Scheduled System Maintenance
On Tuesday, May 22, IEEE Xplore will undergo scheduled maintenance. Single article sales and account management will be unavailable
from 6:00am–5:00pm ET. There may be intermittent impact on performance from noon–6:00pm ET.
We apologize for the inconvenience.

[Proceedings 1988] Fourth Aerospace Computer Security Applications

12-16 Sept. 1988

Filter Results

Displaying Results 1 - 25 of 52
  • Fourth Aerospace Computer Security Applications Conference (IEEE Cat. No.CH2619-5)

    Publication Year: 1988
    Request permission for commercial reuse | PDF file iconPDF (558 KB)
    Freely Available from IEEE
  • Ensuring software integrity

    Publication Year: 1988, Page(s):323 - 330
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (492 KB)

    The authors describe an approach to ensuring the integrity of software during development. The approach minimizes the need for a physically secure computing facility by allowing much of the software development to take place in an `open' environment. The approach relies on the strict enforcement of a set of procedures to effectively counter threats (Trojan Horse insertion, attacks on secure storag... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • System security in the Space Flight Operations Center

    Publication Year: 1988, Page(s):426 - 430
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (480 KB)

    The Space Flight Operations Center is a networked system of workstation-class computers that will provide ground support for NASA's (US National Aeronautics and Space Administration's) next generation of deep-space missions. The author recounts the development of the SFOC system security policy and discusses the various management and technology issues involved. Particular attention is given to ri... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On the control and dissemination of information concerning security flaws and their corrections

    Publication Year: 1988, Page(s):221 - 225
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (572 KB)

    The author remarks that there seems to be no nationwide, organized, widely known system that controls the security flaw information disclosure process and maximizes the dissemination or fix implementation rate of flaw or fix information. He explores various facets of this problem and examines current practices and alternative approaches for the future. Specifically, he explores the most prevalent ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A taxonomy of the causes of proof failures in applications using the HDM methodology

    Publication Year: 1988, Page(s):419 - 423
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (376 KB)

    A methodology for formal verification and validation based on HDM (Hierarchical Development Methodology) is described. The HDM formula generator and theorem prover is used to perform data flow analysis on the system specification. In applying this methodology, the author discovered that although there may be a large number of individual proof failures, there were always only a small number of dist... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Telling the goodguys: disseminating information on security holes

    Publication Year: 1988, Page(s):216 - 218
    Cited by:  Papers (1)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (200 KB)

    The author discusses what should be done by a software vendor when the product has a security flaw. One alternative, which the author discounts, is to hide the problem and hope it will not be discovered. The alternative, favored by the author, is to widely publicize the patch, hoping that `badguys' will not reverse engineer it to discover the hole. Several variations are proposed, including distri... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Denial of service flaws in SDI software-an initial assessment

    Publication Year: 1988, Page(s):22 - 29
    Cited by:  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (776 KB)

    The author provides a tutorial and survey into the denial-of-service aspect of computer security. Definitions from existing literature are presented, and several categorizations of potential denial-of-service flaws are provided with examples from actual cases. Methods for providing preventive resistance against denial-of-service threats as well as mechanisms for detection and recovery from denial-... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A model for secure distributed computations in a heterogeneous environment

    Publication Year: 1988, Page(s):233 - 241
    Cited by:  Papers (2)  |  Patents (15)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (756 KB)

    The author presents a model for secure distributed computations in a multilevel security, heterogeneous environment, called the multimember session model. This model does not place any restrictions on the computations using it, nor does it require any modification of security policies of local secure operating systems. It provides isolation between unrelated computations, and it ensures that the i... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Software security evaluation based on a top-down McCall-like approach

    Publication Year: 1988, Page(s):414 - 418
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (296 KB)

    The authors present a methodology for software security evaluation and certification. A systematic approach has been used to build software security throughout the whole life cycle. This leads to using specific development and certification techniques according to the initial risk and vulnerability analysis. In the security certification process, it is of prime importance to measure the specific s... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Characterizing network covert storage channels

    Publication Year: 1988, Page(s):275 - 279
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (424 KB)

    A novel characterization is presented for covert channels in stand-alone systems. This characterization is used to examine the nature of covert channels in computer networks. Most network covert channels are shown to reduce to covert channels in standalone systems. The remaining identified network covert channels are identified to be examples of a more general Trojan horse leakage problem. The sea... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Dual labels revisited [computer security]

    Publication Year: 1988, Page(s):167 - 172
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (492 KB)

    The utility and need for trusted labels used for functions other than access control is discussed. The author shows that information labels serve functions separate and distinct from that of sensitivity labels. In some instances, they function in capacities that are beyond the abilities of standard single-label-based systems. It is also shown that attempting to incorporate the marking function int... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Retrofitting and developing applications for a trusted computing base

    Publication Year: 1988, Page(s):212 - 215
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (292 KB)

    The authors discuss the concept of a software analysis procedure to aid in the conversion of existing applications and in the development of applications for use with a trusted computing base (TCB). In this procedure, the system processes are broken down into small entities that permit detailed analysis to ensure that the trusted processes will be at the absolute minimum. The use of this analysis ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • UNIX Guardians: active user intervention in data protection

    Publication Year: 1988, Page(s):199 - 204
    Cited by:  Papers (1)  |  Patents (12)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (452 KB)

