发布求助
文献互助 智能选刊 最新文献

18th Annual Computer Security Applications Conference, 2002. Proceedings.最新文献

筛选
英文 中文
Themes and highlights of the new security paradigms workshop 2002 2002年新安全模式研讨会的主题和重点
18th Annual Computer Security Applications Conference, 2002. Proceedings. Pub Date : 2002-12-09 DOI: 10.1109/CSAC.2002.1176301
Cristina Serban, O. S. Saydjari
{"title":"Themes and highlights of the new security paradigms workshop 2002","authors":"Cristina Serban, O. S. Saydjari","doi":"10.1109/CSAC.2002.1176301","DOIUrl":"https://doi.org/10.1109/CSAC.2002.1176301","url":null,"abstract":"This panel highlights a selection of the most interesting and provocative papers from the 2002 New Security Paradigms Workshop. This workshop was held September 2002 - the URL for more information is . The panel consists of authors of the selected papers, and the session is moderated by the workshop’s general chairs. We present selected papers focusing on exciting major themes that emerged from the workshop. These are the papers that will provoke the most interesting discussion at ACSAC.","PeriodicalId":389487,"journal":{"name":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","volume":"112 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123552229","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A security architecture for object-based distributed systems 基于对象的分布式系统的安全体系结构
18th Annual Computer Security Applications Conference, 2002. Proceedings. Pub Date : 2002-12-09 DOI: 10.1109/CSAC.2002.1176288
B. Popescu, M. Steen, A. Tanenbaum
{"title":"A security architecture for object-based distributed systems","authors":"B. Popescu, M. Steen, A. Tanenbaum","doi":"10.1109/CSAC.2002.1176288","DOIUrl":"https://doi.org/10.1109/CSAC.2002.1176288","url":null,"abstract":"Large-scale distributed systems present numerous security problems not present in local systems. We present a general security architecture for a large-scale object-based distributed system. Its main features include ways for servers to authenticate clients, clients to authenticate servers, new secure servers to be instantiated without manual intervention, and ways to restrict which client can perform which operation on which object. All of these features are done in a platform- and application-independent way, so the results are quite general. The basic idea behind the scheme is to have each object owner issue cryptographically sealed certificates to users to prove which operations they may request and to servers to prove which operations they are authorized to execute. These certificates are used to ensure secure binding and secure method invocation. The paper discusses the required certificates and security protocols for using them.","PeriodicalId":389487,"journal":{"name":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128708306","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 20
Intrusion detection: current capabilities and future directions 入侵检测:当前能力和未来方向
18th Annual Computer Security Applications Conference, 2002. Proceedings. Pub Date : 2002-12-09 DOI: 10.1109/CSAC.2002.1176308
K. Levitt
{"title":"Intrusion detection: current capabilities and future directions","authors":"K. Levitt","doi":"10.1109/CSAC.2002.1176308","DOIUrl":"https://doi.org/10.1109/CSAC.2002.1176308","url":null,"abstract":"Intrusion detection is a technique employed tocatch and report attacks as they occur. It isneeded given that vulnerabilities in operatingsystems, network protocols, applications, andconfigurations leave systems open to attacks.","PeriodicalId":389487,"journal":{"name":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124079276","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
Networking in the Solar Trust Model: determining optimal trust paths in a decentralized trust network 太阳能信任模型中的网络化:去中心化信任网络中最优信任路径的确定
18th Annual Computer Security Applications Conference, 2002. Proceedings. Pub Date : 2002-12-09 DOI: 10.1109/CSAC.2002.1176298
M. Clifford
{"title":"Networking in the Solar Trust Model: determining optimal trust paths in a decentralized trust network","authors":"M. Clifford","doi":"10.1109/CSAC.2002.1176298","DOIUrl":"https://doi.org/10.1109/CSAC.2002.1176298","url":null,"abstract":"The Solar Trust Model provides a method by which the sender of a message can be authenticated, and the level of trust that can be placed in the sender of the message or the message itself can be computed The model works even if there is no prior relationship between the sender and receiver of the message. The Solar Trust Model overcomes a variety of limitations inherent in the design of other trust models and public key infrastructures. This paper presents a variety of enhancements and formalizations to the basic concepts of the model. In addition, this paper provides a set of algorithms that can be used to determine all of the possible trusted paths along which a message can be sent from a sender to recipient and the optimal choice of paths from a selection of paths. The paper also presents algorithms for reducing the network load produced by the model through piggybacking, path caching, and load distribution techniques.","PeriodicalId":389487,"journal":{"name":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130195801","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Representing TCP/IP connectivity for topological analysis of network security 表示TCP/IP连接,用于网络安全的拓扑分析
