Proceedings. 1989 IEEE Symposium on Security and Privacy

1-3 May 1989

Filter Results

Displaying Results 1 - 25 of 34
  • Proceedings 1989 IEEE Symposium on Security and Privacy (Cat. No.89CH2703-7)

    Publication Year: 1989
    Request permission for commercial reuse | PDF file iconPDF (54 KB)
    Freely Available from IEEE
  • Symbol security condition considered harmful

    Publication Year: 1989, Page(s):20 - 46
    Cited by:  Papers (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (2328 KB)

    The author identifies. interprets, and examines the requirements in the Department of Defense trusted computer system evaluation criteria (TCSEC) for the application of formal methods to the system design. The requirements are placed in their historical context to trace their origin. The TCSEC is found to have eliminated some widely-accepted, and critical, security assurance and analysis processes... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Statistical models of trust: TCBs vs. people

    Publication Year: 1989, Page(s):10 - 19
    Cited by:  Papers (3)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (780 KB)

    The processes of granting security clearances to people and accrediting trusted computer systems are compared, both informally and using preliminary mathematical models of risk probabilities. The risk models support the validity of two hypotheses that were previously merely conjectures: (1) in determining an acceptable accreditation range for a computer one need only consider the highest classific... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Network security: the parts of the sum

    Publication Year: 1989, Page(s):2 - 9
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (536 KB)

    Attention is given to the three basic elements of network security, i.e. encryption, network protocols, and trusted computer system protocols. It is noted that each of these measures is needed to achieve overall network security and yet frequently the advocates of individual measures ignore the others for a variety of technical and/or doctrinal reasons. The author attempts to convey the importance... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Access meditation in a message passing kernel

    Publication Year: 1989, Page(s):66 - 72
    Cited by:  Papers (15)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (592 KB)

    The authors describe how mandatory and discretionary access mediation are performed in the trusted mach (TMach) kernel, a system that uses message passing as its primary means of communication both between tasks and with the kernel. As a consequence, control of interprocess communication in the TMach kernel is a central concern whereas controlled sharing of segments is the central focus in trusted... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A `new' security policy model

    Publication Year: 1989, Page(s):215 - 228
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1000 KB)

    A model of security is presented which integrates notions of confidentiality and integrity. This model has been developed to fulfil the needs of the RSRE SMITE project because existing modeling approaches proved to be inadequate. The authors introduce the model and subsequently compare and contrast it with existing approaches. Both an inductive confidentiality property and a noninductive integrity... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A proposal for a verification-based virus filter

    Publication Year: 1989, Page(s):319 - 324
    Cited by:  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (536 KB)

    An approach for filtering out programs that make unauthorized modifications is outlined. The approach is based on formal specification and verification techniques, is fail-safe, and does not require any special architectural support View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security issues in policy routing

    Publication Year: 1989, Page(s):183 - 193
    Cited by:  Papers (4)  |  Patents (10)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (780 KB)

    Most routing protocols, including proposed policy routing protocols, focus on environments where detection of an attack after it has taken place is sufficient. The authors explore the design of policy routing mechanisms for sensitive environments where more aggressive preventative measures are mandated. In particular, they detail the design of four secure protocol versions that prevent abuse by cr... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On the cell suppression by merging technique in the lattice model of summary tables

    Publication Year: 1989, Page(s):126 - 135
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (452 KB)

    The authors investigate the suitability of the cell suppression by merging (CSM) technique as an SDB (statistical database) protection mechanism, and give various heuristic algorithms for the minimum information loss. They first revise the definition for the information loss when query probabilities are taken into account. This definition reflects the actual utilization of cells in the lattice. Th... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A secure identity-based capability system

    Publication Year: 1989, Page(s):56 - 63
    Cited by:  Papers (37)  |  Patents (22)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (636 KB)

    The author presents the design of an identity-based capability protection system called ICAP, which is aimed at a distributed system in a network environment. The semantics of traditional capabilities are modified to incorporate subject identities. This enables the monitoring, mediating, and recording of capability propagations to enforce security policies. It also supports administrative activiti... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Chinese Wall security policy

    Publication Year: 1989, Page(s):206 - 214
    Cited by:  Papers (241)  |  Patents (14)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (568 KB)

    The authors explore a commercial security policy (the Chinese Wall) which represents the behavior required of those persons who perform corporate analysis for financial institutions. It can be distinguished from Bell-LaPadula-like policies by the way that a user's permitted accesses are constrained by the history of his previous accesses. It is shown that the formal representation of the policy co... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Defending systems against viruses through cryptographic authentication

    Publication Year: 1989, Page(s):312 - 318
    Cited by:  Papers (6)  |  Patents (174)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (448 KB)

    The author describes the use of cryptographic authentication for controlling computer viruses. The objective is to protect against viruses infecting software distributions, updates, and programs stored or executed on a system. The authentication determines the source and integrity of an executable, relying on the source to produce virus-free software. The scheme relies on a trusted (and verifiable... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Layering central authentication on existing distributed system terminal services

    Publication Year: 1989, Page(s):290 - 299
    Cited by:  Papers (1)  |  Patents (10)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (896 KB)

