressive power and simplicity in administration. In RBAC permissions are associated with roles and users are made members of roles thereby acquiring the associated permissions. Centralized management of RBAC in large systems is a tedious and costly task. An appealing possibility is to use RBAC itsel... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Role based access control framework for network enterprises

    Publication Year: 1998, Page(s):50 - 58
    Cited by:  Papers (12)  |  Patents (7)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (119 KB)

    A business's success depends on its ability to protect valuable business assets in an increasingly hostile environment. Protecting information requires a cost, not only in purchasing security components, but also in ensuring that those security components are properly managed. Role based access control (RBAC) shows promise for making security administration easier, thus reducing the cost of managi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Concentric supervision of security applications: a new security management paradigm

    Publication Year: 1998, Page(s):59 - 68
    Cited by:  Patents (20)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (127 KB)

    This paper questions the status quo regarding security management (SM) tools that function in an isolated, monolithic fashion. People work best by interacting with others and with their systems to see the "big picture" to interpret individual events. Our view of SM called concentric supervision of security applications (CSSA) is a continuous cycle of information flow. CSSA processing of status inf... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Application-level isolation to cope with malicious database users

    Publication Year: 1998, Page(s):73 - 82
    Cited by:  Papers (8)  |  Patents (3)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (139 KB)

    System protection mechanisms such as access controls can be fooled by authorized but malicious users, masqueraders, and misfeasors. Intrusion detection techniques are therefore used to supplement them. The capacity of these techniques, however is limited: innocent users may be mistaken for malicious ones while malicious users stay at large. Isolation is a method that has been applied to protect sy... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Maintaining security in firm real-time database systems

    Publication Year: 1998, Page(s):83 - 90
    Cited by:  Papers (18)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (64 KB)

    Many real-time database systems, such as military institutions and government agencies, are contained in environments that exhibit restricted access of information, where mandatory access control for security is required. Hence, in addition to timing constraints, real-time database systems have security constraints. Conventional multi-level secure database models are inadequate for time-critical a... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Towards an infrastructure for MLS distributed computing

    Publication Year: 1998, Page(s):91 - 100
    Cited by:  Papers (5)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (86 KB)

    Distributed computing owes its success to the development of infrastructure, middleware, and standards (e.g., CORBA) to support interoperability. The computing community has slowly recognized the need to protect information and has begun to develop commercial security infrastructures and standards. The US Government must protect national security information against unauthorized information flow. ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Protecting Web servers from security holes in server-side includes

    Publication Year: 1998, Page(s):103 - 111
    Cited by:  Papers (1)  |  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (69 KB)

    This paper first investigates and analyzes security holes concerning the use of server-side includes (SSI) in some of the most used Web server software packages. We show that, by exploiting features of SSI, one could seriously compromise Web server security. For example, we demonstrate how users can gain access to information they are not supposed to see, and how attackers can crash a Web server c... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Rule-based filtering for Java applets

    Publication Year: 1998, Page(s):112 - 119
    Cited by:  Papers (1)  |  Patents (12)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (103 KB)

    Java has been designed with a sophisticated security model that prevents applets downloaded from an untrusted network to attack the local system. However, malicious applets could exploit bugs in the virtual machine in order to gain access to system resources to perform unauthorized operations. The paper discusses the problem of intercepting such applets through a set of filtering rules that can be... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Controlling applets' behavior in a browser

    Publication Year: 1998, Page(s):120 - 125
    Cited by:  Papers (4)  |  Patents (7)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (61 KB)

    We discuss methods of protecting Java enabled Web browsers against malicious applets. Malicious applets involve denial of service, invasion of privacy and annoyance. Since system modification by applets is generally impossible because of the Java security concept, denial of service is of major concern. Invasion of privacy may be caused by applets staying resident in the browser and collecting info... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Wachet auf! Computer security and the millennium

    Publication Year: 1998, Page(s):129 - 133
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (32 KB)

    Sleepers awake! The Y2K Problem may or may not be a technological disaster. But either way, the aftermath of the technological problems will be legal problems. Litigation over who should have done what will include damage claims for failures of software and liability for failure to prepare. The legal problems will be a disaster, costing potentially trillions of dollars. Once the frenzy of litigati... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A scheme for analyzing electronic payment systems

    Publication Year: 1998, Page(s):137 - 146
    Cited by:  Papers (5)  |  Patents (3)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (92 KB)

    The paper presents a scheme for the design, analysis and comparison of electronic payment systems. Three systems are described in detail through this scheme. PayWord is a micro payment system designed by R. Rivest and A. Shamir (1995). It is efficient for repeated payments to the same vendor, and is designed to reduce the use of public key algorithms through the use of hash functions and fast symm... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Multifunctional smartcards for electronic commerce-application of the role and task based security model

