Pub Date : 1997-05-04DOI: 10.1109/SECPRI.1997.601336
Robert Grimm, B. Bershad
Summary form only given. In the SPIN operating system (B.N. Bershad et al., 1995; Przemyslaw Pardyak and B.N. Bershad, 1996) built at the University of Washington, we are experimenting with a version of domain and type enforcement (DTE) (L. Badger et al., 1995) that has been extended to address the security concerns of extensible systems. The SPIN operating system defines an extension infrastructure, together with a core set of extensible services, that allows for the fine grained and safe composition of extensions within the operating system kernel. Extensions are written in Modula-3, a type-safe programming language, and execute within the same address space. They interact by calling other parts of the system and by extending existing interfaces to provide new services. A central event dispatcher supports both mechanisms: to call on a service, an extension raises an event, and, to extend an existing interface, an extension registers a handler for that event. The invocation mechanism for events is simply a procedure call, and no context switches are required for the interaction between subsystems (since all extensions are co-located in the same address space).
只提供摘要形式。在SPIN操作系统中(B.N. Bershad et al., 1995;Przemyslaw Pardyak和B.N. Bershad, 1996)在华盛顿大学建立,我们正在试验一个版本的域和类型强制(DTE) (L. Badger等人,1995),它已经扩展到解决可扩展系统的安全问题。SPIN操作系统定义了一个扩展基础设施,以及一组核心的可扩展服务,它允许在操作系统内核中对扩展进行细粒度和安全的组合。扩展是用类型安全的编程语言Modula-3编写的,并在相同的地址空间内执行。它们通过调用系统的其他部分和扩展现有接口来提供新服务来进行交互。中央事件调度程序支持这两种机制:调用服务时,扩展引发事件;扩展扩展现有接口时,扩展为该事件注册处理程序。事件的调用机制只是一个过程调用,子系统之间的交互不需要上下文切换(因为所有扩展都位于同一地址空间中)。
{"title":"Access control for the SPIN extensible operating system","authors":"Robert Grimm, B. Bershad","doi":"10.1109/SECPRI.1997.601336","DOIUrl":"https://doi.org/10.1109/SECPRI.1997.601336","url":null,"abstract":"Summary form only given. In the SPIN operating system (B.N. Bershad et al., 1995; Przemyslaw Pardyak and B.N. Bershad, 1996) built at the University of Washington, we are experimenting with a version of domain and type enforcement (DTE) (L. Badger et al., 1995) that has been extended to address the security concerns of extensible systems. The SPIN operating system defines an extension infrastructure, together with a core set of extensible services, that allows for the fine grained and safe composition of extensions within the operating system kernel. Extensions are written in Modula-3, a type-safe programming language, and execute within the same address space. They interact by calling other parts of the system and by extending existing interfaces to provide new services. A central event dispatcher supports both mechanisms: to call on a service, an extension raises an event, and, to extend an existing interface, an extension registers a handler for that event. The invocation mechanism for events is simply a procedure call, and no context switches are required for the interaction between subsystems (since all extensions are co-located in the same address space).","PeriodicalId":114355,"journal":{"name":"Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097)","volume":"47 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-05-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123059918","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1997-05-04DOI: 10.1109/SECPRI.1997.601334
C. Irvine
A principal criterion by which new operating systems are judged is the level of performance that they provide for applications. To this end, new operating systems have sought novel approaches to performance enhancement. A theme common to many of these initiatives is that of specialization. Instead of an operating system designed to serve all applications (either equally well or equally badly), the operating system is adapted to serve the needs of the application. The intent is not to provide a different static operating system for each application but to allow the operating system to be dynamically modified or specialized to best serve each application. The five operating system efforts presented are: the Exokernel Project, the Fluke Project, the Fox Project, the Scout Project, and the SPIN Project. The authors hope to give an overview of the innovative techniques being used to enhance performance in these systems and to discuss the effect of those enhancements on one's ability to reason about the security properties of systems.
