{"title":"The Design of an Effective Auditing Subsystem","authors":"J. Picciotto","doi":"10.1109/SP.1987.10015","DOIUrl":"https://doi.org/10.1109/SP.1987.10015","url":null,"abstract":"The Compartmented Mode Workstation project (CMW) is an effort to provide a prototype implementation of enhanced computer security features on a workstation. The ultimate goal of this project is to demonstrate that the compartmented mode workstation requirements detailed in \"Security Requirements for System High and Compartmented Mode Workstations\" [CMWREQS] can be met in an operationally useful manner. One of the necessary security enhancements that must be made to a workstation is the inclusion of a comprehensive auditing facility. For any computer system to be considered secure, it must have the ability to generate and store audit information on significant events. This information shall then be provided to authorized personnel for security and system monitoring. This document describes the design and implementation of the CMW'S auditing subsystem. The auditing subsystem was developed in conjunction with other parts of the total CMW project.","PeriodicalId":123213,"journal":{"name":"1987 IEEE Symposium on Security and Privacy","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1987-04-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115427440","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Toward Verified Execution Environments","authors":"W. R. Bevier, W. Hunt, W. D. Young","doi":"10.1109/SP.1987.10018","DOIUrl":"https://doi.org/10.1109/SP.1987.10018","url":null,"abstract":"Abstract: Current verification technology provides tools for the verification of programs written in a high-level language. Even verified high-level programs may not satisfy their specifications when executed, due to errors in tower-level software and hardware. We discuss an attempt at eliminating this problem with the design of an execution environment consisting of a compiler, operating system, and processor, each of which has been mechanically verified.","PeriodicalId":123213,"journal":{"name":"1987 IEEE Symposium on Security and Privacy","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1987-04-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116689899","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Information Flow and Invariance","authors":"J. Guttman","doi":"10.1109/SP.1987.10022","DOIUrl":"https://doi.org/10.1109/SP.1987.10022","url":null,"abstract":"A flaw in an operating system that had apparently been verified using the information flow technique indicates that the approach, as it has been practiced, is incomplete, The software tool that was used requires specifications to have a format prone to cause errors, so that a modification of the design of the tool is needed, Moreover, the verification process was logically incomplete, because flow analysis of a version of the specification free of errors yields formulas that can be proved only via invariant properties. This observation leads to an integration of two techniques for verifying security.","PeriodicalId":123213,"journal":{"name":"1987 IEEE Symposium on Security and Privacy","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1987-04-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128488269","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A Basis for Secure Communication in Large Distributed Systems","authors":"David P. Anderson, P. Rangan","doi":"10.1109/SP.1987.10006","DOIUrl":"https://doi.org/10.1109/SP.1987.10006","url":null,"abstract":"We propose a secure communication architecture for distributed systems that puts security below the transport level, and uses host-to-host rather than process-to-process secure channels. We argue that this provides the same level of end-to-end security as putting security at higher levels, and that it can simplify and improve the performance of transport protocols. The architecture is designed for very large distributed systems, which in general have security requirements beyond those of LAN-based systems.","PeriodicalId":123213,"journal":{"name":"1987 IEEE Symposium on Security and Privacy","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116920838","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
求助内容:
应助结果提醒方式: