Scheduled System Maintenance
On Tuesday, January 22, IEEE Xplore will undergo scheduled maintenance from 1:00-4:00 PM ET
During this time, there may be intermittent impact on performance. We apologize for any inconvenience.

Computer Security Applications Conference, 1999. (ACSAC '99) Proceedings. 15th Annual

6-10 Dec. 1999

Filter Results

Displaying Results 1 - 25 of 44
  • Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99)

    Publication Year: 1999
    Request permission for reuse | PDF file iconPDF (83 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 1999, Page(s):v - x
    Request permission for reuse | PDF file iconPDF (140 KB)
    Freely Available from IEEE
  • How to cheat at the lottery (or, massively parallel requirements engineering)

    Publication Year: 1999, Page(s):XIX - XXVII
    Cited by:  Papers (3)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (590 KB)

    Collaborative software projects such as Linux and Apache have shown that a large, complex system can be built and maintained by many developers working in a highly parallel, relatively unstructured way. The author reports on an experiment to see whether a high quality system specification can also be produced by a large number of people working in parallel with minimum communication. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Modular fair exchange protocols for electronic commerce

    Publication Year: 1999, Page(s):3 - 11
    Cited by:  Papers (7)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (104 KB)

    Recently, research has focused on enabling fair exchange between payment and electronically shipped items. The reason for this is the growing importance of electronic commerce and the increasing number of applications in this area. Although a considerable number of fair exchange protocols exist, they usually have been defined for special scenarios and thus only work under particular assumptions. F... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Trustworthy access control with untrustworthy Web servers

    Publication Year: 1999, Page(s):12 - 21
    Cited by:  Papers (4)  |  Patents (3)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (41 KB)

    If sensitive information is to be included in a shared Web, access controls will be required. However, the complex software needed to provide a Web service is prone to failure. To provide access control without relying on such software, encryption can be used. Bob is a prototype system that supports complex access control expressions through the transparent use of encryption. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A language for modelling secure business transactions

    Publication Year: 1999, Page(s):22 - 31
    Cited by:  Papers (6)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (97 KB)

    Among other areas, electronic commerce includes the fields of electronic markets and workflow management. Workflow management systems are usually used to specify and manage inter- and intra-organisational business processes. Although workflow management techniques are capable of specifying and conducting at least parts of market transactions, these techniques are not or are very rarely used for th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Safe areas of computation for secure computing with insecure applications

    Publication Year: 1999, Page(s):35 - 44
    Cited by:  Papers (5)  |  Patents (5)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (112 KB)

    Currently the computer systems and software used by the average user offer virtually no security. Because of this, many attacks, both simulated and real, have been described by the security community and have appeared in the popular press. The paper presents an approach to increase the level of security provided to users when interacting with otherwise unsafe applications and computing systems. Th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Architecture and concepts of the ARGuE Guard

    Publication Year: 1999, Page(s):45 - 54
    Cited by:  Papers (8)  |  Patents (11)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (127 KB)

    ARGuE (Advanced Research Guard for Experimentation) is a prototype guard being developed as a basis for experimentation. ARGuE is based on Network Associates' Gauntlet firewall. By integrating capabilities developed under several government programs, we were able to create a system which is easier to extend than other guards, provides significant new features (such as integration with an intrusion... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using abuse case models for security requirements analysis

    Publication Year: 1999, Page(s):55 - 64
    Cited by:  Papers (135)  |  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (40 KB)

    The relationships between the work products of a security engineering process can be hard to understand, even for persons with a strong technical background but little knowledge of security engineering. Market forces are driving software practitioners who are not security specialists to develop software that requires security features. When these practitioners develop software solutions without ap... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A parallel packet screen for high speed networks

    Publication Year: 1999, Page(s):67 - 74
    Cited by:  Papers (14)  |  Patents (10)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (114 KB)

    The paper demonstrates why security issues related to the continually increasing bandwidth of high speed networks (HSN) cannot be addressed with conventional firewall mechanisms. A single packet screen running on a fast computer is not capable of filtering all packets traversing a Fast/Gigabit Ethernet. This problem can be addressed by using parallel processing methods to implement a fast, scalabl... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An asynchronous distributed access control architecture for IP over ATM networks

    Publication Year: 1999, Page(s):75 - 83
    Cited by:  Patents (2)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (182 KB)

    We describe a new architecture providing an access control service in both ATM and IP-over-ATM networks. This architecture is based on agents distributed in network equipment. It is well known that distribution makes the management process more difficult. This issue is raised and we provide an algorithm to distribute the access control policy on our agents. The comparison with other approaches sho... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Secure communications in ATM networks

    Publication Year: 1999, Page(s):84 - 93
    Cited by:  Papers (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (82 KB)

    The ATM Forum international consortium recently approved the first version of its security specifications aiming to protect communications over Asynchronous Transfer Mode (ATM) networks by offering data confidentiality, partner authentication, etc. The paper describes the architecture of one of the first ATM Forum compliant security prototypes being currently developed in the European project SCAN... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using checkable types in automatic protocol analysis

    Publication Year: 1999, Page(s):99 - 108
    Cited by:  Papers (3)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (189 KB)

    The Automatic Authentication Protocol Analyzer, 2nd Version (AAPA2) is a fast, completely automatic tool for formally analyzing cryptographic protocols. It correctly identifies vulnerabilities or their absence in 43 of 51 protocols studied in the literature, and it finds errors in previously asserted authentication properties of two large commercial protocols. The paper describes the AAPA2 and its... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • SCR: a practical approach to building a high assurance COMSEC system

