发布求助
文献互助 智能选刊 最新文献

19th IEEE Computer Security Foundations Workshop (CSFW'06)最新文献

筛选
英文 中文
A framework for establishing decentralized secure coalitions 建立分散安全联盟的框架
19th IEEE Computer Security Foundations Workshop (CSFW'06) Pub Date : 2006-07-05 DOI: 10.1109/CSFW.2006.5
Hongbin Zhou, S. Foley
{"title":"A framework for establishing decentralized secure coalitions","authors":"Hongbin Zhou, S. Foley","doi":"10.1109/CSFW.2006.5","DOIUrl":"https://doi.org/10.1109/CSFW.2006.5","url":null,"abstract":"A coalition provides a virtual space across a network that allows its members to interact in a transparent manner. Coalitions may be formed for a variety of purposes. These range from simple spaces used by individuals to share resources and exchange information, to highly structured environments in which businesses and applications operate and may be governed according to regulation and contract (security policy). Coalitions may spawn further coalitions and coalitions may come-together and/or merge. This paper describes a logic-based language that provides a foundation for coalition regulation and contract in a manner that avoids authorization subterfuge and has a number of novel features that make it applicable to open systems. The language provides inter- and intra-coalition delegation, including identity, role and threshold based delegation operations. The logic is used to describe a decentralized infrastructure for establishing and regulating these coalitions. Coalitions are formed with the involvement of founders, constructors and oversight. Constructors are responsible for properly creating a coalition; this service can be provided by a third party. If the service is improperly provided then the constructor is subject to a penalty, which may be collected by another third party providing oversight","PeriodicalId":131951,"journal":{"name":"19th IEEE Computer Security Foundations Workshop (CSFW'06)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-07-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125397546","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
Information-flow security for interactive programs 交互式程序的信息流安全
19th IEEE Computer Security Foundations Workshop (CSFW'06) Pub Date : 2006-07-05 DOI: 10.1109/CSFW.2006.16
K. O'Neill, Michael R. Clarkson, Stephen Chong
{"title":"Information-flow security for interactive programs","authors":"K. O'Neill, Michael R. Clarkson, Stephen Chong","doi":"10.1109/CSFW.2006.16","DOIUrl":"https://doi.org/10.1109/CSFW.2006.16","url":null,"abstract":"Interactive programs allow users to engage in input and output throughout execution. The ubiquity of such programs motivates the development of models for reasoning about their information-flow security, yet no such models seem to exist for imperative programming languages. Further, existing language-based security conditions founded on noninteractive models permit insecure information flows in interactive imperative programs. This paper formulates new strategy-based information-flow security conditions for a simple imperative programming language that includes input and output operators. The semantics of the language enables a fine-grained approach to the resolution of nondeterministic choices. The security conditions leverage this approach to prohibit refinement attacks while still permitting observable nondeterminism. Extending the language with probabilistic choice yields a corresponding definition of probabilistic noninterference. A soundness theorem demonstrates the feasibility of statically enforcing the security conditions via a simple type system. These results constitute a step toward understanding and enforcing information-flow security in real-world programming languages, which include similar input and output operators","PeriodicalId":131951,"journal":{"name":"19th IEEE Computer Security Foundations Workshop (CSFW'06)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-07-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127568965","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 90
On key assignment for hierarchical access control 分级访问控制的密钥分配
19th IEEE Computer Security Foundations Workshop (CSFW'06) Pub Date : 2006-07-05 DOI: 10.1109/CSFW.2006.20
J. Crampton, K. Martin, P. Wild
{"title":"On key assignment for hierarchical access control","authors":"J. Crampton, K. Martin, P. Wild","doi":"10.1109/CSFW.2006.20","DOIUrl":"https://doi.org/10.1109/CSFW.2006.20","url":null,"abstract":"A key assignment scheme is a cryptographic technique for implementing an information flow policy, sometimes known as hierarchical access control. All the research to date on key assignment schemes has focused on particular encryption techniques rather than an analysis of what features are required of such a scheme. To remedy this we propose a family of generic key assignment schemes and compare their respective advantages. We note that every scheme in the literature is simply an instance of one of our generic schemes. We then conduct an analysis of the Aki-Taylor scheme and propose a number of improvements. We also demonstrate that many of the criticisms that have been made of this scheme in respect of key updates are unfounded, finally, exploiting the deeper understanding we have acquired of key assignment schemes, we introduce a technique for exploiting the respective advantages of different schemes","PeriodicalId":131951,"journal":{"name":"19th IEEE Computer Security Foundations Workshop (CSFW'06)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-07-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130002245","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 133
Secrecy by typing and file-access control 通过打字和文件访问控制保密
19th IEEE Computer Security Foundations Workshop (CSFW'06) Pub Date : 2006-07-05 DOI: 10.1109/CSFW.2006.28
A. Chaudhuri, M. Abadi