{"title":"Security in innovative new operating systems","authors":"C. Irvine","doi":"10.1109/SECPRI.1997.601334","DOIUrl":"https://doi.org/10.1109/SECPRI.1997.601334","url":null,"abstract":"A principal criterion by which new operating systems are judged is the level of performance that they provide for applications. To this end, new operating systems have sought novel approaches to performance enhancement. A theme common to many of these initiatives is that of specialization. Instead of an operating system designed to serve all applications (either equally well or equally badly), the operating system is adapted to serve the needs of the application. The intent is not to provide a different static operating system for each application but to allow the operating system to be dynamically modified or specialized to best serve each application. The five operating system efforts presented are: the Exokernel Project, the Fluke Project, the Fox Project, the Scout Project, and the SPIN Project. The authors hope to give an overview of the innovative techniques being used to enhance performance in these systems and to discuss the effect of those enhancements on one's ability to reason about the security properties of systems.","PeriodicalId":114355,"journal":{"name":"Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-05-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132966957","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1997-05-04DOI: 10.1109/SECPRI.1997.601332
C. Ko, M. Ruschitzka, K. Levitt
We describe a specification-based approach to detect exploitations of vulnerabilities in security-critical programs. The approach utilizes security specifications that describe the intended behavior of programs and scans audit trails for operations that are in violation of the specifications. We developed a formal framework for specifying the security-relevant behavior of programs, on which we based the design and implementation of a real-time intrusion detection system for a distributed system. Also, we wrote security specifications for 15 Unix setuid root programs. Our system detects attacks caused by monitored programs, including security violations caused by improper synchronization in distributed programs. Our approach encompasses attacks that exploit previously unknown vulnerabilities in security-critical programs.
{"title":"Execution monitoring of security-critical programs in distributed systems: a specification-based approach","authors":"C. Ko, M. Ruschitzka, K. Levitt","doi":"10.1109/SECPRI.1997.601332","DOIUrl":"https://doi.org/10.1109/SECPRI.1997.601332","url":null,"abstract":"We describe a specification-based approach to detect exploitations of vulnerabilities in security-critical programs. The approach utilizes security specifications that describe the intended behavior of programs and scans audit trails for operations that are in violation of the specifications. We developed a formal framework for specifying the security-relevant behavior of programs, on which we based the design and implementation of a real-time intrusion detection system for a distributed system. Also, we wrote security specifications for 15 Unix setuid root programs. Our system detects attacks caused by monitored programs, including security violations caused by improper synchronization in distributed programs. Our approach encompasses attacks that exploit previously unknown vulnerabilities in security-critical programs.","PeriodicalId":114355,"journal":{"name":"Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097)","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-05-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124855155","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1997-05-04DOI: 10.1109/SECPRI.1997.601329
John C. Mitchell, Mark Mitchell, U. Stern
A methodology is presented for using a general-purpose state enumeration tool, Mur/spl phi/, to analyze cryptographic and security-related protocols. We illustrate the feasibility of the approach by analyzing the Needham-Schroeder (1978) protocol, finding a known bug in a few seconds of computation time, and analyzing variants of Kerberos and the faulty TMN protocol used in another comparative study. The efficiency of Mur/spl phi/ also allows us to examine multiple terms of relatively short protocols, giving us the ability to detect replay attacks, or errors resulting from confusion between independent execution of a protocol by independent parties.
{"title":"Automated analysis of cryptographic protocols using Mur/spl phi/","authors":"John C. Mitchell, Mark Mitchell, U. Stern","doi":"10.1109/SECPRI.1997.601329","DOIUrl":"https://doi.org/10.1109/SECPRI.1997.601329","url":null,"abstract":"A methodology is presented for using a general-purpose state enumeration tool, Mur/spl phi/, to analyze cryptographic and security-related protocols. We illustrate the feasibility of the approach by analyzing the Needham-Schroeder (1978) protocol, finding a known bug in a few seconds of computation time, and analyzing variants of Kerberos and the faulty TMN protocol used in another comparative study. The efficiency of Mur/spl phi/ also allows us to examine multiple terms of relatively short protocols, giving us the ability to detect replay attacks, or errors resulting from confusion between independent execution of a protocol by independent parties.","PeriodicalId":114355,"journal":{"name":"Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-05-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123902061","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1997-05-04DOI: 10.1109/SECPRI.1997.601314
Michael G. Reed, P. Syverson, D. Goldschlag
Onion routing provides anonymous connections that are strongly resistant to both eavesdropping and traffic analysis. Unmodified Internet applications can use these anonymous connections by means of proxies. The proxies may also make communication anonymous by removing identifying information from the data stream. Onion routing has been implemented on Sun Solaris 2.X with proxies for Web browsing, remote logins and e-mail. This paper's contribution is a detailed specification of the implemented onion routing system, a vulnerability analysis based on this specification, and performance results.