    The GUARDNIX system is tailored for user participation in the protection of data. The system, an enhanced 4.2 BSD Unix, utilizes a special class of processes called Guardians to change normally passive files into active objects. Multiple processors are used to physically separate normal processes from the main operating system kernel. Data is provided additional protection by using cryptography. T... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Privacy enhanced electronic mail

    Publication Year: 1988, Page(s):16 - 21
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (500 KB)

    The progress of work at University College of London in implementing a prototype model of a privacy-enhanced messaging (PEM) system is reported. The design of model is specified by the DARPANET IAB Privacy Task Force RFC 1040. The model is one which provides privacy, integrity, and authentication of messages transmitted in a typical electronic-mail system. The design and implementation experience ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Encryption using random keys-a scheme for secure communications

    Publication Year: 1988, Page(s):410 - 412
    Cited by:  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (220 KB)

    An encryption scheme using a random key generator with memory is presented. This system generates a random sequence of encryption/decryption keys. A feedback mechanism is used to endow the key generator with memory, thereby making it difficult to infer the random key sequence from a partial sequence of keys. The random key sequence is independent of the encrypting algorithm and is particularly sui... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Integrity controls for military and commercial applications

    Publication Year: 1988, Page(s):298 - 322
    Cited by:  Papers (4)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (2028 KB)

    Because it is generally not possible to prevent the destruction or alteration of data when objects are stored or transmitted outside the security perimeter of a TCB (trusted computer base), the emphasis is placed on detecting any illicit data, including the results of computer viruses and Trojan Horse programs, using cryptographic checksums and digital signature techniques. It is concluded that a ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Developing secure systems: issues and solutions

    Publication Year: 1988, Page(s):183 - 190
    Cited by:  Patents (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (732 KB)

    Specific issues associated with the development of secure systems are described. The authors focus on what an application of a mathematically-based development method means, within the constraints of a traditional development process. They then describe their experiences in the development of a secure internet system, the Multinet Gateway System. The description outlines the solutions developed in... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Query processing in LDV: a secure database system

    Publication Year: 1988, Page(s):118 - 124
    Cited by:  Papers (2)  |  Patents (15)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (668 KB)

    An overview is given of the query processing of the multilevel secure database management system (MLS/DBMS), LOCK Data Views (LDV), for the secure distributed Data Views contract. The authors summarize design issues such as data distribution, polyinstantiation, and response assembly. They show the need for a security policy for a database system that builds on the classical security policies for o... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security protection based on mission criticality

    Publication Year: 1988, Page(s):228 - 232
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (372 KB)

    Developments connected with security protection based on mission criticality at the US Department of Defense (DoD) are discussed. It is shown that assurance of service can be achieved as part of the design, thereby making availability in the presence of malicious threat an integrity problem. There are two approaches to simultaneously deal with both sensitivity and criticality policies: a restricti... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Some results from the entity/relationship multilevel secure DBMS project

    Publication Year: 1988, Page(s):66 - 71
    Cited by:  Papers (16)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (504 KB)

    A multilevel secure version of the entity/relationship (E/R) data model has been developed. Its multilevel secure properties are based on three principles: the granularity principle, the dependency principle, and the determinacy principle. These three principles are proposed as fundamental to the design of multilevel secure data models and databases. A comparison of the multilevel E/R model and th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The cascading problem for interconnected networks

    Publication Year: 1988, Page(s):269 - 274
    Cited by:  Papers (8)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (416 KB)

    One potential problem that must be faced when using the interconnected accredited system approach of the trusted network interpretation is cascading. The authors introduce some proofs showing that a simple nesting condition is sufficient and sometimes necessary to prevent cascading. They give a Prolog program that finds all cascading paths View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An alternative implementation of the reference monitor concept [military messaging, secure]

    Publication Year: 1988, Page(s):159 - 166
    Cited by:  Papers (1)  |  Patents (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (608 KB)

    Research into the multilevel secure automated exchange of military messages is reported. This work represents approaches to `designed-in security that are not based on the security kernal and Bell/LaPadula model approaches that have dominated military message systems and the industry. Instead, the approach is based on the concept of a network of communicating finite-state machines. The resulting p... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Industry and government DBMS security and privacy needs-a comparison

    Publication Year: 1988, Page(s):99 - 105
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (556 KB)

    An overview of the database security requirements for both the private and government sectors is presented. It is concluded that both sectors require database management systems (DBMSs) capable of supporting secrecy and integrity policies. However, the government counts secrecy as the more important consideration because its data affects the lives and privacy of every citizen. The private sector c... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Minix security policy model

    Publication Year: 1988, Page(s):393 - 399
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (560 KB)

    The author describes how the Bell-La Padula model might be applied to the current, unrated Minix operating system. Also discussed are security issues pertaining to inherited accesses and the method used to characterize the Minix file permissions in terms of the more general access matrix model View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The importance of high assurance computers for command, control, communications, and intelligence systems

    Publication Year: 1988, Page(s):331 - 342
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1112 KB)

    The authors discuss the available alternatives for building multilevel secure automated command, control, communications, and intelligence systems (CCCI systems). It is concluded that the only way to have a high degree of confidence that the anticipated threat can be countered is to base a CCCI system on a TCB (trusted computer base) having a security kernel (i.e., on a Class B3 or A1 TCB rather t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.