Seventeenth Annual Computer Security Applications Conference

10-14 Dec. 2001

Filter Results

Displaying Results 1 - 25 of 49
  • Proceedings 17th Annual Computer Security Applications Conference

    Publication Year: 2001
    Request permission for commercial reuse | PDF file iconPDF (549 KB)
    Freely Available from IEEE
  • Introduction to the classic papers

    Publication Year: 2001, Page(s): 161
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (147 KB) | HTML iconHTML

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Determining privileges of mobile agents

    Publication Year: 2001, Page(s):149 - 158
    Cited by:  Papers (5)  |  Patents (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (229 KB) | HTML iconHTML

    This paper describes a method for controlling the behavior of mobile agent-system entities through the allocation of privileges. Privileges refer to policy rules that govern the access and use of computational resources and services by mobile agents. Our method is based on extending the platform processing environment, using the capabilities present in most mobile agent systems, and applying two f... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A framework for multiple authorization types in a healthcare application system

    Publication Year: 2001, Page(s):137 - 148
    Cited by:  Papers (10)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (228 KB) | HTML iconHTML

    In most of the current authorization frameworks in applications systems, the authorization for a user operation is determined using a static database like ACL entries or system tables. These frameworks cannot provide the foundation for supporting multiple types of authorizations like emergency authorizations, context-based authorizations etc., which are required in many vertical market systems lik... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Information flow analysis of component-structured applications

    Publication Year: 2001, Page(s):45 - 54
    Cited by:  Papers (1)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (372 KB) | HTML iconHTML

    Software component technology facilitates the cost-effective development of specialized applications. Nevertheless, due to the high number of principals involved in a component-structured system, it introduces special security problems which have to be tackled by a thorough security analysis. In particular the diversity and complexity of information flows between components hold the danger of leak... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Engineering of role/permission assignments

    Publication Year: 2001, Page(s):127 - 136
    Cited by:  Papers (10)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (199 KB) | HTML iconHTML

    We develop a model for engineering role-permission assignment. Our model builds upon the well-known RBAC96 model. Assigning permissions to roles is considered too complex an activity to accomplish directly. Instead we advocate breaking down this process into a number of steps. We specifically introduce the concept of jobs, work-patterns, and tasks to facilitate role-permission assignment into a se... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Implementing the intrusion detection exchange protocol

    Publication Year: 2001, Page(s):32 - 41
    Cited by:  Papers (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (200 KB) | HTML iconHTML

    We describe the goals of the IETF's Intrusion Detection Working Group (IDWG) and the requirements for a transport protocol to communicate among intrusion detection systems. We then describe the design and implementation of IAP the first attempt at such a protocol. After a discussion of IAP's limitations, we discuss BEEP, a new IETF general framework for application protocols. We then describe the ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Detecting conflicts in a role-based delegation model

    Publication Year: 2001, Page(s):117 - 126
    Cited by:  Papers (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (222 KB) | HTML iconHTML

    The RBAC96 access control model has been the basis for extensive work on role-based constraint specification and role-based delegation. However these practical extensions can also lead to conflicts at compile and run-time. We demonstrate, following a role-based, declarative approach, how conflicts between specified separation of duty constraints and delegation activities can be detected. This appr... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Managing alerts in a multi-intrusion detection environment

    Publication Year: 2001, Page(s):22 - 31
    Cited by:  Papers (73)  |  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (228 KB) | HTML iconHTML

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Restricting access with certificate attributes in multiple root environments - a recipe for certificate masquerading

    Publication Year: 2001, Page(s):386 - 390
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (167 KB) | HTML iconHTML

    The issue of certificate masquerading against the SSL protocol is pointed out in Hayes (1998). In Hayes, various forms of server certificate masquerading are identified. It should also be noted that the attack described is a man-in-the-middle (MITM) attack that requires direct manipulation of the SSL protocol. This paper is a mirror of Hayes and involves client certificate masquerading. The motiva... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Securing Web servers against insider attack

    Publication Year: 2001, Page(s):265 - 276
    Cited by:  Papers (14)  |  Patents (11)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (237 KB) | HTML iconHTML

    Too often, "security of Web transactions" reduces to "encryption of the channel" - and neglects to address what happens at the server on the other end. This oversight forces clients to trust the good intentions and competence of the server operator - but gives clients no basis for that trust. In this paper, we apply secure coprocessing and cryptography to solve this real problem in Web technology.... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Experiences implementing a common format for IDS alerts

    Publication Year: 2001, Page(s): 113
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (145 KB)

    First Page of the Article
    View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Mining alarm clusters to improve alarm handling efficiency

    Publication Year: 2001, Page(s):12 - 21
    Cited by:  Papers (44)  |  Patents (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (263 KB) | HTML iconHTML

    It is a well-known problem that intrusion detection systems overload their human operators by triggering thousands of alarms per day. As a matter of fact, IBM Research's Zurich Research Laboratory has been asked by one of our service divisions to help them deal with this problem. This paper presents the results of our research, validated thanks to a large set of operational data. We show that alar... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Trustworthiness in distributed electronic healthcare records - basis for shared care

    Publication Year: 2001, Page(s):433 - 441
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (406 KB) | HTML iconHTML