洋葱路由提供匿名连接,对窃听和流量分析都有很强的抵抗力。未经修改的Internet应用程序可以通过代理使用这些匿名连接。代理还可以通过从数据流中删除标识信息来使通信匿名。洋葱路由已经在Sun Solaris 2上实现了。X带有Web浏览、远程登录和电子邮件代理。本文的贡献是实现洋葱路由系统的详细规范,基于该规范的漏洞分析和性能结果。
{"title":"Anonymous connections and onion routing","authors":"Michael G. Reed, P. Syverson, D. Goldschlag","doi":"10.1109/SECPRI.1997.601314","DOIUrl":"https://doi.org/10.1109/SECPRI.1997.601314","url":null,"abstract":"Onion routing provides anonymous connections that are strongly resistant to both eavesdropping and traffic analysis. Unmodified Internet applications can use these anonymous connections by means of proxies. The proxies may also make communication anonymous by removing identifying information from the data stream. Onion routing has been implemented on Sun Solaris 2.X with proxies for Web browsing, remote logins and e-mail. This paper's contribution is a detailed specification of the implemented onion routing system, a vulnerability analysis based on this specification, and performance results.","PeriodicalId":114355,"journal":{"name":"Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097)","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-05-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127380031","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1997-05-04DOI: 10.1109/SECPRI.1997.601328
E. Ferrari, P. Samarati, E. Bertino, S. Jajodia
This paper presents an approach to control information flow in object-oriented systems that takes into account, besides authorizations on objects, also how the information has been obtained and/or transmitted. These aspects are considered by allowing exceptions to the restrictions stated by the authorizations. Exceptions are specified by means of waivers associated with methods. Two kinds of waivers are supported: invoke-waivers, specifying exceptions applicable during a method's execution, and reply-waivers, specifying exceptions applicable to the information returned by a method. Information flowing from one object into another object is subject to the different waivers of the methods enforcing the transmission. We formally characterize information transmission and flow in a transaction taking into consideration different interaction modes among objects. We then define security specifications, meaning authorizations and waivers, and characterize safe information flows. We formally define conditions whose satisfaction ensures absence of unsafe flows and present an algorithm enforcing these conditions.
{"title":"Providing flexibility in information flow control for object oriented systems","authors":"E. Ferrari, P. Samarati, E. Bertino, S. Jajodia","doi":"10.1109/SECPRI.1997.601328","DOIUrl":"https://doi.org/10.1109/SECPRI.1997.601328","url":null,"abstract":"This paper presents an approach to control information flow in object-oriented systems that takes into account, besides authorizations on objects, also how the information has been obtained and/or transmitted. These aspects are considered by allowing exceptions to the restrictions stated by the authorizations. Exceptions are specified by means of waivers associated with methods. Two kinds of waivers are supported: invoke-waivers, specifying exceptions applicable during a method's execution, and reply-waivers, specifying exceptions applicable to the information returned by a method. Information flowing from one object into another object is subject to the different waivers of the methods enforcing the transmission. We formally characterize information transmission and flow in a transaction taking into consideration different interaction modes among objects. We then define security specifications, meaning authorizations and waivers, and characterize safe information flows. We formally define conditions whose satisfaction ensures absence of unsafe flows and present an algorithm enforcing these conditions.","PeriodicalId":114355,"journal":{"name":"Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097)","volume":"94 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-05-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127592615","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1997-05-04DOI: 10.1109/SECPRI.1997.601324
L. Cholvy, F. Cuppens
We discuss the development of a methodology for reasoning about properties of security policies. We view a security policy as a special case of regulation which specifies what actions some agents are permitted, obliged or forbidden to perform and we formalize a policy by a set of deontic formulae. We first address the problem of checking policy consistency and describe a method for solving it. The second point we are interested in is how to query a policy to know the actual norms which apply to a given situation. In order to provide the user with consistent answers, the normative conflicts which may appear in the policy must be solved. For doing so, we suggest using the notion of roles and define priorities between roles.
