发布求助
文献互助 智能选刊 最新文献

Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344)最新文献

筛选
英文 中文
A user-centered, modular authorization service built on an RBAC foundation 以用户为中心的模块化授权服务,构建在RBAC基础上
Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344) Pub Date : 1999-05-09 DOI: 10.1109/SECPRI.1999.766718
M. Zurko, Richard T. Simon, T. Sanfilippo
{"title":"A user-centered, modular authorization service built on an RBAC foundation","authors":"M. Zurko, Richard T. Simon, T. Sanfilippo","doi":"10.1109/SECPRI.1999.766718","DOIUrl":"https://doi.org/10.1109/SECPRI.1999.766718","url":null,"abstract":"Psychological acceptability has been mentioned as a requirement for secure systems for as long as least privilege and fail safe defaults, but until now has been all but ignored in the actual design of secure systems. We place this principle at the center of our design for Adage, an authorization service for distributed applications. We employ usability design techniques to specify and test the features of our authorization language and the corresponding administrative GUI. Our testing results reinforce our initial design center and suggest directions for deployment of our authorization services. A modular architecture allows us to experiment with our design during short term integration, and evolve it for longer term exploration. An RBAC foundation enables coherent design of flexible authorization constraints and queries. We discuss lessons learned from the implementation of this service through a planned deployment in a context that must balance new research in risk management with dependencies on legacy services.","PeriodicalId":204019,"journal":{"name":"Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344)","volume":"162 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1999-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114845257","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 103
20 years of covert channel modeling and analysis 20年的隐蔽通道建模和分析
Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344) Pub Date : 1999-05-09 DOI: 10.1109/SECPRI.1999.766906
J. Millen
{"title":"20 years of covert channel modeling and analysis","authors":"J. Millen","doi":"10.1109/SECPRI.1999.766906","DOIUrl":"https://doi.org/10.1109/SECPRI.1999.766906","url":null,"abstract":"Covert channels emerged in mystery and departed in confusion. Covert channels are a means of communication between two processes that are not permitted to communicate, but do so anyway, a few bits at a time, by affecting shared resources. Information hiding is slightly different: the two communicating parties are allowed to talk, but the content is censored and restricted to certain subjects. The trick is to \"piggyback\" some contraband data invisibly on the legitimate content. The canonical example of this is to use the low-order two bits of each pixel in a picture for your secret message, since no one would notice if they were changed. When a similar idea was applied to smuggle information in network headers, we called it a network covert channel, mostly because the term \"information hiding\" hadn't been invented yet. The article traces the history of covert channel modeling from 1980 to the present (1999).","PeriodicalId":204019,"journal":{"name":"Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1999-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131203448","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 131
Firmato: a novel firewall management toolkit Firmato:一个新的防火墙管理工具包
Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344) Pub Date : 1999-05-09 DOI: 10.1109/SECPRI.1999.766714
Y. Bartal, Alain J. Mayer, Kobbi Nissim, A. Wool
{"title":"Firmato: a novel firewall management toolkit","authors":"Y. Bartal, Alain J. Mayer, Kobbi Nissim, A. Wool","doi":"10.1109/SECPRI.1999.766714","DOIUrl":"https://doi.org/10.1109/SECPRI.1999.766714","url":null,"abstract":"In recent years, packet filtering firewalls have seen some impressive technological advances (e.g., stateful inspection, transparency, performance, etc.) and widespread deployment. In contrast, firewall and security management technology is lacking. We present Firmato, a firewall management toolkit, with the following distinguishing properties and components: (1) an entity relationship model containing, in a unified form, global knowledge of the security policy and of the network topology; (2) a model definition language, which we use as an interface to define an instance of the entity relationship model; (3) a model compiler translating the global knowledge of the model into firewall-specific configuration files; and (4) a graphical firewall rule illustrator. We demonstrate Firmato's capabilities on a realistic example, thus showing that firewall management can be done successfully at an appropriate level of abstraction. We implemented our toolkit to work with a commercially available firewall product. We believe that our approach is an important step towards streamlining the process of configuring and managing firewalls, especially in complex, multi firewall installations.","PeriodicalId":204019,"journal":{"name":"Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344)","volume":"57 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1999-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114984656","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 414
Local reconfiguration policies 本地重构策略
Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344) Pub Date : 1999-05-09 DOI: 10.1109/SECPRI.1999.766717
J. Millen
{"title":"Local reconfiguration policies","authors":"J. Millen","doi":"10.1109/SECPRI.1999.766717","DOIUrl":"https://doi.org/10.1109/SECPRI.1999.766717","url":null,"abstract":"Survivable systems are modelled abstractly as collections of services supported by any of a set of configurations of components. Reconfiguration to restore services as a result of component failure is viewed as a kind of \"flow\" analogous to information flow. We apply C. Meadows' (1990) theorem on datset aggregates to characterize the maximum safe flow policy for distributed systems. For reconfiguration, safety means that services are preserved and that that reconfiguration rules may be stated and applied locally, with respect to just the failed components.","PeriodicalId":204019,"journal":{"name":"Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1999-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133095598","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
A multi-threading architecture for multilevel secure transaction processing 用于多级安全事务处理的多线程体系结构
Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344) Pub Date : 1999-05-01 DOI: 10.1109/SECPRI.1999.766912
Haruna R. Isa, W. Shockley, C. Irvine
{"title":"A multi-threading architecture for multilevel secure transaction processing","authors":"Haruna R. Isa, W. Shockley, C. Irvine","doi":"10.1109/SECPRI.1999.766912","DOIUrl":"https://doi.org/10.1109/SECPRI.1999.766912","url":null,"abstract":"A TCB and security kernel architecture for supporting multi-threaded, queue-driven transaction processing applications in a multilevel secure environment is presented. Our design exploits hardware security features of the Intel 80/spl times/86 processor family. Intel's CPU architecture provides hardware with two distinct descriptor tables. We use one of these in the usual way for process isolation. For each process, the descriptor table holds the descriptors of \"system-low\" segments, such as code segments, used by every thread in a process. We use the second table to hold descriptors for segments known to individual threads within the process. This allocation, together with an appropriately designed scheduling policy, permits us to avoid the full cost of process creation when only switching between threads of different security classes in the same process. Where large numbers of transactions are encountered on transaction queues, this approach has benefits over traditional multilevel systems.","PeriodicalId":204019,"journal":{"name":"Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1999-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117261376","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Detecting intrusions using system calls: alternative data models 使用系统调用检测入侵:替代数据模型
Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344) Pub Date : 1900-01-01 DOI: 10.1109/SECPRI.1999.766910
C. Warrender, S. Forrest, Barak A. Pearlmutter
{"title":"Detecting intrusions using system calls: alternative data models","authors":"C. Warrender, S. Forrest, Barak A. Pearlmutter","doi":"10.1109/SECPRI.1999.766910","DOIUrl":"https://doi.org/10.1109/SECPRI.1999.766910","url":null,"abstract":"Intrusion detection systems rely on a wide variety of observable data to distinguish between legitimate and illegitimate activities. We study one such observable-sequences of system calls into the kernel of an operating system. Using system-call data sets generated by several different programs, we compare the ability of different data modeling methods to represent normal behavior accurately and to recognize intrusions. We compare the following methods: simple enumeration of observed sequences; comparison of relative frequencies of different sequences; a rule induction technique; and hidden Markov models (HMMs). We discuss the factors affecting the performance of each method and conclude that for this particular problem, weaker methods than HMMs are likely sufficient.","PeriodicalId":204019,"journal":{"name":"Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130023763","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1264
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信