Computer Security Applications, 2000. ACSAC '00. 16th Annual Conference

11-15 Dec. 2000

Filter Results

Displaying Results 1 - 25 of 46
  • Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00) [front matter]

    Publication Year: 2000
    Request permission for commercial reuse | PDF file iconPDF (248 KB)
    Freely Available from IEEE
  • A flexible access control service for Java mobile code

    Publication Year: 2000, Page(s):356 - 365
    Cited by:  Papers (5)  |  Patents (11)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (960 KB)

    Mobile code (MC) technologies provide appealing solutions for the development of Internet applications. For instance, Java technology facilitates dynamic loading of application code from remote servers on to heterogeneous clients distributed all over the Internet. However, executing foreign code that has been loaded from the network raises significant security concerns which limit the diffusion of... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Index of authors

    Publication Year: 2000, Page(s):411 - 412
    Request permission for commercial reuse | PDF file iconPDF (77 KB)
    Freely Available from IEEE
  • Security architecture for federated cooperative information systems

    Publication Year: 2000, Page(s):208 - 216
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (692 KB)

    We describe the design and implementation of a security architecture for a cooperative information system implemented with CORBA technologies. We first define a role-based policy for a specific case study. We then show how this policy is enforced by an architecture made of a selection of commercial off the shelf components and a small number of developed components. Finally, we focus on the intero... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Introducing decryption authority into PKI

    Publication Year: 2000, Page(s):288 - 296
    Cited by:  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (720 KB)

    It is well-known that CA plays the central role in PKI. We introduce a new component into PKI, DA (decryption authority), which decrypts important and sensitive messages for clients under certain conditions. A PKI with DA provides solutions to many security problems in e-commerce and online transactions. If we consider that public key cryptography provides both digital signature and asymmetric enc... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Collaboration: can it be done securely?

    Publication Year: 2000, Page(s): 206
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (36 KB)

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Usability meets security - the Identity-Manager as your personal security assistant for the Internet

    Publication Year: 2000, Page(s):344 - 353
    Cited by:  Papers (15)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1168 KB)

    In today's applications, most users disregard the security functionality. They do not have the knowledge and/or the motivation to configure or to use the existing security functions correctly. In this paper, we present a new concept to improve the usability of security mechanisms, introducing an extended classification of protection goals. As a result, the everyday use of security functionality ca... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A reliable, scalable general-purpose certificate store

    Publication Year: 2000, Page(s):278 - 287
    Cited by:  Papers (4)  |  Patents (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (952 KB)

    Although there have been various proposals to build large-scale PKIs, there appears to be no research publicly available on the underlying certificate store which will be required to support such a PKI. This paper analyses the requirements for, and presents the design of a general-purpose certificate store which places few constraints on the underlying computer hardware or operating system used, p... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A self-extension monitoring for security management

    Publication Year: 2000, Page(s):196 - 203
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (708 KB)

    In the coming age of information warfare, information security patterns take on a more offensive than defensive stance. However most existing security systems remain passive and do not provide an active form of security protection. It is necessary to develop an active form of offensive approach to security protection in order to guard vital information infrastructures and thwart hackers. This pape... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • History based distributed filtering - a tagging approach to network-level access control

    Publication Year: 2000, Page(s):373 - 382
    Cited by:  Papers (1)  |  Patents (9)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (916 KB)

    Discusses a network-level access control technique that applies the non-discretionary access control model to individual data packets that are exchanged between hosts or subnets. The proposed technique examines the incoming data's integrity properties to prevent applications within a node or subnetwork from so-called subversive channels. It checks outgoing data's secrecy requirements before transm... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A high-speed ECC-based wireless authentication on an ARM microprocessor

    Publication Year: 2000, Page(s):401 - 409
    Cited by:  Papers (4)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (588 KB)

    We present the results of our implementation of elliptic curve cryptography (ECC) over the field GF(p) on an 80-MHz, 32-bit ARM microprocessor. We have produced a practical software library which supports variable length implementation of the elliptic curve digital signature algorithm (ECDSA). We implemented the ECDSA and a recently proposed ECC-based wireless authentication protocol using the lib... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Denial of service protection the nozzle

    Publication Year: 2000, Page(s):32 - 41
    Cited by:  Papers (2)  |  Patents (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (660 KB)

    A denial of service attack is a dominating conversation with a network resource designed to preclude other conversations with that resource. This type of attack can cost millions of dollars when the target is a critical resource such as a Web server or domain name server. Traditional methods, such as firewalls and intrusion detection systems have failed to provide adequate protection from this typ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Calculating costs for quality of security service

    Publication Year: 2000, Page(s):334 - 343
    Cited by:  Papers (11)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (904 KB)

    Presents a quality-of-security-service (QoSS) costing framework and a demonstration of it. A method for quantifying costs related to the security service and for storing and retrieving security information is illustrated. We describe a security model for tasks, which incorporates the ideas of variant security services invoked by the task, dynamic network modes, abstract security level choices and ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A novel approach to on-line status authentication of public-key certificates

    Publication Year: 2000, Page(s):270 - 277
    Cited by:  Papers (8)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (564 KB)

