发布求助
文献互助 智能选刊 最新文献

18th Annual Computer Security Applications Conference, 2002. Proceedings.最新文献

筛选
英文 中文
Controlled physical random functions 受控物理随机函数
18th Annual Computer Security Applications Conference, 2002. Proceedings. Pub Date : 2002-12-09 DOI: 10.1109/CSAC.2002.1176287
B. Gassend, Dwaine E. Clarke, Marten van Dijk, S. Devadas
{"title":"Controlled physical random functions","authors":"B. Gassend, Dwaine E. Clarke, Marten van Dijk, S. Devadas","doi":"10.1109/CSAC.2002.1176287","DOIUrl":"https://doi.org/10.1109/CSAC.2002.1176287","url":null,"abstract":"A physical random function (PUF) is a random function that can only be evaluated with the help of a complex physical system. We introduce controlled physical random functions (CPUFs) which are PUFs that can only be accessed via an algorithm that is physically bound to the PUF in an inseparable way. CPUFs can be used to establish a shared secret between a physical device and a remote user. We present protocols that make this possible in a secure and flexible way, even in the case of multiple mutually mistrusting parties. Once established, the shared secret can be used to enable a wide range of applications. We describe certified execution, where a certificate is produced that proves that a specific computation was carried out on a specific processor. Certified execution has many benefits, including protection against malicious nodes in distributed computation networks. We also briefly discuss a software licensing application.","PeriodicalId":389487,"journal":{"name":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","volume":"53 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124336472","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 413
Security architecture of the Austrian citizen card concept 奥地利公民卡概念的安全架构
18th Annual Computer Security Applications Conference, 2002. Proceedings. Pub Date : 2002-12-09 DOI: 10.1109/CSAC.2002.1176311
H. Leitold, Arno Hollosi, R. Posch
{"title":"Security architecture of the Austrian citizen card concept","authors":"H. Leitold, Arno Hollosi, R. Posch","doi":"10.1109/CSAC.2002.1176311","DOIUrl":"https://doi.org/10.1109/CSAC.2002.1176311","url":null,"abstract":"When admitting electronic media as a means for citizens to approach public authorities (e-government), security is an indispensable precondition for concerns of legal certainty and for achieving acceptance by the citizens. While the security-enabling technologies such as smartcards, digital signatures, and PKI are mature, questions of scalability, technology-neutrality, and forward-compatibility arise when being deployed on the large scale. The security architecture of the Austrian citizen card is presented. We briefly present the legal provisions that enable e-government. We then reflect on requirements to be fulfilled to achieve a lasting security architecture that provides swift deployment of applications, but provides the flexibility to not discriminate against service providers and technologies that will emerge in future. The concept called \"security layer\" is discussed as the core part of the security architecture, which basically is an open interface that hides the security-relevant functionality of the citizen card on a high abstraction level. A few e-government applications that are being launched in the short-term are sketched.","PeriodicalId":389487,"journal":{"name":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","volume":"114 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124369324","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 107
Protecting Web usage of credit cards using One-Time Pad cookie encryption 使用一次性Pad cookie加密保护信用卡的Web使用情况
18th Annual Computer Security Applications Conference, 2002. Proceedings. Pub Date : 2002-12-09 DOI: 10.1109/CSAC.2002.1176278
Donghua Xu, Chenghuai Lu, A. D. Santos
{"title":"Protecting Web usage of credit cards using One-Time Pad cookie encryption","authors":"Donghua Xu, Chenghuai Lu, A. D. Santos","doi":"10.1109/CSAC.2002.1176278","DOIUrl":"https://doi.org/10.1109/CSAC.2002.1176278","url":null,"abstract":"The blooming e-commerce is demanding better methods to protect online users' privacy, especially the credit card information that is widely used in online shopping. Holding all these data in a central database of the Web sites would attract hackers' attacks, impose unnecessary liability on the merchant Web sites, and raise the customers' privacy concerns. We introduce and discuss in detail the secure distributed storage of sensitive information using HTTP cookie encryption. We are able to employ One-Time Pads to encrypt the cookies, because encryption and decryption are both done by the server, which is an interesting characteristic overlooked by the existing systems. We implemented this protocol and showed that it is simple, fast and easy to program with.","PeriodicalId":389487,"journal":{"name":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122046183","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 23
A model for attribute-based user-role assignment 基于属性的用户角色分配模型
18th Annual Computer Security Applications Conference, 2002. Proceedings. Pub Date : 2002-12-09 DOI: 10.1109/CSAC.2002.1176307
M. A. Al-Kahtani, R. Sandhu
