发布求助
文献互助 智能选刊 最新文献

18th Annual Computer Security Applications Conference, 2002. Proceedings.最新文献

筛选
英文 中文
A secure directory service based on exclusive encryption 基于独占加密的安全目录服务
18th Annual Computer Security Applications Conference, 2002. Proceedings. Pub Date : 2002-12-09 DOI: 10.1109/CSAC.2002.1176289
John R. Douceur, A. Adya, Josh Benaloh, W. Bolosky, G. Yuval
{"title":"A secure directory service based on exclusive encryption","authors":"John R. Douceur, A. Adya, Josh Benaloh, W. Bolosky, G. Yuval","doi":"10.1109/CSAC.2002.1176289","DOIUrl":"https://doi.org/10.1109/CSAC.2002.1176289","url":null,"abstract":"We describe the design of a Windows file-system directory service that ensures the persistence, integrity, privacy, syntactic legality, and case-insensitive uniqueness of the names it indexes. Byzantine state replication provides persistence and integrity, and encryption imparts privacy. To enforce Windows' baroque name syntax - including restrictions on allowable characters, on the terminal character, and on several specific names - we develop a cryptographic process, called \"exclusive encryption,\" that inherently excludes syntactically illegal names and that enables the exclusion of case-insensitively duplicate names without access to their plaintext. This process excludes entire names by mapping the set of allowed strings to the set of all strings, excludes certain characters through an amended prefix encoding, excludes terminal characters through varying the prefix coding by character index, and supports case-insensitive comparison of names by extracting and encrypting case information separately. We also address the issues of hiding name-length information and access-authorization information, and we report a newly discovered problem with enforcing case-insensitive uniqueness for Unicode names.","PeriodicalId":389487,"journal":{"name":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","volume":"294 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116250966","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Protecting data from malicious software 保护数据不受恶意软件侵害
18th Annual Computer Security Applications Conference, 2002. Proceedings. Pub Date : 2002-12-09 DOI: 10.1109/CSAC.2002.1176291
M. Schmid, F. Hill, Anup K. Ghosh
{"title":"Protecting data from malicious software","authors":"M. Schmid, F. Hill, Anup K. Ghosh","doi":"10.1109/CSAC.2002.1176291","DOIUrl":"https://doi.org/10.1109/CSAC.2002.1176291","url":null,"abstract":"Corruption or disclosure of sensitive user documents can be among the most lasting and costly effects of malicious software attacks. Many malicious programs specifically target files that are likely to contain important user data. Researchers have approached this problem by developing techniques for restricting access to resources on an application-by-application basis. These so-called \"sandbox environments,\" though effective, are cumbersome and difficult to use. In this paper, we present a prototype Windows NT/2000 tool that addresses malicious software threats to user data by extending the existing set of file-access permissions. Management and configuration options make the tool unobtrusive and easy to use. We have conducted preliminary experiments to assess the usability of the tool and to evaluate the effects of improvements we have made. Our work has produced an intuitive data-centric method of protecting valuable documents that provides an additional layer of defense beyond existing antivirus solutions.","PeriodicalId":389487,"journal":{"name":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","volume":"44 4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128871546","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 20
Enterprise engineering and security 企业工程与安全
18th Annual Computer Security Applications Conference, 2002. Proceedings. Pub Date : 2002-12-09 DOI: 10.1109/CSAC.2002.1176300
J. Heaney, D. Hybertson, A. Reedy, S. Chapin, M. Kirwan
{"title":"Enterprise engineering and security","authors":"J. Heaney, D. Hybertson, A. Reedy, S. Chapin, M. Kirwan","doi":"10.1109/CSAC.2002.1176300","DOIUrl":"https://doi.org/10.1109/CSAC.2002.1176300","url":null,"abstract":"As the focus of software engineering has expanded from information technology supporting the department, to supporting the organization, and to supporting the enterprise, engineering communities have attempted to extend their focus using Enterprise Frameworks and Enterprise Architectures (EAs). Unfortunately in doing so, information assurance (IA) is seldom considered for inclusion in such frameworks and architectures. On the occasions when IA is included in the frameworks or architectures, it is not addressed in a complete and comprehensive manner. In addition, even when known IA solutions exist, they are often not effectively applied. Enterprise architects and systems/software engineers often do not know the basics of IA. Patterns have recently become common for conveying best practice approaches to development and integration for well-known technologies in the system and software engineering communities. However, the use of patterns to capture a full range of enterprise solutions and IA solutions is still very new.","PeriodicalId":389487,"journal":{"name":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125010956","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Thirty years later: lessons from the Multics security evaluation 三十年后:Multics安全评估的教训
18th Annual Computer Security Applications Conference, 2002. Proceedings. Pub Date : 2002-12-09 DOI: 10.1109/CSAC.2002.1176285
P. Karger, R. Schell
