发布求助
文献互助 智能选刊 最新文献

Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001最新文献

筛选
英文 中文
Cryptographic security for mobile code 移动代码的加密安全性
Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001 Pub Date : 2001-05-14 DOI: 10.1109/SECPRI.2001.924283
Joy Algesheimer, C. Cachin, J. Camenisch, G. Karjoth
{"title":"Cryptographic security for mobile code","authors":"Joy Algesheimer, C. Cachin, J. Camenisch, G. Karjoth","doi":"10.1109/SECPRI.2001.924283","DOIUrl":"https://doi.org/10.1109/SECPRI.2001.924283","url":null,"abstract":"We address the protection of mobile code against cheating and potentially malicious hosts. We point out that the recent approach based on computing with \"encrypted functions\" is limited to the case where only the code originator learns the result of the completion and the host running the code must not notice anything at all. We argue that if the host is to receive some output of the computation, then securing mobile code requires minimal trust in a third party. Tamper-proof hardware installed on each host has been proposed for this purpose. We introduce a new approach for securely executing (fragments of) mobile code that relies on a minimally trusted third party. This party is a generic independent entity, called the secure computation service, which performs some operations on behalf of the mobile application, but does not learn anything about the encrypted computation. Because it is universal, the secure computation service needs to be only minimally trusted and can serve many different applications. We present a protocol based on tools from theoretical cryptography that is quite practical for computing small functions.","PeriodicalId":20502,"journal":{"name":"Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001","volume":"6 1","pages":"2-11"},"PeriodicalIF":0.0,"publicationDate":"2001-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85804513","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 142
Preserving information flow properties under refinement 保持精化下的信息流属性
Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001 Pub Date : 2001-05-14 DOI: 10.1109/SECPRI.2001.924289
H. Mantel
{"title":"Preserving information flow properties under refinement","authors":"H. Mantel","doi":"10.1109/SECPRI.2001.924289","DOIUrl":"https://doi.org/10.1109/SECPRI.2001.924289","url":null,"abstract":"In a stepwise development process, it is essential that system properties that have been already investigated in some phase need not be re-investigated in later phases. In formal developments, this corresponds to the requirement that properties are presented under refinement. While safety and liveness properties are indeed preserved under most standard forms of refinement, it is well known that this is, in general, not true for information flow properties, a large and useful class of security properties. We propose a collection of refinement operators as a solution to this problem. We prove that these operators preserve information flow as well as other system properties. Thus, information flow properties become compatible with stepwise development. Moreover we show that our operators are an optimal solution.","PeriodicalId":20502,"journal":{"name":"Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001","volume":"91 1","pages":"78-91"},"PeriodicalIF":0.0,"publicationDate":"2001-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88962026","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 90
A trend analysis of exploitations 开发趋势分析
Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001 Pub Date : 2001-05-14 DOI: 10.1109/SECPRI.2001.924300
Hilary K. Browne, W. Arbaugh, J. McHugh, William L. Fithen
{"title":"A trend analysis of exploitations","authors":"Hilary K. Browne, W. Arbaugh, J. McHugh, William L. Fithen","doi":"10.1109/SECPRI.2001.924300","DOIUrl":"https://doi.org/10.1109/SECPRI.2001.924300","url":null,"abstract":"We have conducted an empirical study of a number of computer security exploits and determined that the rates at which incidents involving the exploit are reported to CERT can be modeled using a common mathematical framework. Data associated with three significant exploits involving vulnerabilities in phf, imap, and bind can all be modeled using the formula C=I+S/spl times//spl radic/M where C is the cumulative count of reported incidents, M is the time since the start of the exploit cycle, and I and S are the regression coefficients determined by analysis of the incident report data. Further analysis of two additional exploits involving vulnerabilities in mountd and statd confirm the model. We believe that the models will aid in predicting the severity of subsequent vulnerability exploitations, based on the rate of early incident reports.","PeriodicalId":20502,"journal":{"name":"Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001","volume":"13 1","pages":"214-229"},"PeriodicalIF":0.0,"publicationDate":"2001-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79286766","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 121
Performance of public-key-enabled Kerberos authentication in large networks 大型网络中启用公钥的Kerberos身份验证的性能
Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001 Pub Date : 2001-05-14 DOI: 10.1109/SECPRI.2001.924297
Alan Harbitter, D. Menascé
{"title":"Performance of public-key-enabled Kerberos authentication in large networks","authors":"Alan Harbitter, D. Menascé","doi":"10.1109/SECPRI.2001.924297","DOIUrl":"https://doi.org/10.1109/SECPRI.2001.924297","url":null,"abstract":"Several proposals have been made to public-key-enable various stages of the secret-key-based Kerberos network authentication protocol. The computational requirements of public key cryptography are much higher than those of secret key cryptography, and the substitution of public key encryption algorithms for secret key algorithms impacts performance. This paper uses closed, class-switching queuing models to demonstrate the quantitative performance differences between PKCROSS and PKTAPP - two proposals for public-key-enabling Kerberos. Our analysis shows that, while PKTAPP is more efficient for authenticating to a single server, PKCROSS outperforms the simpler protocol if there are two or more remote servers per remote realm. This heuristic can be used to guide a high-level protocol that combines both methods of authentication to improve performance.","PeriodicalId":20502,"journal":{"name":"Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001","volume":"6 1","pages":"170-183"},"PeriodicalIF":0.0,"publicationDate":"2001-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74980025","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 36
