Proceedings 12th Annual Computer Security Applications Conference

9-13 Dec. 1996

Filter Results

Displaying Results 1 - 25 of 30
  • Security Applications Conference [front matter]

    Publication Year: 1996, Page(s):iii - vii
    Request permission for commercial reuse | PDF file iconPDF (186 KB)
    Freely Available from IEEE
  • Common Criteria Activities And Alternative Assurance

    Publication Year: 1996, Page(s): 65
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (73 KB)

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Sse-CMM Pilot Results

    Publication Year: 1996, Page(s): 67
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (68 KB)

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security And The National Telecommunications Infrastructure

    Publication Year: 1996, Page(s): 138
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (69 KB)

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Index of authors

    Publication Year: 1996, Page(s): 249
    Request permission for commercial reuse | PDF file iconPDF (43 KB)
    Freely Available from IEEE
  • A role-based secure database design tool

    Publication Year: 1996, Page(s):203 - 212
    Cited by:  Papers (2)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1136 KB)

    Starting from some previous proposals of extensions for database design methodologies, we have realised a secure database design tool. The work is based on a secure database design methodology that extends the entity relationship conceptual data model with a role based security model. The described tool features an analysis algorithm that can help detect potential security design mistakes, and a t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security issues in an EDI environment

    Publication Year: 1996, Page(s):129 - 136
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (732 KB)

    EDI (Electronic Data Interchange) means electronic transmission, processing, and storage of commercial, business, or trade related documents. The paper surveys the security threats posed to an EDI system, and outlines the techniques and services used to counter these threats. Most importantly, the paper has gone into great depth to address an EDI specific security requirement-non repudiation of re... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • SIGMA: security for distributed object interoperability between trusted and untrusted systems

    Publication Year: 1996, Page(s):158 - 168
    Cited by:  Papers (2)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1084 KB)

    The SIGMA project is researching the integration and interoperation of security technologies into distributed computing environments based on CORBA, the Common Object Request Broker Architecture. The architectural results described in the paper are focused on security technologies that allow controlled, selective exchange of object oriented services among separate distributed systems that differ i... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A modular covert channel analysis methodology for trusted DG/UXTM

    Publication Year: 1996, Page(s):224 - 235
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (988 KB)

    The covert channel analysis (CCA) approach presented in the paper leverages off of the subsystem architecture of the DG/UX kernel. The kernel is structured so that each of the elements of the system state is under the control of a single subsystem. That is, these elements can only be referenced or modified by functions of the controlling subsystem; thus, each subsystem can be thought of as an abst... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Verifying the correctness of cryptographic protocols using “Convince”

    Publication Year: 1996, Page(s):117 - 128
    Cited by:  Papers (4)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (928 KB)

    The paper describes Convince, a tool being developed to facilitate the modeling and analysis of cryptographic protocols, particularly those supporting authentication. Convince uses a belief logic to facilitate the analysis and proof of desired properties of these protocols. Convince incorporates in its front-end a commercial computer aided software engineering tool, StP/OMT, so that an analyst can... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Case-based reasoning for intrusion detection

    Publication Year: 1996, Page(s):214 - 223
    Cited by:  Papers (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (728 KB)

    Recently there has been significant interest in applying artificial intelligence (AI) techniques to the intrusion detection problem. Attempts have been made to develop rule based and model based expert systems for intrusion detection. Although these systems have been useful for detecting intruders, they face difficulties in acquiring and representing the knowledge. We present and describe a case b... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A comparison of multilevel structured query language (SQL) implementations

    Publication Year: 1996, Page(s):192 - 202
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (836 KB)

    The current commercial multilevel secure (MLS) database management system (DBMS) products provide extensions to SQL to support multilevel database applications. However, the DBMS vendors have implemented a variety of mechanisms that are both difficult to understand and ineffective in addressing a number of application concerns. The paper documents and compares the SQL extensions for Informix Onlin... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An extended capability architecture to enforce dynamic access control policies

    Publication Year: 1996, Page(s):148 - 157
    Cited by:  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (864 KB)

    Capability has been widely used as a fundamental mechanism for access control in distributed systems. When an object manager receives a capability from a user process for accessing an object, it verifies the genuineness of the capability and checks whether the access request is allowed with the access rights placed on the capability. Capabilities have been recognized to be more suitable than centr... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Mandatory protection for Internet server software

    Publication Year: 1996, Page(s):178 - 184
    Cited by:  Papers (1)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (608 KB)

    Server software on the Internet is today's high point for software at risk. Ongoing reports of security flaws suggest that conventional Internet server software packages are intrinsically vulnerable to “server overrun”, an attack that subverts the server's behavior and causes it to run attack code instead. The attack code then penetrates other portions of the server host or site unless... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Proxies for anonymous routing

