发布求助
文献互助 智能选刊 最新文献

Proceedings. IEEE Symposium on Security and Privacy最新文献

筛选
英文 中文
Goals for Computer Security Education 计算机安全教育的目标
Proceedings. IEEE Symposium on Security and Privacy Pub Date : 1996-05-06 DOI: 10.5555/525080.884271
C. Irvine
{"title":"Goals for Computer Security Education","authors":"C. Irvine","doi":"10.5555/525080.884271","DOIUrl":"https://doi.org/10.5555/525080.884271","url":null,"abstract":"Abstract : Until recently, most of those involved in research, development and operation of secure computing systems have been either autodidacts or individually mentored by people already working in the field. Today's practitioners learned computer security as it was growing up around them. Security concerns have created an increased demand for computer security professionals. Students want to learn about computer security and potential employers want graduates who can go to work solving their problems. We, the members of the computer security community, must be responsible for producing the next generation of computer security experts. The objective of this panel is to present and discuss the opinions of people who hire computer science graduates to work on computer security problems. Thus, the panel seeks not to have computer security educators tell the audience what they are teaching, but to have employers tell us what needs to be taught.","PeriodicalId":90300,"journal":{"name":"Proceedings. IEEE Symposium on Security and Privacy","volume":"2 1","pages":"24-25"},"PeriodicalIF":0.0,"publicationDate":"1996-05-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74694685","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Exploiting the Dual Nature of Sensitivity Labels 利用敏感性标签的双重性
Proceedings. IEEE Symposium on Security and Privacy Pub Date : 1987-04-27 DOI: 10.1109/SP.1987.10016
John P. L. Woodward
{"title":"Exploiting the Dual Nature of Sensitivity Labels","authors":"John P. L. Woodward","doi":"10.1109/SP.1987.10016","DOIUrl":"https://doi.org/10.1109/SP.1987.10016","url":null,"abstract":"","PeriodicalId":90300,"journal":{"name":"Proceedings. IEEE Symposium on Security and Privacy","volume":"12 1","pages":"23-31"},"PeriodicalIF":0.0,"publicationDate":"1987-04-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79387760","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
A Model for Multilevel Security Based on Operator Nets 基于算子网的多级安全模型
Proceedings. IEEE Symposium on Security and Privacy Pub Date : 1987-04-27 DOI: 10.1109/SP.1987.10007
G. MacEwen, V. W. Poon, J. Glasgow
{"title":"A Model for Multilevel Security Based on Operator Nets","authors":"G. MacEwen, V. W. Poon, J. Glasgow","doi":"10.1109/SP.1987.10007","DOIUrl":"https://doi.org/10.1109/SP.1987.10007","url":null,"abstract":"A security model for the SNet multilevel secure distributed system, bawd on a behavioral semantics for operator nets and expressed in Lucid, is described. This model subsumes a previously published model of the network within SNet and includes authorized downgrading as well as the security policies enforced by trusted hosts connected to the network. The previous model is based on seven rather ad hoc constraints without presenting a coherent argument regarding security. The model described in this paper provides a more general abstract model than is provided by those' seven constraints.","PeriodicalId":90300,"journal":{"name":"Proceedings. IEEE Symposium on Security and Privacy","volume":"101 1","pages":"150-160"},"PeriodicalIF":0.0,"publicationDate":"1987-04-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85867921","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Trusted Software Verification: A Case Study 可信软件验证:案例研究
Proceedings. IEEE Symposium on Security and Privacy Pub Date : 1985-04-22 DOI: 10.1109/SP.1985.10003
Terry V. Benzel, Deborah A. Tavilla
{"title":"Trusted Software Verification: A Case Study","authors":"Terry V. Benzel, Deborah A. Tavilla","doi":"10.1109/SP.1985.10003","DOIUrl":"https://doi.org/10.1109/SP.1985.10003","url":null,"abstract":"This paper presents a case study of the verification of the trusted software component of the SCOMP system Trusted Computing Base (TCB). The SCOMP system was developed by Honeywell and is the first system to achieve an A1 rating from the DoDCSC. A number of papers have been published that discuss the verification approach for the SCOMP system security kernel [15, 14, 12, 10]. The SCOMP system security kernel was verified using the Hierarchical Development Methodology in a manner similar to those used for previous kernel verifications [13]. Most of the research and applications to date have been directed towards verifying the security properties of kernel software. Much less is known about verifying the security properties of