18th Annual Computer Security Applications Conference, 2002. Proceedings. Pub Date : 2002-12-09 DOI: 10.1109/CSAC.2002.1176275
Ronald W. Ritchey, Brian O'Berry, S. Noel
{"title":"Representing TCP/IP connectivity for topological analysis of network security","authors":"Ronald W. Ritchey, Brian O'Berry, S. Noel","doi":"10.1109/CSAC.2002.1176275","DOIUrl":"https://doi.org/10.1109/CSAC.2002.1176275","url":null,"abstract":"The individual vulnerabilities of hosts on a network can be combined by an attacker to gain access that would not be possible if the hosts were not interconnected. Currently available tools report vulnerabilities in isolation and in the context of individual hosts in a network. Topological vulnerability analysis (TVA) extends this by searching for sequences of interdependent vulnerabilities, distributed among the various network hosts. Model checking has been applied to the analysis of this problem with some interesting initial results. However previous efforts did not take into account a realistic representation of network connectivity. These models were enough to demonstrate the usefulness of the model checking approach but would not be sufficient to analyze real-world network security problems. This paper presents a modem of network connectivity at multiple levels of the TCP/IP stack appropriate for use in a model checker. With this enhancement, it is possible to represent realistic networks including common network security devices such as firewalls, filtering routers, and switches.","PeriodicalId":389487,"journal":{"name":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132162888","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 96
A framework for organisational control principles 组织控制原则的框架
18th Annual Computer Security Applications Conference, 2002. Proceedings. Pub Date : 2002-12-09 DOI: 10.1109/CSAC.2002.1176294
A. Schaad, J. Moffett
{"title":"A framework for organisational control principles","authors":"A. Schaad, J. Moffett","doi":"10.1109/CSAC.2002.1176294","DOIUrl":"https://doi.org/10.1109/CSAC.2002.1176294","url":null,"abstract":"Organisational control principles, such as those expressed in the separation of duties, supervision, review and delegation, support the main business goals and activities of an organisation. Some of these principles have previously been described and analysed within the context of role- and policy-based distributed systems, but little has been done with respect to the more general context they are placed in and the analysis of relationships between them. This paper presents a framework in which organisational control principles can be formally expressed and analysed using the Alloy specification language and its constraint analysis tools.","PeriodicalId":389487,"journal":{"name":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128721993","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 78
Penetration testing: a duet 渗透测试:二重唱
18th Annual Computer Security Applications Conference, 2002. Proceedings. Pub Date : 2002-12-09 DOI: 10.1109/CSAC.2002.1176290
Daniel E. Geer, John Harthorne
{"title":"Penetration testing: a duet","authors":"Daniel E. Geer, John Harthorne","doi":"10.1109/CSAC.2002.1176290","DOIUrl":"https://doi.org/10.1109/CSAC.2002.1176290","url":null,"abstract":"Penetration testing is the art of finding an open door. It is not a science as science depends on falsifiable hypotheses. The most penetration testing can hope for is to be the science of insecurity - not the science of security nasmuch as penetration testing can at most prove insecurity by falsifying the hypothesis that any system, network, or application is secure. To be a science of security would require falsifiable hypotheses that any given system, network, or application was insecure, something that could only be done if the number of potential insecurities were known and enumerated such that the penetration tester could thereby falsify (test) a known-to-be-complete list of vulnerabilities claimed to not be present. Because the list of potential insecurities is unknowable and hence unenumerable, no penetration tester can prove security, just as no doctor can prove that you are without occult disease. Putting it as Picasso did, \"Art is a lie that shows the truth\" and security by penetration testing is a lie in that on a good day can show the truth. These incompleteness and proof-by-demonstration characteristics of penetration testing ensure that it remains an art so long as high rates of technical advance remains brisk and hence enumeration of vulnerabilities an impossibility. Brisk technical advance equals productivity growth and thereby wealth creation, so it is forbidden to long for a day when penetration testing could achieve the status of science.","PeriodicalId":389487,"journal":{"name":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130663923","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 86
Beyond the perimeter: the need for early detection of denial of service attacks 超出边界:需要早期检测拒绝服务攻击
18th Annual Computer Security Applications Conference, 2002. Proceedings. Pub Date : 2002-12-09 DOI: 10.1109/CSAC.2002.1176313
