发布求助
文献互助 智能选刊 最新文献

Proceedings. 1989 IEEE Symposium on Security and Privacy最新文献

筛选
英文 中文
With microscope and tweezers: an analysis of the Internet virus of November 1988 用显微镜和镊子分析1988年11月的互联网病毒
Proceedings. 1989 IEEE Symposium on Security and Privacy Pub Date : 1989-05-01 DOI: 10.1109/SECPRI.1989.36307
Mark W. Eichin, Jon A. Rochlis
{"title":"With microscope and tweezers: an analysis of the Internet virus of November 1988","authors":"Mark W. Eichin, Jon A. Rochlis","doi":"10.1109/SECPRI.1989.36307","DOIUrl":"https://doi.org/10.1109/SECPRI.1989.36307","url":null,"abstract":"In early November 1988 the Internet, a collection of networks consisting of 60,000 host computers implementing the TCP/IP protocol suite, was attacked by a virus, a program which broke into computers on the network and which spread from one machine to another. The authors present a detailed analysis of the virus program. The describe the lessons that this incident has taught the Internet community and topics for future consideration and resolution. A detailed routine-by-routine description of the virus program, including the contents of its built-in dictionary is provided.<<ETX>>","PeriodicalId":126792,"journal":{"name":"Proceedings. 1989 IEEE Symposium on Security and Privacy","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1989-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116005263","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 247
LOCK trek: navigating uncharted space 锁之旅:在未知的空间航行
Proceedings. 1989 IEEE Symposium on Security and Privacy Pub Date : 1989-05-01 DOI: 10.1109/SECPRI.1989.36291
O. S. Saydjari, J. Beckman, J. R. Leaman
{"title":"LOCK trek: navigating uncharted space","authors":"O. S. Saydjari, J. Beckman, J. R. Leaman","doi":"10.1109/SECPRI.1989.36291","DOIUrl":"https://doi.org/10.1109/SECPRI.1989.36291","url":null,"abstract":"The design principles of the logical coprocessing kernel (LOCK) project are considered. LOCK is an advanced development of hardware-based computer security and cryptographic service modules. Much of the design and some of the implementation specifications are complete. The formal top level specification (FTLS) also is complete and the advanced noninterference proofs are beginning. This hardware-based approach has brought the LOCK project into many uncharted areas in the design, verification, and evaluation of an integrated information security system. System integration currently appears to be the single largest programatic problem. The authors examine two important design areas: design verification and porting Unix System V to a LOCK host. The verification tools seem able to verify design only and not implementation.<<ETX>>","PeriodicalId":126792,"journal":{"name":"Proceedings. 1989 IEEE Symposium on Security and Privacy","volume":"159 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1989-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126594691","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 38
Formal model of a trusted file server 可信文件服务器的正式模型
Proceedings. 1989 IEEE Symposium on Security and Privacy Pub Date : 1989-05-01 DOI: 10.1109/SECPRI.1989.36290
J. C. Williams, G. Dinolt
{"title":"Formal model of a trusted file server","authors":"J. C. Williams, G. Dinolt","doi":"10.1109/SECPRI.1989.36290","DOIUrl":"https://doi.org/10.1109/SECPRI.1989.36290","url":null,"abstract":"The authors present a formal, mathematical model for a trusted file server (TFS) for a multilevel secure distributed computer system. The goal is to produce formal verification from the top-level specification down through code for the entire system of which a TFS is one component. By viewing the TFS as a black box, it is possible to specify its security as a relation that must hold invariantly between an output stream of responses and an input stream of requests. Using the proposed approach, the authors have provided a small (perhaps minimal) set of compromise security constraints on the TFS. They have produced an implementation of the TFS in Gypsy and verified that the implementation satisfies this model. It is also shown that the specified relation is stronger than noninterference, and that a noninterference model cannot cover the security-relevant functionality of deleting or changing the size of a file.<<ETX>>","PeriodicalId":126792,"journal":{"name":"Proceedings. 1989 IEEE Symposium on Security and Privacy","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1989-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129023386","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
A proposal for a verification-based virus filter 基于验证的病毒过滤器的建议
Proceedings. 1989 IEEE Symposium on Security and Privacy Pub Date : 1989-05-01 DOI: 10.1109/SECPRI.1989.36306
S. D. Crocker, M. Pozzo
