发布求助
文献互助 智能选刊 最新文献

Proceedings of the 12th IEEE Computer Security Foundations Workshop最新文献

筛选
英文 中文
Trusted system construction 可信系统构建
Proceedings of the 12th IEEE Computer Security Foundations Workshop Pub Date : 1999-06-28 DOI: 10.1109/CSFW.1999.779768
C. O'Halloran
{"title":"Trusted system construction","authors":"C. O'Halloran","doi":"10.1109/CSFW.1999.779768","DOIUrl":"https://doi.org/10.1109/CSFW.1999.779768","url":null,"abstract":"Any system constructed today is likely to be constructed from COTS components. Encapsulation of these components using software wrappers promises to enable trusted systems to be constructed. These systems are complex and it is difficult to impose security without compromising operational effectiveness. The key problem which this paper addresses is to analyse encapsulations of COTS components to demonstrate the system is both secure and usable. Any foundation must be able to deal with the conflicting requirements of operational effectiveness and security especially with respect to COTS components. The approach is illustrated using the X windowing system.","PeriodicalId":374159,"journal":{"name":"Proceedings of the 12th IEEE Computer Security Foundations Workshop","volume":"73 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1999-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121084221","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Authentication via localized names 通过本地化名称进行身份验证
Proceedings of the 12th IEEE Computer Security Foundations Workshop Pub Date : 1999-06-28 DOI: 10.1109/CSFW.1999.779766
C. Bodei, P. Degano, R. Focardi, C. Priami
{"title":"Authentication via localized names","authors":"C. Bodei, P. Degano, R. Focardi, C. Priami","doi":"10.1109/CSFW.1999.779766","DOIUrl":"https://doi.org/10.1109/CSFW.1999.779766","url":null,"abstract":"We address the problem of message authentication using the /spl pi/-calculus, which has been given an operational semantics that provides each sequential process of a system with its own local space of names. We exploit here that semantics and its localized names to guarantee by construction that a message has been generated by a given entity. Therefore, our proposal can be seen as a reference for the analysis of \"real\" protocols. As an example, we study the way authentication is ensured by encrypting messages in the spi-calculus.","PeriodicalId":374159,"journal":{"name":"Proceedings of the 12th IEEE Computer Security Foundations Workshop","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1999-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125788091","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
A logic for SDSI's linked local name spaces: preliminary version 用于SDSI的链接本地名称空间的逻辑:初步版本
Proceedings of the 12th IEEE Computer Security Foundations Workshop Pub Date : 1999-06-28 DOI: 10.1109/CSFW.1999.779767
J. Halpern, R. V. D. Meyden
{"title":"A logic for SDSI's linked local name spaces: preliminary version","authors":"J. Halpern, R. V. D. Meyden","doi":"10.1109/CSFW.1999.779767","DOIUrl":"https://doi.org/10.1109/CSFW.1999.779767","url":null,"abstract":"M. Abadi (1998) has introduced a logic to explicate the meaning of local names in SDSI, the simple distributed security infrastructure proposed by Rivest and Lampson. Abadi's logic does not correspond precisely to SDSI, however, it draws conclusions about local names that do not follow from SDSI's name resolution algorithm. Moreover its semantics is somewhat unintuitive. This paper presents the logic of local name containment, which does not suffer from these deficiencies. It has a clear semantics and provides a tight characterization of SDSI name resolution. The semantics is shown to be closely related to that of logic programs, leading to an approach to the efficient implementation of queries concerning local names. A complete axiomatization of the logic is also provided.","PeriodicalId":374159,"journal":{"name":"Proceedings of the 12th IEEE Computer Security Foundations Workshop","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1999-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115401549","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Security function interactions 安全功能交互
Proceedings of the 12th IEEE Computer Security Foundations Workshop Pub Date : 1999-06-28 DOI: 10.1109/CSFW.1999.779770
P. Bieber
{"title":"Security function interactions","authors":"P. Bieber","doi":"10.1109/CSFW.1999.779770","DOIUrl":"https://doi.org/10.1109/CSFW.1999.779770","url":null,"abstract":"We use a compositional framework to model security architectures involving heterogeneous and distributed security functions. Our goal is to assist the ITSEC evaluation of suitability binding and vulnerability of a set of security functions. We propose constraints that security functions should guarantee in order to interact consistently, and securely with other functions. To illustrate these notions we study the interactions of various components of a secure LAN.","PeriodicalId":374159,"journal":{"name":"Proceedings of the 12th IEEE Computer Security Foundations Workshop","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1999-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116735740","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Athena: a new efficient automatic checker for security protocol analysis 雅典娜:一个新的高效的自动检查安全协议分析
