发布求助
文献互助 智能选刊 最新文献

[1989 Proceedings] Fifth Annual Computer Security Applications Conference最新文献

筛选
英文 中文
TCB subsets: the next step TCB子集:下一步
[1989 Proceedings] Fifth Annual Computer Security Applications Conference Pub Date : 1989-12-04 DOI: 10.1109/CSAC.1989.81053
Linda L. Vetter, Gordon Smith, T. Lunt
{"title":"TCB subsets: the next step","authors":"Linda L. Vetter, Gordon Smith, T. Lunt","doi":"10.1109/CSAC.1989.81053","DOIUrl":"https://doi.org/10.1109/CSAC.1989.81053","url":null,"abstract":"The advantages of TCB (trusted computing base) subsetting for building multilevel database systems are discussed, and the architectural impact on the database system when the TCB subsetting approach is used in a real implementation is described. Particular attention is given to such areas of difficulty as concurrency controls, recovery management, and buffer management. In discussing implications for the architecture of the database system, it is noted that the standard ORACLE database system already supports those architectural features that are required, and ORACLE is proceeding with product development and product evaluation projects to extend the promise of TCB subsetting to commercially available ORACLE RDBMS (relational database management system) products on a wide variety of platforms. The SeaView prototype takes advantage of the architectural features of ORACLE with a TCB subsetting approach to achieve a class A1 system that reuses existing TCB and database technology.<<ETX>>","PeriodicalId":284420,"journal":{"name":"[1989 Proceedings] Fifth Annual Computer Security Applications Conference","volume":"67 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1989-12-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121748342","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Security approach for rapid prototyping in multilevel secure systems 多层安全系统中快速成型的安全方法
[1989 Proceedings] Fifth Annual Computer Security Applications Conference Pub Date : 1989-12-04 DOI: 10.1109/CSAC.1989.81073
V. Ashby, T. Gregg, Annabelle Lee
{"title":"Security approach for rapid prototyping in multilevel secure systems","authors":"V. Ashby, T. Gregg, Annabelle Lee","doi":"10.1109/CSAC.1989.81073","DOIUrl":"https://doi.org/10.1109/CSAC.1989.81073","url":null,"abstract":"Use of rapid prototyping to develop Multilevel Secure (MLS) systems requires that security be included in the rapid prototyping process. The literature shows some examples of rapid prototyping applied to secure components. However, little guidance is available for using a rapid prototype to develop an MLS system, consisting of multiple components, that can be accredited in the DOD environment. A methodology is proposed for including security in the rapid prototyping process. In this methodology, assurance that security has been correctly incorporated is provided by four foundation documents: the security concept of operations, the security policy, the security architecture, and the certification and accreditation plan. This methodology increases the probability of producing a rapid prototype without serious security shortfalls.<<ETX>>","PeriodicalId":284420,"journal":{"name":"[1989 Proceedings] Fifth Annual Computer Security Applications Conference","volume":"168 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1989-12-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122658381","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Security audit for embedded avionics systems 嵌入式航空电子系统的安全审计
[1989 Proceedings] Fifth Annual Computer Security Applications Conference Pub Date : 1989-12-04 DOI: 10.1109/CSAC.1989.81031
K. N. Rao
{"title":"Security audit for embedded avionics systems","authors":"K. N. Rao","doi":"10.1109/CSAC.1989.81031","DOIUrl":"https://doi.org/10.1109/CSAC.1989.81031","url":null,"abstract":"The design of security audit subsystems for real-time embedded avionics systems is described. The selection criteria of auditable events and the design of the audit functions are described. The data storage requirements and the data compression features of embedded avionics systems are analyzed. Two data compression algorithms applicable to avionics systems are described. Huffman encoding is optimal, but Fibonacci encoding is shown to be nearly optimal and better suited for airborne avionics systems. The memory capacity needed for audit storage is computed for typical avionics missions.<<ETX>>","PeriodicalId":284420,"journal":{"name":"[1989 Proceedings] Fifth Annual Computer Security Applications Conference","volume":"87 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1989-12-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115789704","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
A model of security monitoring 一个安全监控模型
[1989 Proceedings] Fifth Annual Computer Security Applications Conference Pub Date : 1989-12-04 DOI: 10.1109/CSAC.1989.81024
M. Bishop