{"title":"A model for attribute-based user-role assignment","authors":"M. A. Al-Kahtani, R. Sandhu","doi":"10.1109/CSAC.2002.1176307","DOIUrl":"https://doi.org/10.1109/CSAC.2002.1176307","url":null,"abstract":"The role-based access control (RBAC) model is traditionally used to manually assign users to appropriate roles, based on a specific enterprise policy, thereby authorizing them to use the roles' permissions. In environments where the service-providing enterprise has a huge customer base this task becomes formidable. An appealing solution is to automatically assign users to roles. The central contribution of this paper is to describe a model to dynamically assign users to roles based on a finite set of rules defined by the enterprise. These rules take into consideration the attributes of users and any constraints set forth by the enterprise's security policy. The model also allows dynamic revocation of assigned roles based on conditions specified in the security policy. The model provides a language to express these rules and defines a mechanism to determine seniority among different rules. The paper also shows how to use the model to express mandatory access controls (MAC).","PeriodicalId":389487,"journal":{"name":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131868659","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 198
Gender-preferential text mining of e-mail discourse 电子邮件话语的性别偏好文本挖掘
18th Annual Computer Security Applications Conference, 2002. Proceedings. Pub Date : 2002-12-09 DOI: 10.1109/CSAC.2002.1176299
M. Corney, O. Vel, Alison Anderson, G. Mohay
{"title":"Gender-preferential text mining of e-mail discourse","authors":"M. Corney, O. Vel, Alison Anderson, G. Mohay","doi":"10.1109/CSAC.2002.1176299","DOIUrl":"https://doi.org/10.1109/CSAC.2002.1176299","url":null,"abstract":"This paper describes an investigation of authorship gender attribution mining from e-mail text documents. We used an extended set of predominantly topic content-free e-mail document features such as style markers, structural characteristics and gender-preferential language features together with a support vector machine learning algorithm. Experiments using a corpus of e-mail documents generated by a large number of authors of both genders gave promising results for author gender categorisation.","PeriodicalId":389487,"journal":{"name":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131233360","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 195
Safe virtual execution using software dynamic translation 使用软件动态翻译安全虚拟执行
18th Annual Computer Security Applications Conference, 2002. Proceedings. Pub Date : 2002-12-09 DOI: 10.1109/CSAC.2002.1176292
K. Scott, J. Davidson
{"title":"Safe virtual execution using software dynamic translation","authors":"K. Scott, J. Davidson","doi":"10.1109/CSAC.2002.1176292","DOIUrl":"https://doi.org/10.1109/CSAC.2002.1176292","url":null,"abstract":"Safe virtual execution (SVE) allows a host computer system to reduce the risks associated with running untrusted programs. SVE prevents untrusted programs from directly accessing system resources, thereby giving the host the ability to control how individual resources may be used. SVE is used in a variety, of safety-conscious software systems, including the Java Virtual Machine (JVM), software fault isolation (SFI), system call interposition layers, and execution monitors. While SVE is the conceptual foundation for these systems, each uses a different implementation technology. The lack of a unifying framework for building SVE systems results in a variety of problems: many useful SVE systems are not portable and therefore are usable only on a limited number of platforms; code reuse among different SVE systems is often difficult or impossible; and building SVE systems from scratch can be both time consuming and error prone. To address these concerns, we have developed a portable, extensible framework for constructing SVE systems. Our framework, called Strata, is based on software dynamic translation (SDT), a technique for modifying binary programs as they execute. Strata is designed to be ported easily to new platforms and to date has been targeted to SPARC/Solaris, x86/Linux, and MIPS/IRIX. This portability ensures that SVE applications implemented in Strata are available to a wide variety of host systems. Strata also affords the opportunity for code reuse among different SVE applications by establishing a common implementation framework. Strata implements a basic safe virtual execution engine using SDT The base functionality supplied by this engine is easily extended to implement specific SVE systems. In this paper we describe the organization of Strata and demonstrate its extension by building two SVE systems: system call interposition and stack-smashing prevention. To illustrate the use of the system call interposition extensions, the paper presents implementations of several useful security policies.","PeriodicalId":389487,"journal":{"name":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","volume":"os-16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127763086","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 109
LOCK: an historical perspective LOCK:历史的视角
18th Annual Computer Security Applications Conference, 2002. Proceedings. Pub Date : 2002-12-09 DOI: 10.1109/CSAC.2002.1176283
