Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy

7-9 May 1990

Filter Results

Displaying Results 1 - 25 of 35
  • Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy (Cat. No.90CH2884-5)

    Publication Year: 1990
    Request permission for commercial reuse | PDF file iconPDF (1146 KB)
    Freely Available from IEEE
  • Polyinstantiation integrity in multilevel relations

    Publication Year: 1990, Page(s):104 - 115
    Cited by:  Papers (23)  |  Patents (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (820 KB)

    Polyinstantiation integrity (PI) as defined in the Sea View multilevel relational data model consists of a functional dependency component and a multivalued dependency component. It is shown that the latter component rules out many practically useful relations and is therefore unduly restrictive. This leads the authors to propose that PI be defined to consist only of the functional dependency comp... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Practical authentication for distributed computing

    Publication Year: 1990, Page(s):31 - 40
    Cited by:  Papers (9)  |  Patents (14)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (804 KB)

    Issues related to authentication in a distributed computing environment are discussed. Authentication approaches used in Digital Equipment Corporation's Distributed System Security Architecture (DSSA) are described. Node, user, and process granularity authentication concerns are considered. Authentication is based on a global hierarchic naming structure and public-key cryptography. Directory-resid... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Specification and verification of the ASOS kernel

    Publication Year: 1990, Page(s):61 - 74
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (956 KB)

    The Army Secure Operating System (ASOS) program is providing a family of operating systems for tactical data system applications in Ada. Two members of the ASOS family have been developed: a dedicated secure operating system intended for the TCSEC (the DoD Trusted Computer System Evaluation Criteria) C2 level, and a multilevel secure operating system intended for the TCSEC A1 level. An overview is... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Extending the Brewer-Nash model to a multilevel context

    Publication Year: 1990, Page(s):95 - 102
    Cited by:  Papers (14)  |  Patents (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (596 KB)

    It is shown how the Brewer-Nash Chinese wall model can be extended to a policy for handling the aggregation problem in a multilevel context. A lattice-based information flow policy that can be integrated into both the multilevel and Drewer-Nash context is derived. This information flow policy is used to develop a security policy described in terms of labeled subjects accessing labeled objects that... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Auditing the use of covert storage channels in secure systems

    Publication Year: 1990, Page(s):285 - 295
    Cited by:  Papers (7)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (812 KB)

    Requirements for auditing covert storage channels are defined, and some fundamental problems which appear in most computer systems are illustrated. It is argued that audit subsystems designed to minimally satisfy the TCSEC (the DoD Trusted Computer System Evaluation Criteria) requirement are unable to detect many instances of covert channel use, and hence require major design and implementation ch... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An architecture for practical delegation in a distributed system

    Publication Year: 1990, Page(s):20 - 30
    Cited by:  Papers (61)  |  Patents (42)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (952 KB)

    A practical technique for delegation is described. It provides both cryptographic assurance that a delegation was authorized and authentication of the delegated systems, thereby allowing reliable access control as well as precise auditing of the systems involved in every access. It goes further than other approaches for delegation in that it also provides termination of a delegation on demand (as ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Army Secure Operating System

    Publication Year: 1990, Page(s):50 - 60
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (876 KB)

    The Army Secure Operating System (ASOS) is a family of operating systems intended to serve the tactical needs of the US Army. It currently comprises two systems designed to be certifiable to classes C2 and A1 of the DoD Trusted Computer System Evaluation Criteria (TCSEC). Both operating systems provide a common user interface, support real-time applications written in Ada, and are configurable and... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A little knowledge goes a long way: faster detection of compromised data in 2-D tables

    Publication Year: 1990, Page(s):86 - 94
    Cited by:  Papers (3)  |  Patents (20)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (620 KB)

    A reexamination is made of the problem of protecting sensitive data in an n by n table of integer statistics, when the nonsensitive data are made public along with the row and column sums for the table. Consideration is given to the problem of computing the tightest upper bounds on the values of sensitive (undisclosed) cells. These bounds, together with tightest lower bounds (whi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The role of trust in protected mail

    Publication Year: 1990, Page(s):210 - 215
    Cited by:  Papers (1)  |  Patents (14)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (588 KB)

    TMail is a privacy-enhanced electronic mail system on a trusted operating system base. A description is given of the TMail cryptographic processes that protect the mail in transit from disclosure, detect modification, and assure source authentication. The trusted operating system is used to protect the mail and the cryptographic modules on the host system. The trust requirements for the system are... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Beyond the pale of MAC and DAC-defining new forms of access control

    Publication Year: 1990, Page(s):190 - 200
    Cited by:  Papers (32)  |  Patents (35)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1108 KB)

    Examples of DoD/intelligence data protection requirements are described that cannot be handled through traditional mandatory (MAC) or discretionary (DAC) access controls, and two new forms of access controls to respond to these problems are proposed. First, a user attribute-based access control for enforcement of dissemination controls is introduced. Second, a type of access control known as owner... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Probabilistic interference

    Publication Year: 1990, Page(s):170 - 179
    Cited by:  Papers (33)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (748 KB)

    D. McCullough's (1988) state machine formulism and definition of restrictiveness are restated. An example system is presented which illustrates the problem of probabilistic interference. An extension to McCullough's work that solves the problem of probabilistic interference is developed. A series of examples are presented which are designed to show the application of this extension. An example whi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Adaptive real-time anomaly detection using inductively generated sequential patterns

    Publication Year: 1990, Page(s):278 - 284
    Cited by:  Papers (45)  |  Patents (59)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (484 KB)

