Tenth Annual Computer Security Applications Conference

5-9 Dec. 1994

Filter Results

Displaying Results 1 - 25 of 33
  • Tenth Annual Computer Security Applications Conference

    Publication Year: 1994
    Request permission for commercial reuse | PDF file iconPDF (51 KB)
    Freely Available from IEEE
  • Security concerns for distributed systems

    Publication Year: 1994, Page(s):12 - 20
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (704 KB)

    One of the stated purposes of the Trusted Computer System Evaluation Criteria (TCSEC) is “to provide a standard to manufacturers as to what security features to build into their new and planned commercial products in order to provide widely available systems that satisfy trust requirements (with particular emphasis on preventing the disclosure of data) for sensitive applications”. The ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A secure Email gateway (building an RCAS external interface)

    Publication Year: 1994, Page(s):202 - 211
    Cited by:  Papers (1)  |  Patents (47)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (852 KB)

    Fielding secure computer systems requires tradeoffs between functionality, flexibility, and security to meet the users' needs. Multilevel secure (MLS) computer systems provide better control over classified information than traditional systems and allow users from a diverse population access to information they need while protecting sensitive data. Users want the functionality of non-MLS computer ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security for the Common Object Request Broker Architecture (CORBA)

    Publication Year: 1994, Page(s):21 - 30
    Cited by:  Papers (1)  |  Patents (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (840 KB)

    Over the last several years, there has been an emphasis on distributed client/server computing in business as well as government. A useful means of achieving this capability is through the use of object technology. Distributed object systems offer many benefits, such as downsizing and right sizing, resulting in a trend toward small, modular, commercial or government off-the-shelf components as a m... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The MITRE security perimeter

    Publication Year: 1994, Page(s):212 - 218
    Cited by:  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (596 KB)

    To protect MITRE's unclassified computing resources from unauthorized use, MITRE maintains a network firewall between the MITRE corporate network and the Internet, and limits dial-in to three modem pools. The firewall limits Internet connectivity to a small set of computer systems called boundary hosts. The boundary hosts and the modem pools use a smartcard-based user authentication scheme to ensu... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Availability: theory and fundamentals for practical evaluation and use

    Publication Year: 1994, Page(s):258 - 264
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (480 KB)

    What the currently available security criteria are still missing is a functional structure of the concept of availability. The intention of the article is to define a functional structure of the concept of availability in terms of basic functions, similar to the Generic Headings in the ITSEC (IT Security Criteria). The article gives the basic definitions and terms as well as a terminological intro... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Benchmarking multilevel secure database systems using the MITRE benchmark

    Publication Year: 1994, Page(s):86 - 95
    Cited by:  Papers (1)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (804 KB)

    Multilevel secure (MLS) DBMSs are subject to a number of security-related architectural and functional factors that affect performance. These factors include, among others, the distribution of data among security levels, the session levels at which queries are run, and how the database is physically partitioned into files. In this paper, we present a benchmark methodology, a test database design, ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A practical approach to user authentication

    Publication Year: 1994, Page(s):108 - 116
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (592 KB)

    A method for user authentication is presented which analyzes keystroking data as the user types his or her name. This study utilizes the ADALINE (ADAptive LINear Element) and backpropagation neural nets to identify the typing pattern characteristic of a particular user. A simple measure of geometric distance is also used for comparison. This paper provides a brief introduction to this type of neur... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • STU-III-multilevel secure computer interface

    Publication Year: 1994, Page(s):170 - 179
    Cited by:  Papers (2)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (928 KB)

    The interconnection of the STU-III (Secure Telephone Unit) and a multilevel secure (MLS) host computer is a layered composition of systems. The composed systems that form the layers result from the connection processing done to establish the host-to-host link. To ensure that the system represented by each composed layer is consistent with the security policy, an additional agent must be added to t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Editorial: a view of cryptography in TCSEC products

    Publication Year: 1994, Page(s):308 - 309
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (196 KB)

    The U.S. National Computer Security Center (NCSC) recently announced a change in its historical policy of not accepting encryption of any kind as a protection mechanism for TCSEC evaluated products. This editorial presents an view of this change from a vendor's perspective and raises some of the issues associated with the new policy View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Composing system integrity using I/O automata

    Publication Year: 1994, Page(s):34 - 43
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (580 KB)

    The I/O automata model of Lynch and Turtle (1987) is summarized and used to formalize several types of system integrity based on the control of transitions to invalid starts. Type-A integrity is exhibited by systems with no invalid initial states and that disallow transitions from valid reachable to invalid states. Type-B integrity is exhibited by systems that disallow externally-controlled transi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • EINet: a secure, open network for electronic commerce

    Publication Year: 1994, Page(s):219 - 226
    Cited by:  Patents (31)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (740 KB)

    Corporate users are by far the most rapidly growing segment of the Internet community, supplementing the existing base of government and academic users. Both corporate and government organizations want to use the Internet to “integrate” their enterprises, and foresee using the Internet to conduct electronic commerce as well. However, the lack of security services on the Internet deters... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The design of an audit trail analysis tool

    Publication Year: 1994, Page(s):126 - 132
    Cited by:  Papers (1)  |  Patents (23)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (516 KB)

