发布求助
文献互助 智能选刊 最新文献

Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security最新文献

筛选
英文 中文
Experimental results of covert channel limitation in one-way communication systems 单向通信系统中隐蔽信道限制的实验结果
Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security Pub Date : 1997-02-10 DOI: 10.1109/NDSS.1997.579214
N. Ogurtsov, H. Orman, R. Schroeppel, S. O'Malley, O. Spatscheck
{"title":"Experimental results of covert channel limitation in one-way communication systems","authors":"N. Ogurtsov, H. Orman, R. Schroeppel, S. O'Malley, O. Spatscheck","doi":"10.1109/NDSS.1997.579214","DOIUrl":"https://doi.org/10.1109/NDSS.1997.579214","url":null,"abstract":"With the increasing growth of electronic communications, it is becoming important to provide a mechanism for enforcing various security policies on network communications. This paper discusses our implementation of several previously proposed protocols that enforce the Bell-LaPadula (1973) security model. We also introduce a new protocol called \"Quantized Pump\" that offers several advantages, and present experimental results to support our claims.","PeriodicalId":224439,"journal":{"name":"Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-02-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114671886","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
Distributed authentication in Kerberos using public key cryptography Kerberos中使用公钥加密的分布式身份验证
Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security Pub Date : 1997-02-10 DOI: 10.1109/NDSS.1997.579231
M. Sirbu, J. Chuang
{"title":"Distributed authentication in Kerberos using public key cryptography","authors":"M. Sirbu, J. Chuang","doi":"10.1109/NDSS.1997.579231","DOIUrl":"https://doi.org/10.1109/NDSS.1997.579231","url":null,"abstract":"The authors describe a method for fully distributed authentication using public key cryptography within the Kerberos ticket framework. By distributing most of the authentication workload away from the trusted intermediary and to the communicating parties, significant enhancements to security and scalability can be achieved as compared to Kerberos V5. Privacy of Kerberos clients is also enhanced. A working implementation of this extended protocol has been developed, and a migration plan is proposed for a transition from traditional to public key based Kerberos.","PeriodicalId":224439,"journal":{"name":"Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-02-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114949258","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 95
Securing Web access with DCE 使用DCE保护Web访问
Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security Pub Date : 1997-02-10 DOI: 10.1109/NDSS.1997.579227
B. Schimpf
{"title":"Securing Web access with DCE","authors":"B. Schimpf","doi":"10.1109/NDSS.1997.579227","DOIUrl":"https://doi.org/10.1109/NDSS.1997.579227","url":null,"abstract":"Internet tools, especially Web browsers and servers, are being widely used for information access. However, these tools have some limitations in terms of the security available for those information accesses and of the robustness and availability of the infrastructure used to provide that security. This paper describes work done to utilize the security services and infrastructure of the Open Software Foundation (OSF) Distributed Computing Environment (DCE) to secure Web accesses. This work was done as part of an Advanced Technology Offering (ATO) by the OSF Research Institute jointly with Gradient Technologies Inc. and other ATO sponsors. A practical implementation has been completed. These combined technologies allow users to securely access both Web documents and application servers from a variety of desktop systems using standard, off-the-shelf Web browsers.","PeriodicalId":224439,"journal":{"name":"Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-02-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128802417","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Hierarchical organization of certification authorities for secure environments 用于安全环境的证书颁发机构的分层组织
Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security Pub Date : 1997-02-10 DOI: 10.1109/NDSS.1997.579229
L. Lopez, J. Carracedo
{"title":"Hierarchical organization of certification authorities for secure environments","authors":"L. Lopez, J. Carracedo","doi":"10.1109/NDSS.1997.579229","DOIUrl":"https://doi.org/10.1109/NDSS.1997.579229","url":null,"abstract":"The paper presents a model of hierarchical organization of certification authorities which can be applied to any open system network. In order to study the feasibility of the proposed model, a pilot experiment within a university environment is being carried out. The authors have developed an application which provides the users with security services using X.509 certificates. The authors have also developed a security server to provide RSA keys and management of certificates. The hierarchical infrastructure that is being created needs a multi-level policy which implies the use of various types of documents which are managed by people with different roles. One of the objectives being followed is to formalize the treatment of the information about policy, for which some components of the extensions field of the version 3 certificate have been used and other new ones are proposed.","PeriodicalId":224439,"journal":{"name":"Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security","volume":"116 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-02-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127683113","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Misplaced trust: Kerberos 4 session keys 错误的信任:Kerberos 4会话密钥
Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security Pub Date : 1997-02-10 DOI: 10.1109/NDSS.1997.579221
Bryn Dole, S. Lodin, E. Spafford
{"title":"Misplaced trust: Kerberos 4 session keys","authors":"Bryn Dole, S. Lodin, E. Spafford","doi":"10.1109/NDSS.1997.579221","DOIUrl":"https://doi.org/10.1109/NDSS.1997.579221","url":null,"abstract":"One of the commonly accepted principles of software design for security is that making the source code openly available leads to better security. The presumption is that the open publication of source code will lead others to review the code for errors, however this openness is no guarantee of correctness. One of the most widely published and used pieces of security software in recent memory is the MIT implementation of the Kerberos authentication protocol. In the design of the protocol, random session keys are the basis for establishing the authenticity of service requests. Because of the way that the Kerberos Version 4 implementation selected its random keys, the secret keys could easily be guessed in a matter of seconds. This paper discusses the difficulty of generating good random numbers, the mistakes that were made in implementing Kerberos Version 4, and the breakdown of software engineering that allowed this flaw to remain unfixed for ten years. We discuss this as a particularly notable example of the need to examine security-critical code carefully, even when it is made publicly available.","PeriodicalId":224439,"journal":{"name":"Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security","volume":"704 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-02-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132314783","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 21