    A time-based inductive learning approach to the problem of real-time anomaly detection is described. This approach uses sequential rules that characterize a user's behavior over time. A rulebase is used to store patterns of user activities, and anomalies are reported whenever a user's activity deviates significantly from those specified in the rules. The rules in the rulebase characterize either t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Information privacy issues for the 1990s

    Publication Year: 1990, Page(s):394 - 400
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (620 KB)

    Information privacy deals with protecting individuals against potential violations of their rights due to collection, storage, and use of personal information by the government and private sector organizations. The privacy protection laws enacted in the 1970s are inadequate and limited in scope. New applications of computer-communications technology involving personal information are now emerging ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Information flow in nondeterministic systems

    Publication Year: 1990, Page(s):144 - 161
    Cited by:  Papers (92)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1236 KB)

    An analysis of some recent combinatorial theories of computer security is presented from the perspective of information theory. The theories analyzed are information-flow theories based on the concept of nondeducibility. They are intended to be applicable to nondeterministic systems that may be networked View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Formal construction of provably secure systems with Cartesiana

    Publication Year: 1990, Page(s):319 - 332
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (888 KB)

    Cartesiana is a system to support the construction of software on the basis of formal methods. It is currently being used for the development of a provably secure system in a pilot project in West Germany. The quality criteria applied go beyond A1 and include program level verification. The Cartesiana approach to meet these criteria emphasizes constructive techniques. Proof rules are used to deriv... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A security architecture and mechanism for data confidentiality in TCP/IP protocols

    Publication Year: 1990, Page(s):249 - 259
    Cited by:  Papers (2)  |  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (700 KB)

    A method of providing data confidentiality service for secure data communication between two end users through Transmission Control Protocol/Internet Protocol (TCP/IP) protocols is presented. The system call functions of the socket compatibility interface and transport level interface libraries are used for connection establishment, data transfer, and connection release between two TCP/IP end user... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Multiversion concurrency control for multilevel secure database systems

    Publication Year: 1990, Page(s):369 - 383
    Cited by:  Papers (30)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1364 KB)

    Consideration is given to the application of multiversion schedulers in multilevel secure database management systems (MLS/DBMSs). Transactions are vital for MLS/DBMSs because they provide transparency to concurrency and failure. Concurrent execution of transactions may lead to contention among subjects for access to data, which in MLS/DBMSs may lead to security problems. Multiversion schedulers r... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A VMM security kernel for the VAX architecture

    Publication Year: 1990, Page(s):2 - 19
    Cited by:  Papers (19)  |  Patents (105)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1516 KB)

    The development of a virtual-machine monitor (VMM) security kernel for the VAX architecture is described. Particular focus is on how the system's hardware, microcode, and software are aimed at meeting A1-level security requirements while maintaining the standard interfaces and applications of the VMS and ULTRIX-32 operating systems. The VAX security kernel supports multiple concurrent virtual mach... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Naming and grouping privileges to simplify security management in large databases

    Publication Year: 1990, Page(s):116 - 132
    Cited by:  Papers (32)  |  Patents (13)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1388 KB)

    An extension is described to ANSI SQI that simplifies security management by reducing the complexity of the access controls on database objects and by providing users with the flexibility to define administrative roles (like auditor or security administrator) that match their requirements for the separation of duties. The benefit of simplified security management is improved security. The main fea... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • SP3 peer identification

    Publication Year: 1990, Page(s):41 - 48
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (636 KB)

    SP3 is a network layer protocol that has been designed to provide security services for network service users. It is assumed that the network service users reside in different private internetworks and must traverse a public internetwork to communicate. It is further assumed that SP3 services are being provided by intermediate systems that reside at the internetwork boundaries. The problem is that... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Integrating an object-oriented data model with multilevel security

    Publication Year: 1990, Page(s):76 - 85
    Cited by:  Papers (27)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (732 KB)

    A security model is presented for object-oriented database systems. This model is a departure from the traditional security models based on the passive-object active-subject paradigm. The model is a flow model whose main elements are objects and messages. An object combines the properties of a passive information repository with those of an active agent. Messages are the main instrument of informa... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A network security monitor

    Publication Year: 1990, Page(s):296 - 304
    Cited by:  Papers (78)  |  Patents (38)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (724 KB)

    This study concentrates on the security-related issues in a single broadcast LAN (local area network) such as Ethernet. The authors formalize various possible network attacks. Their basic strategy is to develop profiles of usage of network resources and then compare current usage patterns with the historical profile to determine possible security violations. Thus, the work is similar to the host-b... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On the formal specification and verification of a multiparty session protocol

    Publication Year: 1990, Page(s):216 - 233
    Cited by:  Papers (9)  |  Patents (14)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1456 KB)

    The formal specification and verification of the multiparty session protocol discussed by the authors previously (1988) are presented. The notion of intruder processes is introduced to model intruder actions and countermeasures of the trusted computing bases. It is argued that multilevel network security can be achieved and verified formally independent of the specific transport-layer protocols ev... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Some conundrums concerning separation of duty

    Publication Year: 1990, Page(s):201 - 207
    Cited by:  Papers (34)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (648 KB)

    An examination is made of questions concerning commercial computer security integrity policies. An example is given of a dynamic separation of duty policy which cannot be implemented by mechanisms based on TCSEC based mechanisms alone, yet occurs in the real commercial world and can be implemented efficiently in practice. A commercial computer security product in wide use for ensuring the integrit... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.