SD3: a trust management system with certified evaluation SD3:具有认证评估的信任管理体系
Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001 Pub Date : 2001-05-14 DOI: 10.1109/SECPRI.2001.924291
T. Jim
{"title":"SD3: a trust management system with certified evaluation","authors":"T. Jim","doi":"10.1109/SECPRI.2001.924291","DOIUrl":"https://doi.org/10.1109/SECPRI.2001.924291","url":null,"abstract":"We introduce SD3, a trust management system consisting of a high-level policy language, a local policy evaluation, and a certificate retrieval system. A unique feature of SD3 is its certified evaluator. As the evaluator computes the answer to a query, it also computes a proof that the answer follows from the security policy. Before the answer is returned, the proof is passed through a simple checker and incorrect proofs are reported as errors. The certified evaluator reduces the trusted computing base and greatly increases our confidence that the answers produced by the evaluator follow from the specification, despite complex optimizations. To illustrate SD3's capabilities, we show how to implement a secure name service, similar to DNSSEC, entirely in SD3.","PeriodicalId":20502,"journal":{"name":"Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001","volume":"26 5 1","pages":"106-115"},"PeriodicalIF":0.0,"publicationDate":"2001-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82854155","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 327
Formal treatment of certificate revocation under communal access control 在公共访问控制下证书撤销的正式处理
Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001 Pub Date : 2001-05-14 DOI: 10.1109/SECPRI.2001.924292
X. Ao, N. Minsky, V. Ungureanu
{"title":"Formal treatment of certificate revocation under communal access control","authors":"X. Ao, N. Minsky, V. Ungureanu","doi":"10.1109/SECPRI.2001.924292","DOIUrl":"https://doi.org/10.1109/SECPRI.2001.924292","url":null,"abstract":"The conventional approach to distributed access control (AC) tends to be server-centric. Under this approach, each server establishes its own policy regarding the use of its resources and services by its clients. The choice of this policy, and its implementation, are generally considered the prerogative of each individual server. This approach to access control may be appropriate for many current client-server applications, where the server is an autonomous agent, in complete charge of its resources. It is not suitable for the growing class of applications where a group of servers, and sometimes their clients, belong to a single enterprise, and are subject to the enterprise-wide policy governing them all. One may not be able to entrust such an enterprise-wide policy to the individual servers, for two reasons: first, it is hard to ensure that an heterogeneous set of servers implement exactly the same policy. Second, as demonstrate, an AC policy can have aspects that cannot, in principle, be implemented by servers alone. As argued in a previous paper (Minsky, 2000), what is needed in this situation is a concept of communal policy that governs the interaction between the members of a distributed community of agents involved in some common activity along with a mechanism that provides for the explicit formulation of such policies, and for their scalable enforcement. We focus on the communal treatment of expiration and revocation of the digital certificates used for the authentication of the identity and roles of members of the community.","PeriodicalId":20502,"journal":{"name":"Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001","volume":"21 1","pages":"116-127"},"PeriodicalIF":0.0,"publicationDate":"2001-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83522860","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 34
ELK, a new protocol for efficient large-group key distribution ELK是一种新的高效大群密钥分发协议
Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001 Pub Date : 2001-05-14 DOI: 10.1109/SECPRI.2001.924302
A. Perrig, D. Song, J. D. Tygar
{"title":"ELK, a new protocol for efficient large-group key distribution","authors":"A. Perrig, D. Song, J. D. Tygar","doi":"10.1109/SECPRI.2001.924302","DOIUrl":"https://doi.org/10.1109/SECPRI.2001.924302","url":null,"abstract":"Secure media broadcast over the Internet poses unique security challenges. One problem is access control to a large number of subscribers in a public broadcast. A common solution is to encrypt the broadcast data and to disclose the decryption key to legitimate receivers only. However, how do we securely and efficiently establish a shared secret among the legitimate receivers? And most importantly, how can we efficiently update the group key securely if receivers join or leave? How can we provide reliability for key update messages in a way that scales up to large groups? Recent research makes substantial progress to address these challenges. Current schemes feature efficient key update mechanisms assuming that the key updates are communicated reliably to the receivers. In practice, however the principal impediment to achieve a scalable system is to distribute the key updates reliably to all receivers. We have designed and implemented ELK, a novel key distribution protocol, to address these challenges with the following features: ELK features perfectly reliable, super-efficient member joins; ELK uses smaller key update messages than previous protocols; ELK features a mechanism that allows short hint messages to be used for key recovery allowing a tradeoff of communication overhead with member computation; ELK proposes to append a small amount of key update information to data packets, such that the majority of receivers can recover from lost key update messages; and ELK allows to trade off security with communication overhead.","PeriodicalId":20502,"journal":{"name":"Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001","volume":"41 1","pages":"247-262"},"PeriodicalIF":0.0,"publicationDate":"2001-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88496011","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 411
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信