    Publication Year: 1996, Page(s):95 - 104
    Cited by:  Papers (17)  |  Patents (37)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (920 KB)

    Using traffic analysis, it is possible to infer who is talking to whom over a public network. This paper describes a flexible communications infrastructure, called onion routing, which is resistant to traffic analysis. Onion routing lies just beneath the application layer, and is designed to interface with a wide variety of unmodified Internet services by means of proxies. Onion routing has been i... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On the design of secure electronic payment schemes for Internet

    Publication Year: 1996, Page(s):78 - 87
    Cited by:  Papers (1)  |  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (828 KB)

    Considers the design of secure electronic credit card based payment schemes for the Internet, and reveals some of the issues that have not been adequately addressed in the proposed protocols to date. This paper proposes additional mechanisms that need to be incorporated as part of the design phase of the scheme to deal efficiently with the disputes that can arise. The design methods described in t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Formal techniques for an ITSEC-E4 secure gateway

    Publication Year: 1996, Page(s):236 - 245
    Cited by:  Papers (2)  |  Patents (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (732 KB)

    We describe the method used to develop a gateway capable of meeting the ITSEC E4 requirements. The security policy was formally modelled and proven consistent with the functional specifications by means of an interactive theorem prover. The formalisms were used to assist in the design of the security architecture View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using a proxy X server to facilitate COTS application integration

    Publication Year: 1996, Page(s):185 - 190
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (496 KB)

    The paper documents the development of a proxy X Window System server, XPatch, that facilitates integration of COTS applications on systems with trusted X Window system implementations. The XPatch design and architecture are described, portability issues addressed, and accreditation issues identified View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Design choices for symmetric key based inter-domain authentication protocols in distributed systems

    Publication Year: 1996, Page(s):105 - 116
    Cited by:  Patents (14)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (844 KB)

    Authentication is a key requirement in the establishment of secure interactions between network entities. Several authentication and key establishment protocols have been proposed in recent years. Most of these protocols were designed for an intra-domain environment (i.e. one where the communicating parties reside in a single domain) and then extrapolated to the inter-domain environment. In this p... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Internet rules but the emperor has no clothes

    Publication Year: 1996, Page(s):XIV - XIX
    Cited by:  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (540 KB)

    Today's Internet is a virtually free resource. Its existence is based upon end-users freely communicating in an open environment. However, this free and open environment does not imply any value beyond the ability to communicate. Thus most of the information currently being exchanged is not deemed “valuable” in the business sense. However, as more and more business-related information ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Operation chain link: the deployment of a firewall at Hanscom Air Force Base

    Publication Year: 1996, Page(s):170 - 177
    Cited by:  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (608 KB)

    In March 1995, the Electronic Systems Center (ESC) based at the Hanscom Air Force Base (AFB), Massachusetts, commissioned the development and installation of a firewall around its unclassified network. Heightened awareness of Internet threats, concern over results of recent network security assessments, and a hacker break-in at a sister Air Force installation prompted this action. The paper addres... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Innovative secure payments on the Internet using the German electronic purse

    Publication Year: 1996, Page(s):88 - 93
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (484 KB)

    In this paper, an innovative and secure method for payments on the Internet is described which uses the German electronic purse. We describe how the method of payment using the German electronic purse is used today at off-line terminals at the merchant's site. The security mechanisms of the payment system are described in detail. We discuss the adaption of this method to secure payments on the Int... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An evaluation of the Java security model

    Publication Year: 1996, Page(s):2 - 14
    Cited by:  Papers (2)  |  Patents (10)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1284 KB)

    Java is a new programming language that has been developed by Sun Microsystems. They claim that Java has a number of advantages over traditional programming languages. One of these advantages is the ability to execute untrusted programs in a secure environment. After a brief introduction to the Java language this paper investigates the problems that would arise when running untrusted programs with... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using Fortezza for transparent file encryption

    Publication Year: 1996, Page(s):140 - 147
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (676 KB)

    SISTex's Assure(R) Basic product provides security features including access controls and transparent file encryption (using the Data Encryption Standard) in a DOS/Windows environment. To meet the needs of certain customers, we converted the DES based file encryption to use NSA's Fortezza card, which uses the Skipjack algorithm. Despite our expectations, Fortezza was not a clean replacement for DE... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Implementing security policy in a large defence procurement

    Publication Year: 1996, Page(s):15 - 23
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1004 KB)

    At the 1993 ACSAC conference a previous paper was presented describing the security policy developed for a large, integrated defence procurement, the United Kingdom Royal Air Force Logistics Information Technology System (LITS). The current paper describes some of the practical difficulties encountered in implementing that security policy during subsequent stages of the LITS system development. Is... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.