trusted software. This paper will present a case study of these trusted software verification in the SCOMP system. The case study will focus on defining what trusted software is in a kernelized systems, why trusted software is trusted, what are the security requirements to be proved, and how should these requirements be proven. Then a method developed at MITRE for the review of trusted software werification evidence using the Gypsy methodolgy will be presented. Finaly, area requiring futher research will be discussed.","PeriodicalId":90300,"journal":{"name":"Proceedings. IEEE Symposium on Security and Privacy","volume":"4 1","pages":"14-31"},"PeriodicalIF":0.0,"publicationDate":"1985-04-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87222118","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Comparison Paper between the Bell and LaPadula Model and the SRI Model Bell和LaPadula模型与SRI模型的比较研究
Proceedings. IEEE Symposium on Security and Privacy Pub Date : 1984-04-01 DOI: 10.1109/SP.1984.10021
Tad Taylor
{"title":"Comparison Paper between the Bell and LaPadula Model and the SRI Model","authors":"Tad Taylor","doi":"10.1109/SP.1984.10021","DOIUrl":"https://doi.org/10.1109/SP.1984.10021","url":null,"abstract":"","PeriodicalId":90300,"journal":{"name":"Proceedings. IEEE Symposium on Security and Privacy","volume":"35 1","pages":"195-203"},"PeriodicalIF":0.0,"publicationDate":"1984-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86611691","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Executable Logic Specifications: A New Approach to Computer Security 可执行逻辑规范:计算机安全的新途径
Proceedings. IEEE Symposium on Security and Privacy Pub Date : 1984-04-01 DOI: 10.1109/SP.1984.10020
D. Sidhu
{"title":"Executable Logic Specifications: A New Approach to Computer Security","authors":"D. Sidhu","doi":"10.1109/SP.1984.10020","DOIUrl":"https://doi.org/10.1109/SP.1984.10020","url":null,"abstract":"This paper discusses the use of logic programming techniques in the specification and verification of secure systems. The secure systems specifications discussed are formal and directly executable. The advantages of executable specifications are: (1) the specification is itself a prototype of the specified system, (2) incremental development of specification sis possible, (3)behavior exhibited by the specification when executed can be used to check conformity of the specification with security requirements such as DoD security policy, or discretionary and integrity policies.We discuss Horn clause logic, which has a procedural interpretation, and we use the predicate logic programming language, PROLOG, to specify and verify the functional correctness of secure systems, The PROLOG system possesses a powerful pattern-matching feature which is based on unification. An executable specification is very useful in checking completeness of a design and rectifying flaws in it before the expensive step of coding starts. In this paper, three examples of executable logic specifications are given a \"login\" command from military message system experiment, a security kernel for an imaginary computer architecture, and a simple downgrade trusted process. Executable logic specifications for secure systems could prove very useful to the DoD Computer Security Center in assessing computer products according to trusted computer system evaluation criteria.","PeriodicalId":90300,"journal":{"name":"Proceedings. IEEE Symposium on Security and Privacy","volume":"39 1","pages":"142-153"},"PeriodicalIF":0.0,"publicationDate":"1984-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76675557","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
The VERUS Design Verification System VERUS设计验证系统
Proceedings. IEEE Symposium on Security and Privacy Pub Date : 1983-04-25 DOI: 10.1109/SP.1983.10002
Brian Marick
{"title":"The VERUS Design Verification System","authors":"Brian Marick","doi":"10.1109/SP.1983.10002","DOIUrl":"https://doi.org/10.1109/SP.1983.10002","url":null,"abstract":"VERUS is a design specification and verification system developed by Compion Corporation. Design verification is the analysis of the interaction of a computer system's primitives to show that the system meets certain correctness requirements. The system to be verified is described in a formal specification, which includes statements of the correctness requirements. VERUS is a general-purpose eystem, but its primary application has been to verify systeme modeled as state machines. This paper describes the VERUS approach to state machine specifications by developing a simple security example. VERUS software consists primarily of a pareer and a theorem prover. A specification and proof outlines are converted by the pareer into a form usable by the prover. The proof outlines guide the prover in its search for complete, formal proofs. The parser and theorem prover are used together with a good text editor in a tight, quick loop.","PeriodicalId":90300,"journal":{"name":"Proceedings. IEEE Symposium on Security and Privacy","volume":"92 1","pages":"150-160"},"PeriodicalIF":0.0,"publicationDate":"1983-04-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84121508","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