{"title":"Secrecy by typing and file-access control","authors":"A. Chaudhuri, M. Abadi","doi":"10.1109/CSFW.2006.28","DOIUrl":"https://doi.org/10.1109/CSFW.2006.28","url":null,"abstract":"Secrecy properties can he guaranteed through a combination of static and dynamic checks. The static checks may include the application of special type systems with notions of secrecy. The dynamic checks can be of many different kinds; in practice, the most important are access-control checks, often ones based on ACLs (access-control lists). In this paper, we explore the interplay of static and dynamic checks in the setting of a file system. For this purpose, we study a pi calculus with file-system constructs. The calculus supports both access-control checks and a form of static scoping that limits the knowledge of terms - including file names and contents - to groups of clients. We design a system with secrecy types for the calculus: using this system, we can prove secrecy properties by static typing of programs in the presence of file-system access-control checks","PeriodicalId":131951,"journal":{"name":"19th IEEE Computer Security Foundations Workshop (CSFW'06)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-07-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125110159","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 20
Securing interaction between threads and the scheduler 保护线程和调度器之间的交互
19th IEEE Computer Security Foundations Workshop (CSFW'06) Pub Date : 2006-07-05 DOI: 10.1109/CSFW.2006.29
Alejandro Russo, A. Sabelfeld
{"title":"Securing interaction between threads and the scheduler","authors":"Alejandro Russo, A. Sabelfeld","doi":"10.1109/CSFW.2006.29","DOIUrl":"https://doi.org/10.1109/CSFW.2006.29","url":null,"abstract":"The problem of information flow in multithreaded programs remains an important open challenge. Existing approaches to specifying and enforcing information flow security often suffer from over-restrictiveness, relying on non-standard semantics, lack of compositionality, inability to handle dynamic threads, scheduler dependence, and efficiency overhead for code that results from security-enforcing transformations. This paper suggests a remedy for some of these shortcomings by developing a novel treatment of the interaction between threads and the scheduler. As a result, we present a permissive noninterference-like security specification and a compositional security type system that provably enforces this specification. The type system guarantees security for a wide class of schedulers and provides a flexible and efficiency-friendly treatment of dynamic threads","PeriodicalId":131951,"journal":{"name":"19th IEEE Computer Security Foundations Workshop (CSFW'06)","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-07-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122656315","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 65
Independence from obfuscation: a semantic framework for diversity 独立于混淆:多样性的语义框架
19th IEEE Computer Security Foundations Workshop (CSFW'06) Pub Date : 2006-07-05 DOI: 10.3233/JCS-2009-0379
Riccardo Pucella, F. Schneider
{"title":"Independence from obfuscation: a semantic framework for diversity","authors":"Riccardo Pucella, F. Schneider","doi":"10.3233/JCS-2009-0379","DOIUrl":"https://doi.org/10.3233/JCS-2009-0379","url":null,"abstract":"A set of replicas is diverse to the extent that all implement the same functionality but differ in their implementation details. Diverse replicas are less prone to having vulnerabilities in common, because attacks typically depend on memory layout and/or instruction-sequence specifics. Recent work advocates using mechanical means, such as program rewriting, to create such diversity. A correspondence between the specific transformations being employed and the attacks they defend against is often provided, but little has been said about the overall effectiveness of diversity per se in defending against attacks. With this broader goal in mind, we here give a precise characterization of attacks, applicable to viewing diversity as a defense, and also show how mechanically-generated diversity compares to a well-understood defense: strong typing","PeriodicalId":131951,"journal":{"name":"19th IEEE Computer Security Foundations Workshop (CSFW'06)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-07-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129286471","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 48
Cryptographically sound theorem proving 密码学可靠定理证明
19th IEEE Computer Security Foundations Workshop (CSFW'06) Pub Date : 2006-07-05 DOI: 10.1109/CSFW.2006.10
C. Sprenger, M. Backes, D. Basin, B. Pfitzmann, M. Waidner
{"title":"Cryptographically sound theorem proving","authors":"C. Sprenger, M. Backes, D. Basin, B. Pfitzmann, M. Waidner","doi":"10.1109/CSFW.2006.10","DOIUrl":"https://doi.org/10.1109/CSFW.2006.10","url":null,"abstract":"We describe a faithful embedding of the Dolev-Yao model of Backes, Pfitzmann, and Waidner (CCS 2003) in the theorem prover Isabelle/HOL. This model is cryptographically sound in the strong sense of blackbox reactive simulatability/UC, which essentially entails the preservation of arbitrary security properties under active attacks and in arbitrary protocol environments. The main challenge in designing a practical formalization of this model is to cope with the complexity of providing such strong soundness guarantees. We reduce this complexity by abstracting the model into a sound, light-weight formalization that enables both concise property specifications and efficient application of our proof strategies and their supporting proof tools. This yields the first tool-supported framework for symbolically verifying security protocols that enjoys the strong cryptographic soundness guarantees provided by reactive simulatability/UC As a proof of concept, we have proved the security of the Needham-Schroeder-Lowe protocol using our framework","PeriodicalId":131951,"journal":{"name":"19th IEEE Computer Security Foundations Workshop (CSFW'06)","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-07-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132983849","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 66