{"title":"Thirty years later: lessons from the Multics security evaluation","authors":"P. Karger, R. Schell","doi":"10.1109/CSAC.2002.1176285","DOIUrl":"https://doi.org/10.1109/CSAC.2002.1176285","url":null,"abstract":"Almost thirty years ago a vulnerability assessment of Multics identified significant vulnerabilities, despite the fact that Multics was more secure than other contemporary (and current) computer systems. Considerably more important than any of the individual design and implementation flaws was the demonstration of subversion of the protection mechanism using malicious software (e.g., trap doors and Trojan horses). A series of enhancements were suggested that enabled Multics to serve in a relatively benign environment. These included addition of \"mandatory access controls\" and these enhancements were greatly enabled by the fact the Multics was designed from the start for security. However, the bottom-line conclusion was that \"restructuring is essential\" around a verifiable \"security kernel\" before using Multics (or any other system) in an open environment (as in today's Internet) with the existence of well-motivated professional attackers employing subversion. The lessons learned from the vulnerability assessment are highly applicable today as governments and industry strive (unsuccessfully) to \"secure\" today's weaker operating systems through add-ons, \"hardening\", and intrusion detection schemes.","PeriodicalId":389487,"journal":{"name":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","volume":"124 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131453222","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 95
Reusable components for developing security-aware applications 用于开发安全感知应用程序的可重用组件
18th Annual Computer Security Applications Conference, 2002. Proceedings. Pub Date : 2002-12-09 DOI: 10.1109/CSAC.2002.1176295
S. Probst, W. Eßmayr, E. Weippl
{"title":"Reusable components for developing security-aware applications","authors":"S. Probst, W. Eßmayr, E. Weippl","doi":"10.1109/CSAC.2002.1176295","DOIUrl":"https://doi.org/10.1109/CSAC.2002.1176295","url":null,"abstract":"Today, security is considered to be an important aspect of multi-tier application development. Thoroughly researched concepts for access control exist and have been proven in mainframe computing. However, they are often not used in today's development of multi-tier applications. One reason may be the lack of appropriate reusable components that support application developers that frequently have to re-invent the wheel when it comes to access controls. The goal of this paper is to promote awareness of security issues when developing applications and to illustrate a suitable approach for that. Our framework called GAMMA (Generic Authorization Mechanisms for Multi-Tier Applications) offers several authentication, access control, and auditing mechanisms. Access control models can be combined or used simultaneously in order to provide application-specific and highly customizable mechanisms. Moreover, due to its component-based structure, new security models and additional approaches for authentication or auditing can easily be added.","PeriodicalId":389487,"journal":{"name":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124960415","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
A financial institution's legacy mainframe access control system in light of the proposed NIST RBAC standard 根据拟议的NIST RBAC标准,金融机构的遗留主机访问控制系统
18th Annual Computer Security Applications Conference, 2002. Proceedings. Pub Date : 2002-12-09 DOI: 10.1109/CSAC.2002.1176310
A. D. Marshall
{"title":"A financial institution's legacy mainframe access control system in light of the proposed NIST RBAC standard","authors":"A. D. Marshall","doi":"10.1109/CSAC.2002.1176310","DOIUrl":"https://doi.org/10.1109/CSAC.2002.1176310","url":null,"abstract":"In this paper we describe a mainframe access control system (DENT) and its associated delegated administration tool (DSAS) that were used in a financial institution for over 20 years to control access to banking transaction products. The first part of this paper describes the design and operation of DENT/DSAS as an example of a long-lived access control system in a financial institution. A standard for role-based access control (RBAC) has recently been proposed by the United States National Institute of Standards and Technology (NIST). The second part of this paper discusses how the functionality of DENT/DSAS could be achieved by applying its principles of operation within the NIST model. In so doing we also evaluate the proposed standard by validating it against the requirements embodied in a successful access control system. We conclude with some observations about the design of DENT/DSAS and suggestions for changes in the proposed RBAC standard to accommodate some features of DENT/DSAS that it does not appear to support.","PeriodicalId":389487,"journal":{"name":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114513969","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Regulating e-commerce through certified contracts 通过认证合同规范电子商务
18th Annual Computer Security Applications Conference, 2002. Proceedings. Pub Date : 2002-12-09 DOI: 10.1109/CSAC.2002.1176276
V. Ungureanu