    The widespread use of public networks, such as the Internet, for the exchange of sensitive data, like legally valid documents and business transactions, poses severe security constraints. The approach relying on public-key certificates certainly represents a valuable solution from the viewpoint of data integrity and authentication. The effectiveness of the approach, however, may be arguable, espec... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Less harm, less worry or how to improve network security by bounding system offensiveness

    Publication Year: 2000, Page(s):188 - 195
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (620 KB)

    We describe a new class of tools for protecting computer systems from security attacks. Their distinguished feature is the principle they are based on. Host or network protection is not achieved by strengthening their defenses but by weakening the enemy's offensive capabilities. A prototype tool has been implemented that demonstrates that such an approach is feasible and effective. We show that so... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Personal security environment on Palm PDA

    Publication Year: 2000, Page(s):366 - 372
    Cited by:  Papers (2)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (592 KB)

    Digital signature schemes are based on the assumption that the signing key is kept in secret. Ensuring that this assumption holds is one of the most crucial problems for all current digital signature applications. This paper describes the solution developed and prototyped by the authors - using a mobile computing device with a smart-card reader for creating digital signatures. We give an overview ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Fair on-line gambling

    Publication Year: 2000, Page(s):394 - 400
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (408 KB)

    This paper proposes a fair electronic gambling scheme for the Internet. The proposed scheme provides a unique link between payment and gambling outcome so that the winner can be ensured to get the payment. Since an optimal fair exchange method is used in gambling message exchange the proposed system guarantees that no one can successfully cheat during a gambling process. Our system requires an off... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Two state-based approaches to program-based anomaly detection

    Publication Year: 2000, Page(s):21 - 30
    Cited by:  Papers (16)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (768 KB)

    This paper describes two intrusion detection algorithms, and gives experimental results on their performance. The algorithms detect anomalies in execution audit data. One is a simply constructed finite-state machine, and the other monitors statistical deviations from normal program behavior. The performance of these algorithms is evaluated as a function of the amount of available training data, an... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Policy-based authentication and authorization: secure access to the network infrastructure

    Publication Year: 2000, Page(s):328 - 333
    Cited by:  Papers (2)  |  Patents (29)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (508 KB)

    A gaping hole in many of today's networks is the weak security surrounding the network devices themselves-the routers, the switches and the access servers. In all public networks and in some private networks, the network devices are shared virtually among different user communities. Access to the configuration schemes and command lines is most often an “all or nothing” proposition-the ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Extending Java for package based access control

    Publication Year: 2000, Page(s):67 - 76
    Cited by:  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (708 KB)

    This paper describes an extension of the Java language that provides programmable security. The approach augments the Java syntax with constructs for specifying various access control policies for Java packages, including DAC, MAC, RBAC and TBAC. A primitive ticket based mechanism serves as the foundation for programmable security. The implementation incorporates a preprocessor for language transl... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Policy mediation for multi-enterprise environments

    Publication Year: 2000, Page(s):100 - 106
    Cited by:  Papers (1)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (512 KB)

    Existing software infrastructures and middleware provide uniform security services across heterogeneous information networks. However few, if any, tools exist that support access control policy management for and between large enterprise information networks. Insiders often exploit gaps in policies to mount devastating attacks. This paper presents a Policy Machine and Policy Mediation Architecture... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • ITS4: a static vulnerability scanner for C and C++ code

    Publication Year: 2000, Page(s):257 - 267
    Cited by:  Papers (72)  |  Patents (18)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (896 KB)

    We describe ITS4, a tool for statically scanning security-critical C source code for vulnerabilities. Compared to other approaches, our scanning technique stakes out a new middle ground between accuracy and efficiency. This method is efficient enough to offer real-time feedback to developers during coding while producing few false negatives. Unlike other techniques, our method is also simple enoug... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A network audit system for host-based intrusion detection (NASHID) in Linux

    Publication Year: 2000, Page(s):178 - 187
    Cited by:  Papers (2)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (624 KB)

    Recent work has shown that conventional operating system audit trails are insufficient to detect low-level network attacks. Because audit trails are typically based upon system calls or application sources, operations in the network protocol stack go unaudited. Earlier work has determined the audit data needed to detect low-level network attacks. We describe an implementation of an audit system wh... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Secure compartmented data access over an untrusted network using a COTS-based architecture

    Publication Year: 2000, Page(s):217 - 223
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (496 KB)

    We present an approach to secure compartmented data access over an untrusted network using a secure network computing architecture. We describe the architecture and show how application-level firewalls and other commercial-off-the-shelf (COTS) products may be used to implement compartmentalized access to sensitive information and to provide access control over an untrusted network and in a variety... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using attribute certificates with mobile policies in electronic commerce applications

    Publication Year: 2000, Page(s):298 - 307
    Cited by:  Papers (3)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (784 KB)

    Many electronic commerce applications, including those developed for business-to-consumer (B2C) and business-to-business (B2B) uses, require operations in computing environments that are truly distributed. That is, users can request data access from multiple locations within a distributed computing system. To complicate this type of operation, however, data can be distributed and represented in mu... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.