    Publication Year: 1999, Page(s):109 - 118
    Cited by:  Papers (7)  |  Patents (2)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (516 KB)

    To date, the tabular based SCR (Software Cost Reduction) method has been applied mostly to the development of embedded control systems. The paper describes the successful application of the SCR method, including the SCR* toolset, to a different class of system, a COMSEC (Communications Security) device called CD that must correctly manage encrypted communications. The paper summarizes how the tool... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Application-level isolation using data inconsistency detection

    Publication Year: 1999, Page(s):119 - 126
    Cited by:  Papers (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (106 KB)

    Recently, application-level isolation was introduced as an effective means of containing the damage that a suspicious user could inflict on data. In most cases, only a subset of the data items needs to be protected from damage due to the criticality level or integrity requirements of the data items. In such a case, complete isolation of a suspicious user can consume more resources than necessary. ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A prototype secure workflow server

    Publication Year: 1999, Page(s):129 - 133
    Cited by:  Papers (10)  |  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (61 KB)

    Workflow systems provide automated support that enables organizations to efficiently and reliably move important data through their routine business processes. For some organizations, the information processed by their workflow systems is highly valued and in need of protection from disclosure or corruption. Current workflow systems do not help organizations to adequately protect this important da... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Napoleon: a recipe for workflow

    Publication Year: 1999, Page(s):134 - 142
    Cited by:  Papers (3)  |  Patents (3)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (210 KB)

    The paper argues that Napoleon, a flexible, role-based access control (RBAC) modeling environment, is also a practical solution for enforcing business process control, or workflow policies. Napoleon provides two important benefits for workflow: simplified policy management and support for heterogeneous, distributed systems. We discuss our strategy for modeling workflow in Napoleon, and we present ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Tools to support secure enterprise computing

    Publication Year: 1999, Page(s):143 - 152
    Cited by:  Papers (2)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (146 KB)

    Secure enterprise programming is a difficult and tedious task. Programmers need tools that support different levels of abstraction and that track all the components that participate in distributed enterprises. Those components must cooperate in a distributed environment to achieve higher level goals. A special case of secure enterprise computing is multilevel secure (MLS) computing. Components tha... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An effective defense against first party attacks in public-key algorithms

    Publication Year: 1999, Page(s):155 - 160
    Cited by:  Papers (2)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (51 KB)

    This paper describes a method for assuring that user generated public and private key pairs are cryptographically strong. This assurance is achieved by limiting the number of attempts a user can make while generating the keys. Since it takes many billions of attempts to generate so-called "weak" keys, with any significant probability of success, our method precludes users from cheating. The descri... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Towards a practical, secure, and very large scale online election

    Publication Year: 1999, Page(s):161 - 169
    Cited by:  Papers (7)  |  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (167 KB)

    We propose a practical and secure electronic voting protocol for large-scale online elections. Our protocol satisfies a large set of important criteria that has never been put together in a single protocol before. Among all electronic voting schemes in the literature, Sensus, a security-conscious electronic voting protocol proposed by Cranor and Cytron (1997), satisfies most of our criteria. Sensu... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Design of LAN-Lock, a system for securing wireless networks

    Publication Year: 1999, Page(s):170 - 177
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (65 KB)

    Wireless LANs are becoming increasingly available, affordable and attractive due to their increasing speeds and decreasing costs, in addition to their ability to offer easy configuration and reconfiguration of nodes in a LAN. However, most commercial wireless LAN products have limited security over the link, and none that we are aware of use NSA-approved cryptographic methods. This paper describes... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Toward a taxonomy and costing method for security services

    Publication Year: 1999, Page(s):183 - 188
    Cited by:  Papers (25)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (22 KB)

    A wide range of security services may be available to applications in a heterogeneous computer network environment. Resource management systems (RMSs) responsible for assigning computing and network resources to tasks need to know the resource-utilization costs associated with the various network security services. In order to understand the range of security services all RMS needs to manage, a pr... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • TrustedBox: a kernel-level integrity checker

    Publication Year: 1999, Page(s):189 - 198
    Cited by:  Papers (7)  |  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (137 KB)

    There is a large number of situations in which computer security is unpopular. In fact, common users do not like too much restricted security policies. Usability is often preferred to security. Many users want to be free to use their computers to run untrusted applications. Moreover, it is not possible to require that every computer user is a security expert. As a consequence, it is very easy for ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Adding availability to log services of untrusted machines

    Publication Year: 1999, Page(s):199 - 206
    Cited by:  Papers (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (109 KB)

    Uncorrupted log files are the critical system component for computer forensics in case of intrusion and for real time system monitoring and auditing. Protection from tampering with information can be achieved using cryptographic functions that provide authenticity, integrity, and confidentiality. However, they cannot provide the prerequisite for any further information processing, i.e., informatio... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Policy-based management: bridging the gap

    Publication Year: 1999, Page(s):209 - 218
    Cited by:  Papers (16)  |  Patents (37)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (314 KB)

    In a policy-based system, policy goals are described with respect to network entities (e.g. networks and users) instead of enforcement points (e.g., firewalls and routers). This global view has several advantages: usability, global rules are closer to the goals of the human administrator; scalability, the policy system ensures that the enforcement points are configured appropriately, whether there... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.