    Discusses the design of a tool that automatically removes security-sensitive information from intruder activity log files collected at a compromised site. The sanitization of sensitive information enables researchers to study the log files without further compromising the security of the affected sites. This paper begins with a brief discussion of the importance of such a tool and a description of... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Ops/Intel interface lessons learned: the integrator's perspective

    Publication Year: 1994, Page(s):268 - 277
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (888 KB)

    This paper describes our experiences in integrating and fielding the Operations/Intelligence (Ops/Intel) Interface. The Ops/Intel Interface integrates secure commercial off-the-shelf (COTS) technology with untrusted applications to produce a trusted Ops/Intel workstation. The Ops/Intel Interface enables the intelligence analyst to bridge the gap between the Sensitive Compartmented Information and ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A practical approach to high assurance multilevel secure computing service

    Publication Year: 1994, Page(s):2 - 11
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (968 KB)

    Current projects aimed at providing MLS computing services rarely seem to exploit advances in related fields. Specifically, the concepts of data distribution, replication, and interoperation are currently receiving much attention in the commercial database system sector but have yet to be applied to the delivery of MLS computing services. This paper explains how these concepts might kelp deliver M... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A validated security policy modeling approach

    Publication Year: 1994, Page(s):189 - 200
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1032 KB)

    The paper presents a security policy modeling approach that can be applied to many types of systems, including networks and distributed systems. The approach is driven by security requirements and by system architecture. It is compatible with the modeling principles offered by recent modeling guidelines and the TCSEC modeling requirements at the B1-A1 assurance levels. The approach has been valida... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Role-based access control: a multi-dimensional view

    Publication Year: 1994, Page(s):54 - 62
    Cited by:  Papers (19)  |  Patents (11)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (648 KB)

    Recently there has been considerable interest in role-based access control (RBAC) as an alternative, and supplement, to the traditional discretionary and mandatory access controls (DAC and MAC) embodied in the Orange Book. The roots of RBAC can be traced back to the earliest access control systems. Roles have been used in a number of systems for segregating various aspects of security and system a... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The effects of trusted technology on distributed applications

    Publication Year: 1994, Page(s):246 - 255
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (928 KB)

    The paper examines the effect of trusted technology on a distributed application being transitioned to a trusted system. Two styles of operation are examined: restricting the operation of all components of the application to a single sensitivity level and allowing the user interface components of the application to operate across a range of sensitivity levels. Within these operational styles, the ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Architectural impact on performance of a multilevel database system

    Publication Year: 1994, Page(s):76 - 85
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (680 KB)

    Since protection and assurance are the primary concerns in multilevel secure (MLS) databases, performance has often been sacrificed in some known MLS database approaches. Motivated by performance concerns, a replicated architecture approach which uses a physically distinct back-end database management system for each security level is being investigated. This is a report on the behavior and perfor... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Organizing MLS databases from a data modelling point of view

    Publication Year: 1994, Page(s):96 - 105
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (776 KB)

    The conceptual and logical design of multilevel secure (MLS) database applications are treated in an integrated way. For the conceptual design, a powerful semantic data model is suggested in order to represent the data and security semantics of the application domain. For the logical design, a two-phase approach is developed. Phase one consists of the transformation of the database conceptualizati... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Property-based testing of privileged programs

    Publication Year: 1994, Page(s):154 - 163
    Cited by:  Papers (8)  |  Patents (19)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (820 KB)

    Addresses the problem of testing security-relevant software, especially privileged (typically, setuid root) and daemon programs in UNIX. The problem is important, since it is these programs that are the source of most UNIX security flaws. For some programs, such as the UNIX sendmail program, new security flaws are still being discovered, despite being in use for many years. For special-purpose sys... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Editorial: why bad things happen to good systems, and what to do about it

    Publication Year: 1994, Page(s):306 - 307
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (164 KB)

    Perfection in large software systems is improbable; therefore, it is prudent to enhance security by anticipating failures and preparing for contingencies. We propose an analogy with medicine, supporting curative as well as preventive action. Information technology (IT) security needs to allocate resources to contingency resolution mechanisms that can be used to complement prevention mechanisms View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Audit reduction and misuse detection in heterogeneous environments: framework and application

    Publication Year: 1994, Page(s):117 - 125
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (768 KB)

    Audit data analysis is a non-invasive method for security assurance that may be used to detect computer misuse and mitigate security risks in large, distributed, open architecture environments. In most real-world environments, the heterogeneous nature of the available audit data combined with environment-specific detection requirements makes it difficult to integrate re-usable detection mechanisms... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A prototype multilevel-secure DoD directory

    Publication Year: 1994, Page(s):180 - 188
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (684 KB)

    The US Department of Defense (DoD) has begun to plan for the implementation of a DoD Directory capability based on the CCITT X.500 series recommendations, which define the data communication network directory. The DoD Directory statement of requirements has established the need to hold data of different classifications (UNCLASSIFIED to SECRET) and to serve users with different clearances. We descr... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Applying the Abadi-Lamport composition theorem in real-world secure system integration environments

    Publication Year: 1994, Page(s):44 - 53
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (904 KB)

    This paper describes research that addresses application of the Abadi Lamport Composition theorem to the integration of real-world systems. The Formal Development Methodology (FDM) was used to describe system and component security properties, including access control, label consistency, and communications constraints. These descriptions were then used as input to the FDM theorem prover to prove t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.