发布求助
文献互助 智能选刊 最新文献

Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000最新文献

筛选
英文 中文
Authentication tests 验证测试
Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000 Pub Date : 2000-05-14 DOI: 10.1109/SECPRI.2000.848448
J. Guttman, F. Javier, Thayer Fábrega
{"title":"Authentication tests","authors":"J. Guttman, F. Javier, Thayer Fábrega","doi":"10.1109/SECPRI.2000.848448","DOIUrl":"https://doi.org/10.1109/SECPRI.2000.848448","url":null,"abstract":"Suppose a principal in a cryptographic protocol creates and transmits a message containing a new value v, which it later receives back in cryptographically altered form. It can conclude that some principal possessing the relevant key has transformed the message containing v. In some circumstances, this must be a regular participant of the protocol, not the penetrator. An inference of this kind is an authentication test. We introduce two main kinds of authentication test. An outgoing test is one in which the new value v is transmitted in encrypted form, and only a regular participant can extract it from that form. An incoming test is one in which v is received back in encrypted form, and only a regular participant can put it in that form. We combine these two tests with a supplementary idea, the unsolicited test, and a related method for checking that certain values remain secret. Together they determine what authentication properties are achieved by a wide range of cryptographic protocols. We introduce authentication tests and illustrate their power giving new and straightforward proofs of security goals for several protocols. We also illustrate how to use the authentication tests as a heuristic for finding attacks against incorrect protocols. Finally we suggest a protocol design process. We express these ideas in the strand space formalism and prove them correct elsewhere (Gullman and Thayer Fabrega, 2000).","PeriodicalId":373624,"journal":{"name":"Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2000-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115290398","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 82
Access control meets public key infrastructure, or: assigning roles to strangers 访问控制满足公钥基础设施,或者:为陌生人分配角色
Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000 Pub Date : 2000-05-14 DOI: 10.1109/SECPRI.2000.848442
A. Herzberg, Y. Mass, Joris Mihaeli, D. Naor, Yiftach Ravid
{"title":"Access control meets public key infrastructure, or: assigning roles to strangers","authors":"A. Herzberg, Y. Mass, Joris Mihaeli, D. Naor, Yiftach Ravid","doi":"10.1109/SECPRI.2000.848442","DOIUrl":"https://doi.org/10.1109/SECPRI.2000.848442","url":null,"abstract":"The Internet enables connectivity between many strangers: entities that don't know each other. We present the Trust Policy Language (TPL), used to define the mapping of strangers to predefined business roles, based on certificates issued by third parties. TPL is expressive enough to allow complex policies, e.g. non-monotone (negative) certificates, while being simple enough to allow automated policy checking and processing. Issuers of certificates are either known in advance, or provide sufficient certificates to be considered a trusted authority according to the policy. This allows bottom-up, \"grass roots\" buildup of trust, as in the real world. We extend, rather than replace, existing role based access control mechanisms. This provides a simple, modular architecture and easy migration from existing systems. Our system automatically collects missing certificates from peer servers. In particular this allows use of standard browsers, which pass only one certificate to the server. We describe our implementation, which can be used as an extension of a Web server or as a separate server with interface to applications.","PeriodicalId":373624,"journal":{"name":"Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000","volume":"54 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2000-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116725808","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 462
Verifying the EROS confinement mechanism 验证EROS约束机制
Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000 Pub Date : 2000-05-14 DOI: 10.1109/SECPRI.2000.848454
J. Shapiro, S. Weber
{"title":"Verifying the EROS confinement mechanism","authors":"J. Shapiro, S. Weber","doi":"10.1109/SECPRI.2000.848454","DOIUrl":"https://doi.org/10.1109/SECPRI.2000.848454","url":null,"abstract":"Capability systems can be used to implement higher-level security policies including the *-property if a mechanism exists to ensure confinement. The implementation can be efficient if the \"weak\" access restriction described in this paper is introduced. In the course of developing EROS, a pure capability system, it became clear that verifying the correctness of the confinement mechanism was necessary in establishing the security of the operating system. We present a verification of the EROS confinement mechanism with respect to a broad class of capability architectures (including EROS). We give a formal statement of the requirements, construct a model of the architecture's security policy and operational semantics, and show that architectures covered by this model enforce the confinement requirements if a small number of initial static checks on the confined subsystem are satisfied. The method used generalizes to any capability system.","PeriodicalId":373624,"journal":{"name":"Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000","volume":"69 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2000-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117092954","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 96