{"title":"Regulating e-commerce through certified contracts","authors":"V. Ungureanu","doi":"10.1109/CSAC.2002.1176276","DOIUrl":"https://doi.org/10.1109/CSAC.2002.1176276","url":null,"abstract":"Access control has traditionally assumed a single, monolithic authorization policy, generally expressed as an access matrix. We argue that this assumption does not fit e-commerce applications, which are governed by a potentially large set of independently stated, evolving contracts. In order to support this growing class of applications we propose an enforcement mechanism which uses certified-contracts as authorization policies. A certified-contract is obtained: (a) by expressing contract terms in a formal, interpretable language, and (b) by having it digitally signed by a trusted principal. We show that this approach would make dissemination, revision, and annulment of contracts more manageable and more efficient. We propose a language for stating contract terms, and present several formal examples of certified contracts. We describe the implementation of the enforcement mechanism, which can be used as an extension to a Web server or as a separate server with interface to application. The proposed model does not require any modification of the current certificate infrastructure, and only minor modifications to servers.","PeriodicalId":389487,"journal":{"name":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114592940","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Multics security evaluation: vulnerability analysis 多重安全评估:漏洞分析
18th Annual Computer Security Applications Conference, 2002. Proceedings. Pub Date : 2002-12-09 DOI: 10.1109/CSAC.2002.1176286
P. Karger, R. Schell
{"title":"Multics security evaluation: vulnerability analysis","authors":"P. Karger, R. Schell","doi":"10.1109/CSAC.2002.1176286","DOIUrl":"https://doi.org/10.1109/CSAC.2002.1176286","url":null,"abstract":"A security evaluation of Multics for potential use as a two-level (Secret/Top Secret) system in the Air Force Data Services Center (AFDSC) is presented. An overview is provided of the present implementation of the Multics Security controls. The report then details the results of a penetration exercise of Multics on the HIS 645 computer. In addition, preliminary results of a penetration exercise of Multics on the new HIS 6180 computer are presented. The report concludes that Multics as implemented today is not certifiably secure and cannot be used in an open use multi-level system. However, the Multics security design principles are significantly better than other contemporary systems. Thus, Multics as implemented today, can be used in a benign Secret/Top Secret environment. In addition, Multics forms a base from which a certifiably secure open use multi-level system can be developed.","PeriodicalId":389487,"journal":{"name":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114841122","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 87
Security of Internet location management Internet位置管理的安全性
18th Annual Computer Security Applications Conference, 2002. Proceedings. Pub Date : 2002-12-09 DOI: 10.1109/CSAC.2002.1176281
T. Aura, M. Roe, J. Arkko
{"title":"Security of Internet location management","authors":"T. Aura, M. Roe, J. Arkko","doi":"10.1109/CSAC.2002.1176281","DOIUrl":"https://doi.org/10.1109/CSAC.2002.1176281","url":null,"abstract":"In the Mobile IPv6 protocol, the mobile node sends binding updates to its correspondents to inform them about its current location. It is well-known that the origin of this location information must be authenticated. This paper discusses several threats created by location management that go beyond unauthentic location data. In particular, the attacker can redirect data to bomb third parties and induce unnecessary authentication. We introduce and analyze protection mechanisms with focus on ones that work for all Internet nodes and do not need a PKI or other new security infrastructure. Our threat analysis and assessment of the defense mechanisms formed the basis for the design of a secure location management protocol for Mobile IPv6. Many of the same threats should be considered when designing any location management mechanism for open networks.","PeriodicalId":389487,"journal":{"name":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129289032","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 48
Voice over IPsec: analysis and solutions IPsec语音:分析及解决方案
18th Annual Computer Security Applications Conference, 2002. Proceedings. Pub Date : 2002-12-09 DOI: 10.1109/CSAC.2002.1176297
Robert A. Barbieri, D. Bruschi, E. Rosti
{"title":"Voice over IPsec: analysis and solutions","authors":"Robert A. Barbieri, D. Bruschi, E. Rosti","doi":"10.1109/CSAC.2002.1176297","DOIUrl":"https://doi.org/10.1109/CSAC.2002.1176297","url":null,"abstract":"In this paper we present the results of the experimental analysis of the transmission of voice over secure communication links implementing IPsec. Critical parameters characterizing the real-time transmission of voice over an IPsec-ured Internet connection, as well as techniques that could be adopted to overcome some of the limitations of VoIPsec (Voice over IPsec), are presented Our results show that the effective bandwidth can be reduced up to 50% with respect to VoIP in case of VoIPsec. Furthermore, we show that the cryptographic engine may hurt the performance of voice traffic because of the impossibility to schedule the access to it in order to prioritize traffic. We present an efficient solution for packet header compression, which we call cIPsec, for VoIPsec traffic. Simulation results show that the proposed compression scheme significantly reduces the overhead of packet headers, thus increasing the effective bandwidth used by the transmission. In particular, when cIPsec is adopted, the average packet size is only 2% bigger than in the plain case (VoIP), which makes VoIPsec and VoIP equivalent from the bandwidth usage point of view.","PeriodicalId":389487,"journal":{"name":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2002-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131708991","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 124
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信