1982 IEEE Symposium on Security and Privacy

26-28 April 1982

Filter Results

Displaying Results 1 - 22 of 22
  • Some Comments From The General Chairman

    Publication Year: 1982, Page(s): iii
    Request permission for reuse | PDF file iconPDF (56 KB)
    Freely Available from IEEE
  • Symposium Committee

    Publication Year: 1982, Page(s): iv
    Request permission for reuse | PDF file iconPDF (8 KB)
    Freely Available from IEEE
  • Non-Discretionery Controls for Commercial Applications

    Publication Year: 1982, Page(s): 2
    Cited by:  Papers (15)  |  Patents (2)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (681 KB)

    The lattice model of non-discretionary access control in a secure computer system was developed in the early Seventies[BIaP]. The model was motivated by the controls used by the Defense Department and other "nationalsecurity" agencies to regulate people's access to sensitive information. Since that time, the lattice model has enjoyed reasonable success in several computer systems used to process n... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security Policies and Security Models

    Publication Year: 1982, Page(s): 11
    Cited by:  Papers (345)  |  Patents (4)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (911 KB)

    We assune that the reader is familiar with the ubiquity of information in the modern world and is sympathetic with the need for restricting rights to read, add, modify, or delete information in specific contexts. This need is particularly acute for systems having computers as significant components. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Preliminary Neval Surveillance OBMS Sacurity

    Publication Year: 1982, Page(s): 21
    Cited by:  Papers (5)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1554 KB)

    This paper presents an informal security model for the use of data base management systems supporting Naval surveillance applications. The paper discusses why conventional security models are inadequate for data base needs. Also, the Naval surveillance system environment is described, followed by a description of the model and its application to Naval surveillance systems. The model itself is made... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Memoryless Inference Controls for Statistical Databases

    Publication Year: 1982, Page(s): 38
    Cited by:  Papers (3)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (540 KB)

    Statistical databases aim to provide frequencies, averages, and other statistics about groups of persons (or organizations), while protecting the confidentiality of the individuals represented in the database. This objective is difficult to achieve, as users of statistical databases have a host of inference techniques at their disposal for retrieving information about identifiable persons (e.g., s... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Protection in the OSKAR Opereting System: Goals, Concepts, Conseqeuences

    Publication Year: 1982, Page(s): 46
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (859 KB)

    Present protection mechanisms in operating Systems are usually dedicated to provide reliability within the operating system. This paper presents a design that can be used to solve basic information protection problems by means of the operating system as well. It is based on a uniform system structuring unit, called a subsystem, and allows rather fine grain protection strategies to be reallzed. Fur... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Kernel Isolation for the PDP-11/70

    Publication Year: 1982, Page(s): 57
    Cited by:  Papers (2)  |  Patents (4)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (835 KB)

    A security kernel is that part of operating system software responsible for controlling access to files and other resources. This report gives a paradigm for showing that a kernel can protect itself from destruction or tampering by user software, on the basis of the hardware and kernel software properties. An illustrative proof is carried out for DEC PDP-11 /70 hardware, with kernel properties tha... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Practical Approach to Identifying Storage and Timing Channels

    Publication Year: 1982, Page(s): 66
    Cited by:  Papers (9)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (809 KB)

    Recognizing and dealing with storage and timing channels when performing the security analysis of a computer system is an elusive task. Methods of discovering and dealing with these channels for the most part have been ad hoc, and those that are not are restricted to a particular specification language. This paper outlines a practical methodology for discovering storage and timing channels that ca... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Precise Information Flow Analysis by Program Verification

    Publication Year: 1982, Page(s): 74
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (498 KB)

    Information flow analysis algorithms for programs typically overestimate the amount of information flow that occurs in a program, since they must account for all paths through the computation graph, whether or not they are actually possible. This is the source of the information flow anomalies, which are simple situations not properly handled by syntactic information flow analysis. This paper intr... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Specification-to-Code Correlation

    Publication Year: 1982, Page(s): 81
    Cited by:  Papers (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (314 KB)

    System Development Corporation (SDC) has developed an informal approach for establishing correspondence (or lack thereof) between the formal specifications of a system and lower levels of specification, including implementation code. Establishing correspondence means showing that one level meets the intent of a higher lever. This paper presents the motivation, technique, and current SDC experience... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Privacy Protection in the 1980s