{"title":"A model of security monitoring","authors":"M. Bishop","doi":"10.1109/CSAC.1989.81024","DOIUrl":"https://doi.org/10.1109/CSAC.1989.81024","url":null,"abstract":"A formal model of security monitoring that distinguishes two different methods of recording information (logging) and two different methods of analyzing information (auditing) is presented. From this model, implications for the design and use of security monitoring mechanisms are drawn. The model is then applied to security mechanisms for statistical databases, monitoring mechanisms for computer systems, and backups, in order to demonstrate its usefulness. It is concluded that the proposed model of logging and auditing is comprehensive enough to encompass very different schemes used in a variety of contexts. For example. Statistical database query control and file access monitoring systems do not seem to be related, and yet they create closely related security problems, and the mechanisms designed to improve the security of one will also improve the security of the other.<<ETX>>","PeriodicalId":284420,"journal":{"name":"[1989 Proceedings] Fifth Annual Computer Security Applications Conference","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1989-12-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115264380","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 33
Security standards for open systems 开放系统的安全标准
[1989 Proceedings] Fifth Annual Computer Security Applications Conference Pub Date : 1989-12-04 DOI: 10.1109/CSAC.1989.81026
E. Humphreys, W. Ford, M. Stirland, T. Parker
{"title":"Security standards for open systems","authors":"E. Humphreys, W. Ford, M. Stirland, T. Parker","doi":"10.1109/CSAC.1989.81026","DOIUrl":"https://doi.org/10.1109/CSAC.1989.81026","url":null,"abstract":"A panel on security standards for open systems is summarized. The topics discussed are ISO/IEC work on OSI (open systems interconnection) security standards, CCITT DAF (framework for the support of distributed applications) security, and ECMA security standards.<<ETX>>","PeriodicalId":284420,"journal":{"name":"[1989 Proceedings] Fifth Annual Computer Security Applications Conference","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1989-12-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122041174","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Intrusion and anomaly detection in trusted systems 可信系统中的入侵和异常检测
[1989 Proceedings] Fifth Annual Computer Security Applications Conference Pub Date : 1989-12-04 DOI: 10.1109/CSAC.1989.81023
J. Winkler, W. Page
{"title":"Intrusion and anomaly detection in trusted systems","authors":"J. Winkler, W. Page","doi":"10.1109/CSAC.1989.81023","DOIUrl":"https://doi.org/10.1109/CSAC.1989.81023","url":null,"abstract":"A real-time network and host security monitor that allows both interactive and automatic audit trail analysis is described. Audit records, i.e. tokens of actual user behavior, are examined in the context of user profiles, i.e. measures of expected behavior. This system combines a set of statistical tools for both interactive and automatic analysis of audit data, an expert system that works in conjunction with the statistical tools, and a hierarchical set of audit indicators which are based on an indications and warning model. The application of the model makes it possible both to collect audit events at a fine level of granularity and to effectively direct intrusion anomaly detection by defining levels of concern. A set of discrete tools, capabilities, and components is implemented in a hybrid design utilizing control concepts from operating systems theory and problem-solving concepts from blackboard artificial-intelligence systems.<<ETX>>","PeriodicalId":284420,"journal":{"name":"[1989 Proceedings] Fifth Annual Computer Security Applications Conference","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1989-12-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128414001","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 23
Secure database design: an implementation using a secure DBMS 安全数据库设计:使用安全DBMS的实现
[1989 Proceedings] Fifth Annual Computer Security Applications Conference Pub Date : 1989-12-04 DOI: 10.1109/CSAC.1989.81072
Edward D. Sturms
{"title":"Secure database design: an implementation using a secure DBMS","authors":"Edward D. Sturms","doi":"10.1109/CSAC.1989.81072","DOIUrl":"https://doi.org/10.1109/CSAC.1989.81072","url":null,"abstract":"G.W. Smith presented a homework problem at the second annual RADC (Rome Air Development Center) Database Security Workshop and challenged the workshop attendees to provide a prototype database design. In the present work, it is shown that most of the MLS (multilevel secure) design requirements in the homework problem could be implemented on the Sybase Secure SQL Server with no noticeable performance degradation. Most of the data-driven classification constraints are readily solved by the security mechanisms offered in a trusted DBMS (database management system).<<ETX>>","PeriodicalId":284420,"journal":{"name":"[1989 Proceedings] Fifth Annual Computer Security Applications Conference","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1989-12-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122614431","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Report from the second RADC database security workshop 第二届RADC数据库安全研讨会的报告
