1980 IEEE Symposium on Security and Privacy

Included in the scope of the term "transborder data flows is the transmission over computer-communicational systems of automated data to be processed and stored in foreign data processing systems. A number of issues, including privacy protection and data security, arise in various transborder data flow (TDF) situations and are discussed in this paper, especially the potential effects on TDF of nat... View full abstract»

A protection model based on access control which gives formal definitions for the terms protection problem and safety is introduced. The model provides features for describing the manipulation of the contents of objects and extends the possibilities of the access matrix model. View full abstract»

In this paper we consider some problems related to database security. We first generalize the definition of compromise to the discovery of the value of some (generally complex) property about a class of individuals. For a given query we define implied queries and impose tests for safe response on both the query and implied queries. It is shown how this approach relates to the "tracker" concept. It... View full abstract»

A formal model of multilevel security systems is presented. We examine weaknesses of current security flow analysis mechanisms. A concept of expression flows is introduced, which allows us to use various techniques to certify systems that cannot be certified using current flow analysis techniques. We provide a method for generating static authorization requirements for systems in which authorizati... View full abstract»

A brief look back at the project undertaken by I.P. Sharp Associates for the U.S. Air Force and the Canadian Government on Relational DBMS Kernel design. Since the completion of the project, 3 years ago, several changes have occurred which alter our perception of the project and its results. A quick look at the future in this area is included. View full abstract»

The problem of statistical database confidentiality in releasing microdata is addressed through the use of approximate data-swapping. Here a portion of the microdata is replaced with a database that has been selected with approximately the same statistics. The result guarantees the confidentialityof the original data, while providing microdata with accurate statistics. Methods for achieving such t... View full abstract»

With the ever-increasing use of computers for storing large volumes of vital data, the problems involved in providing data security have been receiving very great attention from researchers. In this paper we try to investigate the various aspects of data security in a general-purpose Data Base Management System (DBMS). Data security concerns data manipulation which encompasses two phases : retriev... View full abstract»

Future information systems will involve the interconnection of databases through public networks, requiring the development of adequate security facilities within the local nodes in order to prevent unauthorized access and use of data. A key component of any security scheme is a set of lanuage primitives that define access rights; these language primitives must be combined with other language faci... View full abstract»

The information processors in a decentralized computing system must trust each other enough to be mutually supportive, yet they must also protect themselves to maintain autonomy. In a decentralized system, data security is especially important because the effects of compromise or sabotage can be so wide-ranging. The trusted function is an ad hoc solution to a problem with present data security mod... View full abstract»

The functions of secrecy, identification of the transmitter and of authentication of messages, and combinations of these, are in principle all achievable using either symmetric or asymmetric cryptosystems. Since secure communications depend on authenticated data exchanges between and/or authenticated actions by some of the parties to the communication, the fundamentals of authentication using symm... View full abstract»

In 1978, Merkle and Hellman introduced a knapsack-based public-key cryptosystem, which received widespread attention. The two major open problems concerning this cryptosystem are: (i) Security: How difficult are the Merkle-Hellman knapsacks? (ii) Efficiency: Can the huge key size be reduced? In this paper we analyze the cryptographic security of knapsack problems with small keys, develop a new (no... View full abstract»

In this paper, we present a scheme for distributing a key to n users in such a way as to require at least k of them (k < n) to be present to construct the original key. The scheme has the property that up to k - 1 defections can be tolerated. It can be implemented simply and efficiently. View full abstract»

Four methods for generating and distributing shared group encryption keys in a cryptographic system are described. All four methods can be used to implement secure broadcasts among groups of users in computer networks. Two methods use n secret keys to construct a master key for 2n -1 keys. View full abstract»

Common sense, David Kahn [KA67] and Gilles Brassard [BR79] all argue that there are no unbreakable cryptosystems. What, then, is to be made of the -- provably [D179a, pp. 399-400] unbreakable -- Vernam one-time pad? The somewhat surprising answer is that it is not a cryptosystem at all, but rather a key safeguarding scheme [BL79] used, as all such schemes can be, in the courier mode. This suggests... View full abstract»

When a system is designed to process several levels of classified information, a multi-tiered approach to system security is needed. The total security system should be divided into eight areas which cover: Separation of Authority Personnel Security Physical Security Emanation Security Terminal Security Operating System Security File Security Audit Trail The purpose of the security system is to en... View full abstract»

New Cryptographic protocols which take full advantage of the unique properties of public key cryptosystems are now evolving. Several protocols for public key distribution and for digital signatures are briefly compared with each other and with the conventional alternative. View full abstract»

Technology that allows significant sharing of computer resources carries with it an increased responsibility to protect these resources from un-authorized, malicioua, irresponsible, or unintended use or disclosure. The years have seen a progression of increasingly sensitive information made available in increasingly less supervised modes to a variety of users. Commercial users routinely store valu... View full abstract»

A methodology for demonstrating the security of trusted applications on a security kernel base is presented. The methodology consists of selecting and authenticating security criteria, and demonstrating through verification techniques that the implementation obeys the selected criteria. Difficulties encountered in the placement of a trusted application on top of a security kernel base motivated th... View full abstract»