    An approach to the secure logon problem in distributed systems managed by a single authority is considered in which central authentication is layered onto existing terminal services. This approach suggests itself when a large installed base of computer systems that do not support central authentication already exists. Work to assess the feasibility of this approach was carried out. The results dem... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A model for specifying multi-granularity integrity policies

    Publication Year: 1989, Page(s):269 - 277
    Cited by:  Papers (7)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (760 KB)

    Systems which provide integrity controls are presented in terms of a request-response paradigm. This paradigm involves modeling the manner in which valid requests are made, a system's method of deciding whether or not to service a request, and the manner in which a system state are performed only in authorized ways. A novel feature of the model is that integrity policies, which are restrictions on... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Tea and I: an allergy [computer security]

    Publication Year: 1989, Page(s):178 - 182
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (452 KB)

    Problems associated with the application of the connectivity approach to computer system security are addressed. The failure of trusted connectivity to protect computer systems is indicated. The work is presented in the form of an allergy View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A model for secure information flow

    Publication Year: 1989, Page(s):248 - 258
    Cited by:  Papers (10)  |  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (600 KB)

    A model that characterizes systems that restrict information flow is proposed. The model, called the confinement model, provides greater flexibility in the binding of entities to their security classes than the current static case. A consequence of the nature of security class binding in the confinement model is its ability to enforce nontransitive information-flow policies. A framework of informa... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Formal model of a trusted file server

    Publication Year: 1989, Page(s):157 - 166
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (712 KB)

    The authors present a formal, mathematical model for a trusted file server (TFS) for a multilevel secure distributed computer system. The goal is to produce formal verification from the top-level specification down through code for the entire system of which a TFS is one component. By viewing the TFS as a black box, it is possible to specify its security as a relation that must hold invariantly be... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A security policy for an A1 DBMS (a trusted subject)

    Publication Year: 1989, Page(s):116 - 125
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (688 KB)

    A security policy for a multilevel secure relational database management system (DBMS) is stated. The DBMS is implemented as a trusted subject that can be hosted on any of a variety of secure operating systems. Accordingly, the policy is stated in two parts: (1) a generic policy for the operating-system TCB (trusted computing base) layer that states requirements that any operating system must meet... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • New methods for immediate revocation

    Publication Year: 1989, Page(s):48 - 55
    Cited by:  Papers (2)  |  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (516 KB)

    The author introduces two techniques for immediate revocation of access rights: revocation with event counts and revocation by chaining. The two algorithms are appropriate for shared and unshared page tables, respectively, and can be used for both access control list and capability-based systems. The proposed techniques are much simpler to implement and more efficient in operation than previous re... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A formal model for Unix setuid

    Publication Year: 1989, Page(s):73 - 83
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (632 KB)

    The Unix setuid (set user identification) mechanism is described in the context of the GEMSOS architecture. Motivation for modeling setuid is given, and modeling and policy requirements for the control of the setuid mechanism are presented. The GEMSOS formal security policy model is compared with the Bell and LaPadula model. The Bell and LaPadula model is shown not to admit the actions of a setuid... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A framework for expressing models of security policy

    Publication Year: 1989, Page(s):229 - 239
    Cited by:  Papers (8)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (908 KB)

    The authors first describe some issues that arise from the interplay between the security requirements for an integrated project support environment (IPSE) for the development of a trusted system, and the security requirements of the trusted system itself. All of these issues derive from security policy and the modeling of security policy. A framework is then presented which allows security polici... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • With microscope and tweezers: an analysis of the Internet virus of November 1988

    Publication Year: 1989, Page(s):326 - 343
    Cited by:  Papers (37)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1260 KB)

    In early November 1988 the Internet, a collection of networks consisting of 60,000 host computers implementing the TCP/IP protocol suite, was attacked by a virus, a program which broke into computers on the network and which spread from one machine to another. The authors present a detailed analysis of the virus program. The describe the lessons that this incident has taught the Internet community... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The hierarchical model of distributed system security

    Publication Year: 1989, Page(s):194 - 203
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (672 KB)

    A description is given of the hierarchical model (HM), an access matrix-based model used to define nondisclosure in distributed multilevel secure applications such as secure file systems, secure switches, and secure upgrade downgrade facilities. The HM explicitly encodes access rights, synchronization primitives, and indirection in its state matrix. Serializability of concurrent commands is formal... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using narrowing in the analysis of key management protocols

    Publication Year: 1989, Page(s):138 - 147
    Cited by:  Papers (20)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (888 KB)

    The author develops methods for analyzing cryptographic protocols using techniques developed for the solutions of equations in a term rewriting system. In particular, she describes a model of a class of cryptographic protocols and possible attacks on those protocols as term rewriting systems. She also describes a software tool based on the narrowing algorithm that can be used in the analysis of su... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Authenticated group key distribution scheme for a large distributed network

    Publication Year: 1989, Page(s):300 - 309
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (608 KB)

    The authors propose a decentralized key distribution scheme. In this scheme, there are as many local key centers as needed and each user needs to select a key center at which to register when first joining the network. The most significant feature of the method is that each center needs only a single secret key. All personal keys that it needs for delivering encrypted keys to groups of users can b... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.