[1989 Proceedings] Fifth Annual Computer Security Applications Conference Pub Date : 1989-12-04 DOI: 10.1109/CSAC.1989.81067
T. Lunt
{"title":"Report from the second RADC database security workshop","authors":"T. Lunt","doi":"10.1109/CSAC.1989.81067","DOIUrl":"https://doi.org/10.1109/CSAC.1989.81067","url":null,"abstract":"The second RADC (Rome Air Development Center) Invitational Database Security Workshop (held May 15-18 in Bethlehem, New Hampshire) focused on multilevel security issues for Class B3 or A1 database systems. The workshop participants discussed operating system support for secure database systems; database system process privilege; mandatory, discretionary, and need-to-know requirements; modeling issues; auditing; and vendor developments. Perhaps the most valuable part of the workshop was the discussion of the homework problem, a 22-page specification for a multilevel secure (MLS) database. The participants discovered that it is important to know what makes a particular datum classified in order to known how to protect that datum in a secure database system. They also discovered that, for most of the systems under development, the discretionary access controls did not have nearly the flexibility that the application required. It was concluded that discretionary access controls on views are needed, pointing to the need for balanced assurance.<<ETX>>","PeriodicalId":284420,"journal":{"name":"[1989 Proceedings] Fifth Annual Computer Security Applications Conference","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1989-12-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128697127","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
A risk driven process model for the development of trusted systems 用于开发可信系统的风险驱动流程模型
[1989 Proceedings] Fifth Annual Computer Security Applications Conference Pub Date : 1989-12-04 DOI: 10.1109/CSAC.1989.81050
A. Marmor-Squires, J. McHugh, M. Branstad, Bonnie P. Danner, Lou Nagy, P. Rougeau, D. Sterne
{"title":"A risk driven process model for the development of trusted systems","authors":"A. Marmor-Squires, J. McHugh, M. Branstad, Bonnie P. Danner, Lou Nagy, P. Rougeau, D. Sterne","doi":"10.1109/CSAC.1989.81050","DOIUrl":"https://doi.org/10.1109/CSAC.1989.81050","url":null,"abstract":"This paper presents the initial results of a DARPA-funded research effort to define a development paradigm for high-performance trusted systems in Ada. The paradigm is aimed at improving the construction process and the future products of Ada systems that require both broad trust and high performance. The need for a process model and the notions of trust and assurance are reviewed. The foundation for the process model and its elements are presented. The process model is contrasted with traditional development approaches. The combination of a risk driven approach with the integration of trust and performance engineering into a unified whole appears to offer substantial advantages to system builders.<<ETX>>","PeriodicalId":284420,"journal":{"name":"[1989 Proceedings] Fifth Annual Computer Security Applications Conference","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1989-12-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128506269","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
Integrity panel position paper 完整性面板定位纸
[1989 Proceedings] Fifth Annual Computer Security Applications Conference Pub Date : 1989-12-04 DOI: 10.1109/CSAC.1989.81063
H. Johnson
{"title":"Integrity panel position paper","authors":"H. Johnson","doi":"10.1109/CSAC.1989.81063","DOIUrl":"https://doi.org/10.1109/CSAC.1989.81063","url":null,"abstract":"The author urges the thorough review and rapid adoption of the Trusted Critical Computer Systems Evaluation Criteria (TCCSEC) provided to the US Air Force. The TCCSEC is a modification to the Orange Book (TCSEC). The author notes that those who know and use the Orange Book should find it easy to understand and adapt to the following changes comprised by the TCCSEC: the idea of criticality replaces the corresponding idea of sensitivity throughout the document; the Biba model replaces Bell-LaPadula in mandatory access, object reuse, and convert channels; the use of integrity and assurance of service detection mechanisms and recovery within a prespecified critical time defined for functions and resources; and the specification of malicious code mechanisms, including change protection, enhanced audit, and restriction of code, user, and system operations beyond normal.<<ETX>>","PeriodicalId":284420,"journal":{"name":"[1989 Proceedings] Fifth Annual Computer Security Applications Conference","volume":"93 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1989-12-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117302285","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信