The Many-Time Pad: Theme and Variations 多时间垫:主题和变奏
Proceedings. IEEE Symposium on Security and Privacy Pub Date : 1983-04-25 DOI: 10.1109/SP.1983.10010
D. Denning
{"title":"The Many-Time Pad: Theme and Variations","authors":"D. Denning","doi":"10.1109/SP.1983.10010","DOIUrl":"https://doi.org/10.1109/SP.1983.10010","url":null,"abstract":"The man-time pad is a method of subverting the security controls of a system to obtain data that is not directly accessible(e.g., because the data is confidential, classified, or otherwise deemed sensitive). It is the antithesis of the one-time pad, the only theoretically unbreakable cipher, in two respects: 1) whereas the one-time pad is a method of protection,the many-time pad is a method of attack; and 2) whereas the one-time pad is used just once, the many-time pad is reusable. A1so, whereas the interpretation of \"pad\" m the one-time pad comes from a \"pad of paper\", its interpretation in the many-time pad comes from \"stuffing\". What makes the many-time pad attack interesting is that it arises in three different contexts: cryptographic systems, where digital signatures can be forged or messages decrypted; statistical databases, where trackers can be used to obtain confidential data; and programming systems, where Trojan Horses can be planted in programs to leak sensitive input data, We shall first describe the basic structure of the attack and countermeasures for foiling it. We shall then show how these three seemingly unrelated security threats are variations of a common theme.","PeriodicalId":90300,"journal":{"name":"Proceedings. IEEE Symposium on Security and Privacy","volume":"9 1","pages":"23-32"},"PeriodicalIF":0.0,"publicationDate":"1983-04-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88385414","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
An Approach to Indentification of Minimum TCB Requirements for Various Threat/Risk Environments 确定各种威胁/风险环境的最低TCB要求的方法
Proceedings. IEEE Symposium on Security and Privacy Pub Date : 1983-04-25 DOI: 10.1109/SP.1983.10007
James P. Anderson
{"title":"An Approach to Indentification of Minimum TCB Requirements for Various Threat/Risk Environments","authors":"James P. Anderson","doi":"10.1109/SP.1983.10007","DOIUrl":"https://doi.org/10.1109/SP.1983.10007","url":null,"abstract":"A gross identification of threats and risks based on a data classification environment and the minimum clearance level of individuals using a system is related to the levels identified in the DODCSC Trusted Computer Evaluation Criteria. A proposed set of minimum TCB levels for given threat risk environments is identified.","PeriodicalId":90300,"journal":{"name":"Proceedings. IEEE Symposium on Security and Privacy","volume":"5 1","pages":"102-106"},"PeriodicalIF":0.0,"publicationDate":"1983-04-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86954566","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Non-Discretionery Controls for Commercial Applications 商业应用的非自由裁量控制
Proceedings. IEEE Symposium on Security and Privacy Pub Date : 1982-04-26 DOI: 10.1109/SP.1982.10022
S. Lipner
{"title":"Non-Discretionery Controls for Commercial Applications","authors":"S. Lipner","doi":"10.1109/SP.1982.10022","DOIUrl":"https://doi.org/10.1109/SP.1982.10022","url":null,"abstract":"The lattice model of non-discretionary access control in a secure computer system was developed in the early Seventies[BIaP]. The model was motivated by the controls used by the Defense Department and other \"nationalsecurity\" agencies to regulate people's access to sensitive information. Since that time, the lattice model has enjoyed reasonable success in several computer systems used to process national security classified information [MME; Multics; SACDIN]. \"Reasonable success\", in this context, means that human beings accept the systems and are able to use them to accomplish useful work,without the protection provided by the non-discretionary controls unduly interfering with productivity or perceived convenience.","PeriodicalId":90300,"journal":{"name":"Proceedings. IEEE Symposium on Security and Privacy","volume":"8 1","pages":"2-10"},"PeriodicalIF":0.0,"publicationDate":"1982-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85176555","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信