J. Haggerty, Q. Shi, M. Merabti
{"title":"Beyond the perimeter: the need for early detection of denial of service attacks","authors":"J. Haggerty, Q. Shi, M. Merabti","doi":"10.1109/CSAC.2002.1176313","DOIUrl":"https://doi.org/10.1109/CSAC.2002.1176313","url":null,"abstract":"The threat to organisations from network attacks is very real. Current countermeasures to denial of service (DoS) attacks rely on the perimeter model of network security. However, as the case study and analysis in this paper make apparent, the perimeter model, which relies on firewalls and intrusion detection systems, is unable to provide an effective defence against DoS attacks. Therefore, there is a need for a new approach; one that identifies an attack beyond the perimeter. We present such an approach. We achieve early detection of DoS attacks by the identification of traffic signatures which indicate that an attack is underway. As these signatures can be identified 'outside' the perimeter, appropriate measures can be taken to prevent the attack from succeeding. We use examples of DoS attacks and a case study to demonstrate the applicability of our approach.","PeriodicalId":389487,"journal":{"name":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126664553","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
Did you ever have to make up your mind? What Notes users do when faced with a security decision 您是否曾经不得不做出决定?面临安全决策时,Notes 用户会怎么做
18th Annual Computer Security Applications Conference, 2002. Proceedings. Pub Date : 2002-12-09 DOI: 10.1109/CSAC.2002.1176309
M. Zurko, C. Kaufman, Katherine Spanbauer, C. Bassett
{"title":"Did you ever have to make up your mind? What Notes users do when faced with a security decision","authors":"M. Zurko, C. Kaufman, Katherine Spanbauer, C. Bassett","doi":"10.1109/CSAC.2002.1176309","DOIUrl":"https://doi.org/10.1109/CSAC.2002.1176309","url":null,"abstract":"Designers are often faced with difficult tradeoffs between easing the user's burden by making security decisions for them and offering features that ensure that users can make the security decisions that are right for them and their environment. Users often do not understand enough about the impact of a security decision to make an informed choice. We report on the experience in a 500-person organization on the security of each user's Lotus Notes client against unsigned active content. We found that the default configuration of the majority of users did not allow unsigned active content to run. However, we found that when presented with a choice during their workflow, many of those otherwise secured users would allow unsigned active content to run. We discuss the features that are in Lotus Notes that provide security for active content and that respond to the usability issues from this study.","PeriodicalId":389487,"journal":{"name":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131130476","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 27
A practical approach to identifying storage and timing channels: twenty years later 一种识别存储和时序信道的实用方法:二十年后
18th Annual Computer Security Applications Conference, 2002. Proceedings. Pub Date : 2002-12-09 DOI: 10.1109/CSAC.2002.1176284
R. Kemmerer
{"title":"A practical approach to identifying storage and timing channels: twenty years later","authors":"R. Kemmerer","doi":"10.1109/CSAC.2002.1176284","DOIUrl":"https://doi.org/10.1109/CSAC.2002.1176284","url":null,"abstract":"Secure computer systems use both mandatory and discretionary access controls to restrict the flow of information through legitimate communication channels such as files, shared memory and process signals. Unfortunately, in practice one finds that computer systems are built such that users are not limited to communicating only through the intended communication channels. As a result, a well-founded concern of security-conscious system designers is the potential exploitation of system storage locations and timing facilities to provide unforeseen communication channels to users. These illegitimate channels are known as covert storage and timing channels. Prior to the presentation of this paper twenty years ago the covert channel analysis that took place was mostly ad hoc. Methods for discovering and dealing with these channels were mostly informal, and the formal methods were restricted to a particular specification language. This paper presents a methodology for discovering storage and timing channels that can be used through all phases of the software life cycle to increase confidence that all channels have been identified. In the original paper the methodology was presented and applied to an example system having three different descriptions: English, formal specification, and high order language implementation. In this paper only the English requirements are considered. However the paper also presents how the methodology has evolved and the influence it had on other work.","PeriodicalId":389487,"journal":{"name":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","volume":"76 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126529473","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 74
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信