O. S. Saydjari
{"title":"LOCK: an historical perspective","authors":"O. S. Saydjari","doi":"10.1109/CSAC.2002.1176283","DOIUrl":"https://doi.org/10.1109/CSAC.2002.1176283","url":null,"abstract":"LOCK is an advanced development of hardware-based computer security and crypto-graphic service modules. Much of the design and some of the implementation specifications are complete. The Formal Top Level Specification (FTLS) also is complete and the advanced noninterference proofs are beginning. This hardware-based approach has brought the LOCK project into many uncharted areas in the design, verification, and evaluation of an integrated information security system. System integration promises to be the single largest programmatic problem. Our verification tools seem able to verify design only and not implementation.","PeriodicalId":389487,"journal":{"name":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129068865","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Detecting and defending against Web-server fingerprinting 检测和防御web服务器指纹
18th Annual Computer Security Applications Conference, 2002. Proceedings. Pub Date : 2002-12-09 DOI: 10.1109/CSAC.2002.1176304
Dustin Lee, J. Rowe, C. Ko, K. Levitt
{"title":"Detecting and defending against Web-server fingerprinting","authors":"Dustin Lee, J. Rowe, C. Ko, K. Levitt","doi":"10.1109/CSAC.2002.1176304","DOIUrl":"https://doi.org/10.1109/CSAC.2002.1176304","url":null,"abstract":"Cyber attacks continue to increase in sophistication. Advanced attackers often gather information about a target system before launching a precise attack to exploit a discovered vulnerability. This paper discusses techniques for remote identification of web servers and suggests possible defenses to the probing activity. General concepts of finger-printing and their application to the identification of Web servers, even where server information has been omitted are described and methodologies for detecting and limiting such activity are discussed.","PeriodicalId":389487,"journal":{"name":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114433282","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
Digging for worms, fishing for answers 挖掘蠕虫,寻找答案
18th Annual Computer Security Applications Conference, 2002. Proceedings. Pub Date : 2002-12-09 DOI: 10.1109/CSAC.2002.1176293
Florian P. Buchholz, Thomas E. Daniels, James P. Early, R. Gopalakrishna, R. P. Gorman, Benjamin A. Kuperman, S. Nystrom, A. Schroll, Andrew Smith
{"title":"Digging for worms, fishing for answers","authors":"Florian P. Buchholz, Thomas E. Daniels, James P. Early, R. Gopalakrishna, R. P. Gorman, Benjamin A. Kuperman, S. Nystrom, A. Schroll, Andrew Smith","doi":"10.1109/CSAC.2002.1176293","DOIUrl":"https://doi.org/10.1109/CSAC.2002.1176293","url":null,"abstract":"Worms continue to be a leading security threat on the Internet. This paper analyzes several of the more widespread worms and develops a general life-cycle for them. The lifecycle, from the point of view of the victim host, consists of four stages: target selection, exploitation, infection, and propagation. While not all worms fall into this framework perfectly, by understanding them in this way, it becomes apparent that the majority of detection techniques used today focus on the first three stages. This paper presents a technique that is used in the fourth stage to detect the class of worms that use a horizontal scan to propagate. An argument is also made that detection in the fourth stage is a viable, but under-used technique.","PeriodicalId":389487,"journal":{"name":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","volume":"61 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115063232","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
Enforcing resource bound safety for mobile SNMP agents 加强移动SNMP代理的资源绑定安全性
18th Annual Computer Security Applications Conference, 2002. Proceedings. Pub Date : 2002-12-09 DOI: 10.1109/CSAC.2002.1176280
Weijiang Yu, A. Mok
{"title":"Enforcing resource bound safety for mobile SNMP agents","authors":"Weijiang Yu, A. Mok","doi":"10.1109/CSAC.2002.1176280","DOIUrl":"https://doi.org/10.1109/CSAC.2002.1176280","url":null,"abstract":"The integration of mobile agents with SNMP creates significant advantages for the management of complex networks. Nevertheless, the security concerns of mobile agent technology limit its acceptance in practice. A key issue is to safeguard resource usage abuse by malicious or buggy mobile agents on the hosting system. This paper describes how the TINMAN architecture, a framework and a suite of tools for enforcing resource safety of mobile code is applied to mobile SNMP agents. TINMAN uses a suite of resource-usage checking tools which consists of a resource bound predictor a usage certification generator and a verifier at compile-time, and certificate validation and monitoring tools at run-time. This paper shows how TINMAN tools can provide 100% coverage by a combination of off-line static analysis and run-time monitoring in enforcing safety on resource consumption of mobile SNMP agents. Experimental results from the current TINMAN implementation are given.","PeriodicalId":389487,"journal":{"name":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122410047","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信