Proceedings of the 12th IEEE Computer Security Foundations Workshop Pub Date : 1999-06-28 DOI: 10.1109/CSFW.1999.779773
D. Song
{"title":"Athena: a new efficient automatic checker for security protocol analysis","authors":"D. Song","doi":"10.1109/CSFW.1999.779773","DOIUrl":"https://doi.org/10.1109/CSFW.1999.779773","url":null,"abstract":"We propose an efficient automatic checking algorithm, Athena, for analyzing security protocols. Athena incorporates a logic that can express security properties including authentication, secrecy and properties related to electronic commerce. We have developed an automatic procedure for evaluating well-formed formulae in this logic. For a well-formed formula, if the evaluation procedure terminates, it will generate a counter example if the formula is false, or provide a proof if the formula is true. Even when the procedure does not terminate when we allow any arbitrary configurations of the protocol execution, (for example, any number of initiators and responders), termination could be forced by bounding the number of concurrent protocol runs and the length of messages, as is done in most existing model checkers. Athena also exploits several state space reduction techniques. It is based on an extension of the Strand Space Model (Thayer et al., 1998) which captures exact causal relation information. Together with backward search and other techniques, Athena naturally avoids the state space explosion problem commonly caused by asynchronous composition and symmetry redundancy. Athena also has the advantage that it can easily incorporate results from theorem proving through unreachability theorems. By using the unreachability theorems, it can prune the state space at an early stage, hence, reduce the state space explored and increase the likelihood of termination. As shown in our experiments, these techniques dramatically reduce the state space that needs to be explored.","PeriodicalId":374159,"journal":{"name":"Proceedings of the 12th IEEE Computer Security Foundations Workshop","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1999-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125445768","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 242
A logical framework for reasoning on data access control policies 用于对数据访问控制策略进行推理的逻辑框架
Proceedings of the 12th IEEE Computer Security Foundations Workshop Pub Date : 1999-06-28 DOI: 10.1109/CSFW.1999.779772
E. Bertino, E. Ferrari, F. Buccafurri, P. Rullo
{"title":"A logical framework for reasoning on data access control policies","authors":"E. Bertino, E. Ferrari, F. Buccafurri, P. Rullo","doi":"10.1109/CSFW.1999.779772","DOIUrl":"https://doi.org/10.1109/CSFW.1999.779772","url":null,"abstract":"We propose a logic formalism that naturally supports the encoding of complex security specifications. This formalism relies on a hierarchically structured domain made of subjects, objects and privileges. Authorizations are expressed by logic rules. The formalism supports both negation by failure (possibly unstratified) and true negation. The latter is used to express negative authorizations. It turns out that conflicts may result from a set of authorization rules. Dealing with such conflicts requires the knowledge of the domain structure, such as grantor priorities and object/subject hierarchies, which is used in the deductive process to determine which authorization prevails, if any, on the others. Often, however, conflicts are unsolvable, as they express intrinsic ambiguities. We have devised two semantics as an extension of the well-founded and the stable model semantics of logic programming. We have also defined a number of access policies, each based on two orthogonal choices: one is related to the way of how we cope with multiplicity of authorization sets in case of stable model semantics; the other is concerned with the open/closed assumption. A comparative analysis of the proposed authorization policies, based on their degree of permissivity shows that they form a complete lattice.","PeriodicalId":374159,"journal":{"name":"Proceedings of the 12th IEEE Computer Security Foundations Workshop","volume":"96 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1999-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117124808","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 67
A meta-notation for protocol analysis 用于协议分析的元符号
Proceedings of the 12th IEEE Computer Security Foundations Workshop Pub Date : 1999-06-28 DOI: 10.1109/CSFW.1999.779762
I. Cervesato, N. Durgin, P. Lincoln, John C. Mitchell, A. Scedrov