{"title":"A proposal for a verification-based virus filter","authors":"S. D. Crocker, M. Pozzo","doi":"10.1109/SECPRI.1989.36306","DOIUrl":"https://doi.org/10.1109/SECPRI.1989.36306","url":null,"abstract":"An approach for filtering out programs that make unauthorized modifications is outlined. The approach is based on formal specification and verification techniques, is fail-safe, and does not require any special architectural support.<<ETX>>","PeriodicalId":126792,"journal":{"name":"Proceedings. 1989 IEEE Symposium on Security and Privacy","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1989-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133855284","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
A security model for object-oriented databases 面向对象数据库的安全模型
Proceedings. 1989 IEEE Symposium on Security and Privacy Pub Date : 1989-05-01 DOI: 10.1109/SECPRI.1989.36285
E. Fernández, E. Gudes, Haiyan Song
{"title":"A security model for object-oriented databases","authors":"E. Fernández, E. Gudes, Haiyan Song","doi":"10.1109/SECPRI.1989.36285","DOIUrl":"https://doi.org/10.1109/SECPRI.1989.36285","url":null,"abstract":"An authorization model for object-oriented databases is developed. This model consists of a set of policies, a structure for authorization rules, and an algorithm to evaluate access requests against the authorization rules. The model is illustrated by a specific database system intended for CAD/CAM (computer-aided design/manufacturing) applications, and incorporates knowledge rules with a database of objects combined through an object-oriented semantic association model (OSAM). The database is composed of objects that include a collection of facts and a collection of relevant rules. All the knowledge manipulation operations can be used to express the rules. Some of these rules could be integrity or security rule, i.e. they could be the basis for a mechanism to enforce integrity or security.<<ETX>>","PeriodicalId":126792,"journal":{"name":"Proceedings. 1989 IEEE Symposium on Security and Privacy","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1989-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125593810","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 42
Symbol security condition considered harmful 符号安全状态被认为是有害的
Proceedings. 1989 IEEE Symposium on Security and Privacy Pub Date : 1989-05-01 DOI: 10.1109/SECPRI.1989.36275
M. Schaefer
{"title":"Symbol security condition considered harmful","authors":"M. Schaefer","doi":"10.1109/SECPRI.1989.36275","DOIUrl":"https://doi.org/10.1109/SECPRI.1989.36275","url":null,"abstract":"The author identifies. interprets, and examines the requirements in the Department of Defense trusted computer system evaluation criteria (TCSEC) for the application of formal methods to the system design. The requirements are placed in their historical context to trace their origin. The TCSEC is found to have eliminated some widely-accepted, and critical, security assurance and analysis processes from its trust requirements. It is concluded that despite the flaws and omissions that occur in the published TCSEC, formal design verification is still of some potential value. However, use should not be considered to be an end in itself and may be harmful if applied as such.<<ETX>>","PeriodicalId":126792,"journal":{"name":"Proceedings. 1989 IEEE Symposium on Security and Privacy","volume":"73 1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1989-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132456794","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 21
A model for specifying multi-granularity integrity policies 用于指定多粒度完整性策略的模型
Proceedings. 1989 IEEE Symposium on Security and Privacy Pub Date : 1989-05-01 DOI: 10.1109/SECPRI.1989.36301
L. Badger
{"title":"A model for specifying multi-granularity integrity policies","authors":"L. Badger","doi":"10.1109/SECPRI.1989.36301","DOIUrl":"https://doi.org/10.1109/SECPRI.1989.36301","url":null,"abstract":"Systems which provide integrity controls are presented in terms of a request-response paradigm. This paradigm involves modeling the manner in which valid requests are made, a system's method of deciding whether or not to service a request, and the manner in which a system state are performed only in authorized ways. A novel feature of the model is that integrity policies, which are restrictions on how data may be modified, are defined at multiple levels of granularity. At the finest and lowest level of granularity, restrictions are placed directly on how data items may be modified; at successive and more coarse levels of granularity, restrictions are defined in terms provided by lower levels. A hierarchical technique for organizing computations, nested transactions, is adapted for this purpose. Integrity policies expressed in this framework are properties of computations which can be specified and related to other desirable properties, such as concurrent execution and fault tolerance.<<ETX>>","PeriodicalId":126792,"journal":{"name":"Proceedings. 1989 IEEE Symposium on Security and Privacy","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1989-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132361554","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Defending systems against viruses through cryptographic authentication 通过加密身份验证保护系统免受病毒侵害