    Publication Year: 1982, Page(s): 86
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (410 KB)

    Privacy is a term with multiple meanings. However, in the context of automated record-keeping systems which contain personal data about individuals, "privacy" refers to the rights of individuals regarding the collection, storage, processing, circulation, and use of personal information about themselves (1-4). Synonymous terms in use are "fair information practices" and, in many countries abroad, "... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Specification of Key Distribution Protocols for Networks

    Publication Year: 1982, Page(s): 90
    Request permission for reuse | PDF file iconPDF (71 KB)
    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Accelerating Computer Security Innovation

    Publication Year: 1982, Page(s): 91
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (436 KB)

    This note is prompted by a number of observations. - After nearly twelve years of serious work on computer security, all that can be shown is two one-shot Å“brassboard' systems and one commercially supported product that integrates the DoD security policy into the operating system. - The first round of research results on computer security were useful and by 1975 the principles of secure computers ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Software Protection Scheme

    Publication Year: 1982, Page(s): 99
    Cited by:  Papers (5)  |  Patents (33)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (336 KB)

    We discuss a technological means of protecting software from unauthorized duplication and use, which does not at the same time limit its sale or distribution on rely on a trusted authority. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Shared Database Access using Composed Encryption Functions

    Publication Year: 1982, Page(s): 104
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (539 KB)

    This article presents a two-stage encryption method for sharing access to a database where no single agency or device can ever encrypt or decrypt the data directly. Thus an attack by an opponent would have to succeed at two separate points. The main tool needed is a secure cryptosystem closed under composition: encrypting and re-encrypting using two successive keys is equivalent to a single encryp... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Cryptographic Relational Algebra

    Publication Year: 1982, Page(s): 111
    Cited by:  Papers (1)  |  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (162 KB)

    Data protection in computer systems is a rather complex problem. Data has to be protected while it is in memory, during communication and while it is stored on mass storage devices. During computation the central processor executes instructions and operates on data that are in readable form. The problem of operating on encrypted data was first considered by Rivest et al [4]. However, notrivial pri... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Forward Search as a Cryptanalytic Tool Against a Public Key

    Publication Year: 1982, Page(s): 117
    Cited by:  Papers (6)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (569 KB)

    In symmetric cryptosystems that depend on a single (secret) key for both encryption and decryption, a cryptanalyst -- since the key is unknown to him -- must either work backward from the cipher or else from the cipher and some known pairs of plain-text messages and matching ciphers in attempting to recover the plaintext. In an asymmetric (two key) cryptosystem used in the public key, i.e., privac... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Digital Signitures with Blindfolded Arbitrators Who Cannot Form Alliances

    Publication Year: 1982, Page(s): 129
    Cited by:  Papers (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (646 KB)

    A brief comparative analysis of existing true and arbitrated digital signatures is presented. A new scheme for obtaining signatures which is a hybrid of conventional and public-key cryptosystems - is then proposed and its properties discussed. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Multilevel Secure Local Area Network

    Publication Year: 1982, Page(s): 137
    Cited by:  Papers (3)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (605 KB)

    This paper presents a high-level design for a local area network (LAN) that will support subscribers (terminals or hosts) operating at various security levels. Subscribers may be "single-level", which means they are untrusted and can operate at only one security level, or they may be "multilevel" and trusted to operate at a range of security levels [Nibaldi79]. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Practical Executive for Secure Communications

    Publication Year: 1982, Page(s): 144
    Cited by:  Papers (4)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1108 KB)

    Computer communication is now used in many endeavors in which security and privacy are important, both in government and in the private sector. To support the need for secure computer communication, Digital Technology Incorporated (DTI) has developed the Secure HUB** Executive (HUB), e verified secure operating system oriented toward supporting communications and other real-time applications. The ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Pooling, Splitting, and Restituting Information to Overcome Total Failure of Some Channels of Communication

    Publication Year: 1982, Page(s): 156
    Cited by:  Papers (4)  |  Patents (14)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1112 KB)

    This paper solves an analog of the problem which gave rise to the theory of error control codes by methods, of miniscule computational complexity, taken from the theory of TIPS (also called key safeguarding schemes, threshold schemes, secret sharing, key sharing, and IPS). The problem solved herein is the following. Information is flowing through several parallel channels from a sending node S to ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.