{"title":"A meta-notation for protocol analysis","authors":"I. Cervesato, N. Durgin, P. Lincoln, John C. Mitchell, A. Scedrov","doi":"10.1109/CSFW.1999.779762","DOIUrl":"https://doi.org/10.1109/CSFW.1999.779762","url":null,"abstract":"Most formal approaches to security protocol analysis are based on a set of assumptions commonly referred to as the \"Dolev-Yao model\". In this paper, we use a multiset rewriting formalism, based on linear logic, to state the basic assumptions of this model. A characteristic of our formalism is the way that existential quantification provides a succinct way of choosing new values, such as new keys or nonces. We define a class of theories in this formalism that correspond to finite-length protocols, with a bounded initialization phase but allowing unboundedly many instances of each protocol role (e.g., client, sewer; initiator or responder). Undecidability is proved for a restricted class of these protocols, and PSPACE-completeness is claimed for a class further restricted to have no new data (nonces). Since it is a fragment of linear logic, we can use our notation directly as input to linear logic tools, allowing us to do proof search for attacks with relatively little programming effort, and to formally verify protocol transformations and optimizations.","PeriodicalId":374159,"journal":{"name":"Proceedings of the 12th IEEE Computer Security Foundations Workshop","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1999-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116117673","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 282
A logic-based knowledge representation for authorization with delegation 用于授权的基于逻辑的知识表示
Proceedings of the 12th IEEE Computer Security Foundations Workshop Pub Date : 1999-06-28 DOI: 10.1109/CSFW.1999.779771
Ninghui Li, J. Feigenbaum, Benjamin N. Grosof
{"title":"A logic-based knowledge representation for authorization with delegation","authors":"Ninghui Li, J. Feigenbaum, Benjamin N. Grosof","doi":"10.1109/CSFW.1999.779771","DOIUrl":"https://doi.org/10.1109/CSFW.1999.779771","url":null,"abstract":"We introduce Delegation Logic (DL), a logic-based knowledge representation (i.e., language) that deals with authorization in large-scale, open distributed systems. Of central importance in any system for deciding whether requests should be authorized in such a system are delegation of authority, negation of authority, and conflicts between authorities. DL's approach to these issues and to the interplay among them borrows from previous work on delegation and trust management in the computer security literature and previous work on negation and conflict handling in the logic programming and nonmonotonic reasoning literature, but it departs from previous work in some crucial ways. We present the syntax and semantics of DL and explain our novel design choices. We focus on delegation, including explicit treatment of delegation depth and delegation to complex principles. Compared to previous logic-based approaches to authorization, DL provides a novel combination of features: it is based on logic programs, expresses delegation depth explicitly, and supports a wide variety of complex principles (including but not limited to k-out-of-n thresholds). Compared to previous approaches to trust management, DL provides another novel feature: a concept of proof-of-compliance that is not entirely ad-hoc and that is based on model theoretic semantics (just as usual logic programs have a model-theoretic semantics).","PeriodicalId":374159,"journal":{"name":"Proceedings of the 12th IEEE Computer Security Foundations Workshop","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1999-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132316769","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 122
CVS: a compiler for the analysis of cryptographic protocols CVS:用于分析加密协议的编译器
Proceedings of the 12th IEEE Computer Security Foundations Workshop Pub Date : 1999-06-28 DOI: 10.1109/CSFW.1999.779774
Antonio Durante, R. Focardi, R. Gorrieri
{"title":"CVS: a compiler for the analysis of cryptographic protocols","authors":"Antonio Durante, R. Focardi, R. Gorrieri","doi":"10.1109/CSFW.1999.779774","DOIUrl":"https://doi.org/10.1109/CSFW.1999.779774","url":null,"abstract":"The Security Process Algebra (SPA) is a CCS-like specification language where actions belong to two different levels of confidentiality. It has been used to define several non-interference-like security properties whose verification has been automatized by means of the tool CoSeC. In recent years, a method for analyzing security protocols using SPA and CoSeC has been developed. Even if it has been useful in analyzing small security protocols, this method has shown to be error-prone as it requires the description by hand of the protocol and of the environment in which it will execute. This problem has been solved by defining a protocol specification language more abstract than SPA, called VSP and a compiler CVS that generates in an automatic way the SPA specification for a given protocol described in VSP. The VSP/CVS technology is very powerful and its usefulness is shown with the case-study of the Woo-Lam one-way authentication protocol, for which an attack undocumented in the literature is found.","PeriodicalId":374159,"journal":{"name":"Proceedings of the 12th IEEE Computer Security Foundations Workshop","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1999-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130017705","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 44
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信