    Publication Year: 1998, Page(s):147 - 154
    Cited by:  Papers (3)  |  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (47 KB)

    Electronic commerce demands different security requirements for its many different applications. In the near future one smartcard may be used for many electronic commerce applications, such as payment systems, access to banking services and financial transactions over the Internet. A role and task based security model (R&T model) can ensure a secure access to many different services through an... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Modelling secure and fair electronic commerce

    Publication Year: 1998, Page(s):155 - 164
    Cited by:  Papers (4)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (308 KB)

    Security and fairness in business transactions are basic requirements demanded by any participant in electronic markets. We propose COPS as an infrastructure for building adaptable electronic markets with main focus on security and fairness and MOSS as a methodology for analysing and modelling the security semantics of business transactions. Both are necessary to control the risks involved in deal... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security architecture for a virtual heterogeneous machine

    Publication Year: 1998, Page(s):167 - 177
    Cited by:  Papers (4)  |  Patents (2)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (54 KB)

    We describe security for a virtual heterogeneous machine (VHM). Our security architecture is based upon separation of services into four distinct domains. It is designed to take advantage of operating system support for domains, where available. We have chosen to use emerging public key technology as an interim solution to provide domain separation. A prototype demonstration of our architecture ha... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Authorization in enterprise-wide distributed system: a practical design and application

    Publication Year: 1998, Page(s):178 - 189
    Cited by:  Papers (1)  |  Patents (5)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (90 KB)

    As companies migrate from a centralized to a distributed computing environment, the administration and management of security policies, in particular authorization policies, is becoming an increasingly difficult task. The paper considers the design of an authorization system that is suitable for distributed applications. It discusses the architectural design principles, describes the constructs of... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Private desktops and shared store

    Publication Year: 1998, Page(s):190 - 200
    Cited by:  Papers (4)  |  Patents (5)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (145 KB)

    Modern interconnected computer systems handling classified information can be built using mainstream COTS software platforms. The technique provides each user with a private desktop in which to work, along with services for sharing data. Within a desktop, the user is helped to label their data. When data is shared, labelling prevents accidental compromise, but other measures defend against other f... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A hardware independent encryption model for ATM devices

    Publication Year: 1998, Page(s):205 - 211
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (536 KB)

    Faced with the migration towards broadband networking technologies, formerly visionary applications, as diverse as teleworking, telemedicine or electronic commerce, are expected to emerge to broad usage. This makes confidential communication in broadband networks a challenging basic condition. In this paper, we present an ATM encryption model that is focused on independence of both the hardware of... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Secure signaling and access control for ATM networks

    Publication Year: 1998, Page(s):212 - 222
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (76 KB)

    Asynchronous transfer mode (ATM) is seen to be a technology that allows flexibility, efficiency and manageable bandwidth on demand to be achieved in high-speed networks. ATM is able to support a variety of applications, including voice, video, image and data, with different quality-of-service (QoS) requirements. This paper addresses the design of security services in ATM networks. It considers the... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security services in an open service environment

    Publication Year: 1998, Page(s):223 - 234
    Cited by:  Papers (1)  |  Patents (2)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (154 KB)

    Emerging telecommunication services use, store or transmit sensitive personal data to form individual network services. We suggest an add-on approach to realize secure telecommunication services which saves the huge investments in the existing ISDN network infrastructure. This is done by adding trusted runtime environments that contain security functions to the existing service infrastructure. Thi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • ID-based cryptographic schemes using a non-interactive public-key distribution system

    Publication Year: 1998, Page(s):237 - 243
    Cited by:  Papers (4)  |  Patents (2)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (154 KB)

    Shamir (1984) proposed the idea of a cryptographic system based on identification information and presented an identity-based signature scheme. He also presented as an open problem to find an ID-based public-key cryptosystem or public-key distribution system. In the past, many ID-based public-key distribution systems have been proposed. However, none of these is an ID-based system in Shamir's sens... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Two improved algorithms and hardware implementations for key distribution using extended programmable cellular automata

    Publication Year: 1998, Page(s):244 - 249
    Cited by:  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (175 KB)

    Presents two efficient algorithms and a simple hardware structure for the implementation of Diffie-Hellman (1976) key exchange (DHKE) in GF(2/sup n/). The two algorithms investigated are an improved table look-up algorithm and a binary algorithm. The hardware structure is an extended programmable cellular automaton (PCA), which is much more flexible and can be used for key distribution and convent... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.