    Shared care is the common answer to the challenge for improving health system quality and efficiency. This development must be accompanied by implementing shared care information systems moving to extended electronic healthcare record systems which are distributed and have to be interoperable too. Comprehensive communication and co-operation between healthcare establishments is increasingly using ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A regulated approach to certificate management

    Publication Year: 2001, Page(s):377 - 385
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (206 KB) | HTML iconHTML

    Traditionally, creation and revocation of certificates are performed manually, by trusted agents, under conditions that are rarely formalized. This approach to certificate management is appropriate for many current applications, where the certification or revocation of certificates is based on non-digital credentials. But it is expensive, time consuming and error-prone for the growing class of app... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Temporal signatures for intrusion detection

    Publication Year: 2001, Page(s):252 - 261
    Cited by:  Papers (10)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (272 KB) | HTML iconHTML

    We introduce a new method for detecting intrusions based on the temporal behavior of applications. It builds on an existing method of application intrusion detection developed at the University of New Mexico that uses a system call sequence as a signature. Intrusions are detected by comparing the signature of the intrusion and that of the normal application. But when the system call sequences gene... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Privacy-preserving cooperative statistical analysis

    Publication Year: 2001, Page(s):102 - 110
    Cited by:  Papers (28)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (236 KB) | HTML iconHTML

    The growth of the Internet opens up tremendous opportunities for cooperative computation, where the answer depends on the private inputs of separate entities. Sometimes these computations may occur between mutually untrusting entities. The problem is trivial if the context allows the conduct of these computations by a trusted entity that would know the inputs from all the participants; however if ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Building reliable secure computing systems out of unreliable insecure components

    Publication Year: 2001, Page(s):164 - 173
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (175 KB) | HTML iconHTML

    Parallels are drawn between the problems and techniques associated with achieving high reliability, and those associated with the provision of security, in distributed computing systems. Some limitations of the concept of a Trusted Computing Base are discussed, and an alternative approach to the design of highly secure computing systems is put forward, based on fault tolerance concepts and techniq... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Secure anonymous group infrastructure for common and future Internet applications

    Publication Year: 2001, Page(s):401 - 410
    Cited by:  Papers (10)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (250 KB) | HTML iconHTML

    Secure group communication protocols, in particular multi-party key agreement and update algorithms, help promote traditional and new Internet multi-party applications such as video conferencing or distance education. We propose a framework for marrying such approaches with access management mechanisms and applications in real environments. Furthermore, we extend this framework with anonymisation ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Verifiable identifiers in middleware security

    Publication Year: 2001, Page(s):450 - 459
    Cited by:  Papers (2)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1168 KB) | HTML iconHTML

    This paper discusses the difficulties of describing an appropriate notion of the security attributes "caller" and "target" in object-oriented middleware systems such as CORBA. Middleware security needs such security attributes in order to be able to express middleware layer security policies. Our analysis points out that, whilst there is no information available on the ORB layer to describe the ca... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • IntruDetector: a software platform for testing network intrusion detection algorithms

    Publication Year: 2001, Page(s):3 - 11
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1149 KB) | HTML iconHTML

    An intrusion detection system (IDS), that monitors passively specific computing resources, and reports anomalous or intrusive activities, is becoming an important component in the security system of information infrastructure. Algorithms for detecting intrusions are under rapid development, but far from being mature. One interesting and difficult issue is how to study and test a new intrusion dete... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Requirements for a general framework for response to distributed denial-of-service

    Publication Year: 2001, Page(s):422 - 429
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (235 KB) | HTML iconHTML

    What is network denial of service (DoS), and why is it such a problem? This research project has sought to investigate these questions and look at the deeper questions such as can denial of service be removed, can it be detected and can network systems adequately respond to denial of service incidents should they become subjected to them? This paper describes some issues that make network denial o... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Abuse-case-based assurance arguments

    Publication Year: 2001, Page(s):366 - 374
    Cited by:  Papers (11)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1102 KB) | HTML iconHTML

    This paper describes an extension to abuse-case-based security requirements analysis that provides a lightweight means of increasing assurance in security relevant software. The approach is adaptable to lightweight software development processes but results in a concrete and explicit assurance argument. Like abuse-case-based security requirements analysis, this approach is suitable for use in proj... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Wired versus wireless security: the Internet, WAP and iMode for E-commerce

    Publication Year: 2001, Page(s):296 - 306
    Cited by:  Papers (15)  |  Patents (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (314 KB) | HTML iconHTML

    The perceived lack of security in the wireless environment has delayed many initiatives in providing access to E-commerce applications from wireless devices. Many organizations are skeptical that the same kind of security protections that they are used to in the current Internet (wired) E-commerce environment are also available for wireless transactions. We show that these perceptions are misplace... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Information security: science, pseudoscience, and flying pigs

    Publication Year: 2001, Page(s):205 - 216
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (254 KB) | HTML iconHTML

    The state of the science of information security is astonishingly rich with solutions and tools to incrementally and selectively solve hard problems. In contrast, the state of the actual application of science, and the general knowledge and understanding of existing science, is lamentably poor. Still we face a dramatically growing dependence on information technology, e.g., the Internet, that attr... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.