Securing the Nimrod routing architecture 保护宁录路由架构
Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security Pub Date : 1997-02-10 DOI: 10.1109/NDSS.1997.579223
Karen E. Sirois, S. Kent
{"title":"Securing the Nimrod routing architecture","authors":"Karen E. Sirois, S. Kent","doi":"10.1109/NDSS.1997.579223","DOIUrl":"https://doi.org/10.1109/NDSS.1997.579223","url":null,"abstract":"This paper describes the work undertaken to secure Nimrod, a complex and sophisticated routing system that unifies interior and exterior routing functions. The focus of this work is countering attacks that would degrade or deny service to network subscribers. The work began with an analysis of security requirements for Nimrod, based on a hybrid approach that refines top-down requirements generation with an understanding of attack scenarios and the capabilities and limitations of countermeasures. The countermeasures selected for use here include several newly developed sequence integrity mechanisms, plus a protocol for shared secret establishment. A novel aspect of this work is the protection of subscriber traffic in support of the overall communication availability security goal.","PeriodicalId":224439,"journal":{"name":"Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security","volume":"91 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-02-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124065355","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 39
An interface specification language for automatically analyzing cryptographic protocols 用于自动分析加密协议的接口规范语言
Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security Pub Date : 1997-02-10 DOI: 10.1109/NDSS.1997.579219
S. Brackin
{"title":"An interface specification language for automatically analyzing cryptographic protocols","authors":"S. Brackin","doi":"10.1109/NDSS.1997.579219","DOIUrl":"https://doi.org/10.1109/NDSS.1997.579219","url":null,"abstract":"This paper describes a simple interface specification language (ISL) for cryptographic protocols and their desired properties, and an automatic authentication protocol analyzer (AAPA) that automatically either proves-using an extension of the Gong, Needham, Yahalom (1990) belief logic-that specified protocols have their desired properties, or identifies precisely where these proof attempts fail. The ISL and the AAPA make it easy for protocol designers to incorporate formal analysis into the protocol design process, where they clarify designs and reveals a large class of common errors. The ISL and the AAPA have already shown potential deficiencies in published protocols and been useful in designing new protocols.","PeriodicalId":224439,"journal":{"name":"Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-02-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131962658","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 25
Reducing the cost of security in link-state routing 降低链路状态路由的安全成本
Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security Pub Date : 1997-02-10 DOI: 10.1109/NDSS.1997.579226
R. Hauser, T. Przygienda, G. Tsudik
{"title":"Reducing the cost of security in link-state routing","authors":"R. Hauser, T. Przygienda, G. Tsudik","doi":"10.1109/NDSS.1997.579226","DOIUrl":"https://doi.org/10.1109/NDSS.1997.579226","url":null,"abstract":"Security in link-state routing protocols is a feature that is both desirable and costly. This paper examines the cost of security and presents two techniques for efficient and secure processing of link state updates. The first technique is geared towards a relatively stable internetwork environment while the second is designed with a more volatile environment in mind.","PeriodicalId":224439,"journal":{"name":"Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-02-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114166151","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 127
Continuous assessment of a Unix configuration: integrating intrusion detection and configuration analysis Unix配置的持续评估:集成入侵检测和配置分析
Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security Pub Date : 1997-02-10 DOI: 10.1109/NDSS.1997.579216
Abdelaziz Mounji, B. L. Charlier
{"title":"Continuous assessment of a Unix configuration: integrating intrusion detection and configuration analysis","authors":"Abdelaziz Mounji, B. L. Charlier","doi":"10.1109/NDSS.1997.579216","DOIUrl":"https://doi.org/10.1109/NDSS.1997.579216","url":null,"abstract":"Computer security is a topic of growing concern because, on the one hand, the power of computers continues to increase at exponential speed and all computers are virtually connected to each other and because, on the other hand, the lack of reliability of software systems may cause dramatic and unrecoverable damage to computer systems and hence to the newly emerging computerized society. Among the possible approaches to improve the current situation, expert systems have been advocated to be an important one. Typical tasks that such expert systems attempt to achieve include finding system vulnerabilities and detecting malicious behaviour of users. We extend our intrusion detection system ASAX with a deductive subsystem that allows us to assess the security level of a software configuration on a real time basis. By coupling the two subsystems-intrusion detection and configuration analysis-we moreover achieve a better tuning of the intrusion detection since the system has only to enable intrusion detection rules that are specifically required by the current state of the configuration. We also report some preliminary performance measurements, which suggest that our approach can be practical in real life contexts.","PeriodicalId":224439,"journal":{"name":"Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-02-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127709052","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 30
Blocking Java applets at the firewall 在防火墙阻止Java小程序
Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security Pub Date : 1997-02-10 DOI: 10.1109/NDSS.1997.579215
David M. Martin, S. Rajagopalan, A. Rubin
{"title":"Blocking Java applets at the firewall","authors":"David M. Martin, S. Rajagopalan, A. Rubin","doi":"10.1109/NDSS.1997.579215","DOIUrl":"https://doi.org/10.1109/NDSS.1997.579215","url":null,"abstract":"This paper explores the problem of protecting a site on the Internet against hostile external Java applets while allowing trusted internal applets to run. With careful implementation, a site can be made resistant to current Java security weaknesses as well as those yet to be discovered. In addition, we describe a new attack on certain sophisticated firewalls that is most effectively realized as a Java applet.","PeriodicalId":224439,"journal":{"name":"Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security","volume":"89 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-02-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133624817","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 55
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信