Fang: a firewall analysis engine Fang:防火墙分析引擎
Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000 Pub Date : 2000-05-14 DOI: 10.1109/SECPRI.2000.848455
Alain J. Mayer, A. Wool, Elisha Ziskind
{"title":"Fang: a firewall analysis engine","authors":"Alain J. Mayer, A. Wool, Elisha Ziskind","doi":"10.1109/SECPRI.2000.848455","DOIUrl":"https://doi.org/10.1109/SECPRI.2000.848455","url":null,"abstract":"Today, even a moderately sized corporate intranet contains multiple firewalls and routers, which are all used to enforce various aspects of the global corporate security policy. Configuring these devices to work in unison is difficult, especially if they are made by different vendors. Even testing or reverse engineering an existing configuration (say when a new security administrator takes over) is hard. Firewall configuration files are written in low level formalisms, whose readability is comparable to assembly code, and the global policy is spread over all the firewalls that are involved. To alleviate some of these difficulties, we designed and implemented a novel firewall analysis tool. Our software allows the administrator to easily discover and test the global firewall policy (either a deployed policy or a planned one). Our tool uses a minimal description of the network topology and directly parses the various vendor-specific low level configuration files. It interacts with the user through a query-and-answer session, which is conducted at a much higher level of abstruction. A typical question our tool can answer is \"from which machines can our DMZ be reached and with which services?\" Thus, the tool complements existing vulnerability analysis tools, as it can be used before a policy is actually deployed it operates on a more understandable level of abstraction, and it deals with all the firewalls at once.","PeriodicalId":373624,"journal":{"name":"Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000","volume":"255-256 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2000-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115974949","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 324
Searching for a solution: engineering tradeoffs and the evolution of provably secure protocols 寻找解决方案:工程权衡和可证明安全协议的发展
Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000 Pub Date : 2000-05-14 DOI: 10.1109/SECPRI.2000.848447
John A. Clark, J. Jacob
{"title":"Searching for a solution: engineering tradeoffs and the evolution of provably secure protocols","authors":"John A. Clark, J. Jacob","doi":"10.1109/SECPRI.2000.848447","DOIUrl":"https://doi.org/10.1109/SECPRI.2000.848447","url":null,"abstract":"Tradeoffs are an important part of engineering security. Protocol security is important. So are efficiency and cost. The paper provides an early framework for handling such aspects in a uniform way based on combinatorial optimisation techniques. BAN logic is viewed as both a specification and proof system and as a \"protocol programming language\". The paper shows how evolutionary search in the form of genetic algorithms can be utilised to \"grow\" correct and efficient BAN protocols and shows how goals and assumptions can co-evolve, effectively engaging in \"specification synthesis\".","PeriodicalId":373624,"journal":{"name":"Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2000-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131525692","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 127
Using conservation of flow as a security mechanism in network protocols 在网络协议中使用流量守恒作为安全机制
Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000 Pub Date : 2000-05-14 DOI: 10.1109/SECPRI.2000.848451
John R. Hughes, T. Aura, M. Bishop
{"title":"Using conservation of flow as a security mechanism in network protocols","authors":"John R. Hughes, T. Aura, M. Bishop","doi":"10.1109/SECPRI.2000.848451","DOIUrl":"https://doi.org/10.1109/SECPRI.2000.848451","url":null,"abstract":"The law of conservation of flow, which states that an input must either be absorbed or sent on as an output (possibly with modification), is an attractive tool with which to analyze network protocols for security properties. One of its uses is to detect disruptive network elements that launch denial of service attacks by absorbing or discarding packets. Its use requires several assumptions about the protocols being analyzed. We examine the WATCHERS algorithm to detect misbehaving routers. We show that it uses conservation of flow without sufficient verification of its assumptions, and can consequently be defeated. We suggest improvements to make the use of conservation of flow valid.","PeriodicalId":373624,"journal":{"name":"Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2000-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128859469","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 65
Using model checking to analyze network vulnerabilities 利用模型检查分析网络漏洞
Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000 Pub Date : 2000-05-14 DOI: 10.1109/SECPRI.2000.848453
Ronald W. Ritchey, P. Ammann
{"title":"Using model checking to analyze network vulnerabilities","authors":"Ronald W. Ritchey, P. Ammann","doi":"10.1109/SECPRI.2000.848453","DOIUrl":"https://doi.org/10.1109/SECPRI.2000.848453","url":null,"abstract":"Even well administered networks are vulnerable to attacks due to the security ramifications of offering a variety of combined services. That is, services that are secure when offered in isolation nonetheless provide an attacker with a vulnerability to exploit when offered simultaneously. Many current tools address vulnerabilities in the context of a single host. We address vulnerabilities due to the configuration of various hosts in a network. In a different line of research, formal methods are often useful for generating test cases, and model checkers are particularly adept at this task due to their ability to generate counterexamples. We address the network vulnerabilities problem with test cases, which amount to attack scenarios, generated by a model checker. We encode the vulnerabilities in a state machine description suitable for a model checker and then assert that an attacker cannot acquire a given privilege on a given host. The model checker either offers assurance that the assertion is true on the actual network or provides a counterexample detailing each step of a successful attack.","PeriodicalId":373624,"journal":{"name":"Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2000-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125258771","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 467
Will openish source really improve security? 开源真的会提高安全性吗?
Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000 Pub Date : 2000-05-14 DOI: 10.1109/SECPRI.2000.848478
G. McGraw
{"title":"Will openish source really improve security?","authors":"G. McGraw","doi":"10.1109/SECPRI.2000.848478","DOIUrl":"https://doi.org/10.1109/SECPRI.2000.848478","url":null,"abstract":"I am using the term openish source as a reaction to the fact that the OSI has hijacked the term open source and the natural definition most people likely intuit does not apply. The term I am using is ridiculous. I chose an intentionally ridiculous term to emphasize the silly nature of common arguments for making open source mean something it does not mean to most people. The openish source community claims that the movement towards providing free, source-code available programs will result in more secure software. This claim appears to be based on several fallacies briefly presented: the Microsoft fallacy; the Java fallacy; and the many-eyeballs fallacy.","PeriodicalId":373624,"journal":{"name":"Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2000-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117256005","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Security and source code access: issues and realities 安全性和源代码访问:问题和现实
Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000 Pub Date : 2000-05-14 DOI: 10.1109/SECPRI.2000.848476
S. Lipner
{"title":"Security and source code access: issues and realities","authors":"S. Lipner","doi":"10.1109/SECPRI.2000.848476","DOIUrl":"https://doi.org/10.1109/SECPRI.2000.848476","url":null,"abstract":"This paper addresses some of the benefits and drawbacks for security of open access to source code. After a discussion of alternative models for open access to source code, the paper reviews the positive and negative implications of each for system security. The paper concludes that source code review can have real benefits for security, but that those benefits are not realized automatically, and that some source code access models introduce significant drawbacks.","PeriodicalId":373624,"journal":{"name":"Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000","volume":"327 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2000-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115376588","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
A more efficient use of delta-CRLs 更有效地使用增量crl
Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000 Pub Date : 2000-05-14 DOI: 10.1109/SECPRI.2000.848456
D. Cooper
{"title":"A more efficient use of delta-CRLs","authors":"D. Cooper","doi":"10.1109/SECPRI.2000.848456","DOIUrl":"https://doi.org/10.1109/SECPRI.2000.848456","url":null,"abstract":"Delta-certificate revocation lists (delta-CRLs) were designed to provide a more efficient way to distribute certificate status information. However, as the paper shows, in some environments the benefits of using delta-CRLs will be minimal if delta-CRLs are used as was originally intended. The paper provides an analysis of delta-CRLs that demonstrates the problems associated with issuing delta-CRLs in the \"traditional\" manner. A new, more efficient technique for issuing delta-CRLs, sliding window delta-CRLs, is presented.","PeriodicalId":373624,"journal":{"name":"Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000","volume":"116 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2000-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124261031","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 89
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信