Privacy APIs: access control techniques to analyze and verify legal privacy policies 隐私api:访问控制技术,用于分析和验证合法的隐私策略
19th IEEE Computer Security Foundations Workshop (CSFW'06) Pub Date : 2006-07-05 DOI: 10.1109/CSFW.2006.24
Michael J. May, Carl A. Gunter, Insup Lee
{"title":"Privacy APIs: access control techniques to analyze and verify legal privacy policies","authors":"Michael J. May, Carl A. Gunter, Insup Lee","doi":"10.1109/CSFW.2006.24","DOIUrl":"https://doi.org/10.1109/CSFW.2006.24","url":null,"abstract":"There is a growing interest in establishing rules to regulate the privacy of citizens in the treatment of sensitive personal data such as medical and financial records. Such rules must be respected by software used in these sectors. The regulatory statements are somewhat informal and must be interpreted carefully in the software interface to private data. This paper describes techniques to formalize regulatory privacy rules and how to exploit this formalization to analyze the rules automatically. Our formalism, which we call privacy APIs, is an extension of access control matrix operations to include (1) operations for notification and logging and (2) constructs that ease the mapping between legal and formal language. We validate the expressive power of privacy APIs by encoding the 2000 and 2003 HIPAA consent rules in our system. This formalization is then encoded into Promela and we validate the usefulness of the formalism by using the SPIN model checker to verify properties that distinguish the two versions of HIPAA","PeriodicalId":131951,"journal":{"name":"19th IEEE Computer Security Foundations Workshop (CSFW'06)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-07-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130298063","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 133
Decentralized robustness 分散鲁棒性
19th IEEE Computer Security Foundations Workshop (CSFW'06) Pub Date : 2006-07-05 DOI: 10.1109/CSFW.2006.11
Stephen Chong, A. Myers
{"title":"Decentralized robustness","authors":"Stephen Chong, A. Myers","doi":"10.1109/CSFW.2006.11","DOIUrl":"https://doi.org/10.1109/CSFW.2006.11","url":null,"abstract":"Robustness links confidentiality and integrity properties of a computing system and has been identified as a useful property for characterizing and enforcing security. Previous characterizations of robustness have been with respect to a single idealized attacker; this paper shows how to define robustness for systems with mutual distrust. Further, we demonstrate that the decentralized label model (DLM) can be extended to support fine-grained reasoning about robustness in such systems. The DLM is a natural choice for capturing robustness requirements because decentralized labels are explicitly expressed in terms of principals that can be used to characterize the power of attackers across both the confidentiality and integrity axes. New rules are proposed for statically checking robustness and qualified robustness using an extended DLM; the resulting type system is shown to soundly enforce robustness. Finally, sound approximations are developed for checking programs with bounded but unknown label parameters, which is useful for security-typed languages. In sum, the paper shows how to use robustness to gain assurance about secure information flow and information release in systems with complex security requirements","PeriodicalId":131951,"journal":{"name":"19th IEEE Computer Security Foundations Workshop (CSFW'06)","volume":"117 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-07-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121900538","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 64
On the completeness of attack mutation algorithms 攻击变异算法的完备性
19th IEEE Computer Security Foundations Workshop (CSFW'06) Pub Date : 2006-07-05 DOI: 10.1109/CSFW.2006.21
Shai Rubin, S. Jha, B. Miller
{"title":"On the completeness of attack mutation algorithms","authors":"Shai Rubin, S. Jha, B. Miller","doi":"10.1109/CSFW.2006.21","DOIUrl":"https://doi.org/10.1109/CSFW.2006.21","url":null,"abstract":"An attack mutation algorithm takes a known instance of an attack and transforms it into many distinct instances by repeatedly applying attack transformations. Such algorithms are widely used for testing intrusion detection systems. We investigate the notion of completeness of a mutation algorithm: its capability to generate all possible attack instances from a given set of attack transformations. We define the notion of a Phi-complete mutation algorithm. Given a set of transformations Phi, an algorithm is complete with respect to Phi, if it can generate every instance that the transformations in Phi derive. We show that if the rules in Phi are uniform and reversible then a Phi-complete algorithm exists. Intuitively speaking, uniform and reversible transformations mean that we can first exclusively apply transformations that simplify the attack, then exclusively apply transformations that complicate it, and still get all possible instances that are derived by the rules in Phi. Although uniformity and reversibility may appear severe restrictions, we show that common attack transformations are indeed uniform and reversible. Therefore, our Phi-complete algorithm can be incorporated into existing testing tools for intrusion detection systems. Furthermore, we show that a Phi-complete algorithm is useful, not only for testing purposes, but also for determining whether two packet traces are two different mutations of the same attack","PeriodicalId":131951,"journal":{"name":"19th IEEE Computer Security Foundations Workshop (CSFW'06)","volume":"54 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-07-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134061205","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信