Proceedings. 1989 IEEE Symposium on Security and Privacy Pub Date : 1989-05-01 DOI: 10.1109/SECPRI.1989.36305
G. Davida, Y. Desmedt, B. Matt
{"title":"Defending systems against viruses through cryptographic authentication","authors":"G. Davida, Y. Desmedt, B. Matt","doi":"10.1109/SECPRI.1989.36305","DOIUrl":"https://doi.org/10.1109/SECPRI.1989.36305","url":null,"abstract":"The author describes the use of cryptographic authentication for controlling computer viruses. The objective is to protect against viruses infecting software distributions, updates, and programs stored or executed on a system. The authentication determines the source and integrity of an executable, relying on the source to produce virus-free software. The scheme relies on a trusted (and verifiable, where possible) device, the authenticator, used to authenticate and update programs and convert programs between the various formats. In addition, each user's machine uses a similar device to perform run-time checking.<<ETX>>","PeriodicalId":126792,"journal":{"name":"Proceedings. 1989 IEEE Symposium on Security and Privacy","volume":"85 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1989-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116077466","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 39
Authenticated group key distribution scheme for a large distributed network 大型分布式网络的认证组密钥分发方案
Proceedings. 1989 IEEE Symposium on Security and Privacy Pub Date : 1989-05-01 DOI: 10.1109/SECPRI.1989.36304
L. Harn, T. Kiesler
{"title":"Authenticated group key distribution scheme for a large distributed network","authors":"L. Harn, T. Kiesler","doi":"10.1109/SECPRI.1989.36304","DOIUrl":"https://doi.org/10.1109/SECPRI.1989.36304","url":null,"abstract":"The authors propose a decentralized key distribution scheme. In this scheme, there are as many local key centers as needed and each user needs to select a key center at which to register when first joining the network. The most significant feature of the method is that each center needs only a single secret key. All personal keys that it needs for delivering encrypted keys to groups of users can be derived from this single key through a one-way function.<<ETX>>","PeriodicalId":126792,"journal":{"name":"Proceedings. 1989 IEEE Symposium on Security and Privacy","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1989-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128574980","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Aggregation and inference: facts and fallacies 聚合和推理:事实和谬误
Proceedings. 1989 IEEE Symposium on Security and Privacy Pub Date : 1989-05-01 DOI: 10.1109/SECPRI.1989.36284
T. Lunt
{"title":"Aggregation and inference: facts and fallacies","authors":"T. Lunt","doi":"10.1109/SECPRI.1989.36284","DOIUrl":"https://doi.org/10.1109/SECPRI.1989.36284","url":null,"abstract":"The author examines inference and aggregation problems that can arise in multilevel relational database systems and points out some fallacies in current thinking about these problems that may hinder real progress from being made toward their solution. She distinguishes several different types of aggregation and inference problems and shows that the different types of problems are best addressed by different approaches. In particular, it is shown that sensitive associations among entities of different types are best treated by representing the sensitive association separately and classifying the individual entities low and the relationship high. Sensitive associations among the various properties of an entity are best treated by determining those properties that contribute most to the inference and by storing those separately at a higher classification. Sensitive associations among entities of the same type are best treated by storing the individual data items comprising the aggregate at the aggregate-high classification; they must be sanitized for release to lower-level users. The suggested approaches allow the mandatory reference monitor to protect the sensitive associations, with no additional trusted mechanism needed.<<ETX>>","PeriodicalId":126792,"journal":{"name":"Proceedings. 1989 IEEE Symposium on Security and Privacy","volume":"47 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1989-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132903524","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 93
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信