{"title":"Analyzing consistency of security policies","authors":"L. Cholvy, F. Cuppens","doi":"10.1109/SECPRI.1997.601324","DOIUrl":"https://doi.org/10.1109/SECPRI.1997.601324","url":null,"abstract":"We discuss the development of a methodology for reasoning about properties of security policies. We view a security policy as a special case of regulation which specifies what actions some agents are permitted, obliged or forbidden to perform and we formalize a policy by a set of deontic formulae. We first address the problem of checking policy consistency and describe a method for solving it. The second point we are interested in is how to query a policy to know the actual norms which apply to a given situation. In order to provide the user with consistent answers, the normative conflicts which may appear in the policy must be solved. For doing so, we suggest using the notion of roles and define priorities between roles.","PeriodicalId":114355,"journal":{"name":"Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097)","volume":"283 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-05-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126952756","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1997-05-04DOI: 10.1109/SECPRI.1997.601326
M. Schaefer, Sylvan Pinsky, Drew Dean, Li Gong, Jim Roskind, Barbara Fox
This paper introduces a panel discussion on establishing assurance evidence that mobile code applications perform as expected by the user, without the side effects that have been demonstrated as possible in constructed examples of malicious or "rogue" applets. The paper's principal authors, Schaefer and Pinsky, have been engaged in cooperative research with the JavaSoft community to gain understanding of the complexities of assurance for mobile code applications. The paper discusses part of this on-going research. The panel adds the voices and experience of a continuing researcher, Dean, and of active practitioners from the principal vendors of mobile-code-enabled (and enabling) products. The panel actively debates the issues of providing compelling assurance evidence relating to the control of such code.
{"title":"Ensuring assurance in mobile computing","authors":"M. Schaefer, Sylvan Pinsky, Drew Dean, Li Gong, Jim Roskind, Barbara Fox","doi":"10.1109/SECPRI.1997.601326","DOIUrl":"https://doi.org/10.1109/SECPRI.1997.601326","url":null,"abstract":"This paper introduces a panel discussion on establishing assurance evidence that mobile code applications perform as expected by the user, without the side effects that have been demonstrated as possible in constructed examples of malicious or \"rogue\" applets. The paper's principal authors, Schaefer and Pinsky, have been engaged in cooperative research with the JavaSoft community to gain understanding of the complexities of assurance for mobile code applications. The paper discusses part of this on-going research. The panel adds the voices and experience of a continuing researcher, Dean, and of active practitioners from the principal vendors of mobile-code-enabled (and enabling) products. The panel actively debates the issues of providing compelling assurance evidence relating to the control of such code.","PeriodicalId":114355,"journal":{"name":"Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097)","volume":"55 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-05-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127297524","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1997-05-04DOI: 10.1109/SECPRI.1997.601340
Sarvar Patel
Encrypted Key Exchange (EKE) (S. Bellovin and M. Merritt, 1992; 1993) allows two parties sharing a password to exchange authenticated information over an insecure network by using a combination of public and secret key cryptography. EKE promises security against active attacks and dictionary attacks. Other secure protocols have been proposed based on the use of randomized confounders (L. Gong et al., 1993). We use some basic results from number theory to present password guessing attacks on all versions of EKE discussed in the paper (S. Bellovin and M. Merritt, 1992) and we also offer countermeasures to the attacks. However for the RSA version of EKE, we show that simple modifications are not enough to rescue the protocol. Attacks are also presented on half encrypted versions of EKE. We also show how randomized confounders cannot protect Direct Authentication Protocol and Secret Public Key Protocol versions of a secure password scheme from attacks. We discuss why these attacks are possible against seemingly secure protocols and what is necessary to make secure protocols.
加密密钥交换(EKE) (S. Bellovin and M. Merritt, 1992;1993)允许共享密码的双方通过使用公钥和密钥加密的组合在不安全的网络上交换已认证的信息。EKE保证了针对主动攻击和字典攻击的安全性。其他基于随机混杂因素的安全协议也被提出(L. Gong et al., 1993)。我们利用数论的一些基本结果,对文中讨论的所有版本的EKE (S. Bellovin and M. Merritt, 1992)提出了密码猜测攻击,并提供了攻击的对策。然而,对于RSA版本的EKE,我们表明,简单的修改不足以挽救协议。对EKE的半加密版本也提出了攻击。我们还展示了随机混淆器如何无法保护安全密码方案的直接身份验证协议和秘密公钥协议版本免受攻击。我们讨论了为什么这些攻击可能针对看似安全的协议,以及制定安全协议需要什么。
{"title":"Number theoretic attacks on secure password schemes","authors":"Sarvar Patel","doi":"10.1109/SECPRI.1997.601340","DOIUrl":"https://doi.org/10.1109/SECPRI.1997.601340","url":null,"abstract":"Encrypted Key Exchange (EKE) (S. Bellovin and M. Merritt, 1992; 1993) allows two parties sharing a password to exchange authenticated information over an insecure network by using a combination of public and secret key cryptography. EKE promises security against active attacks and dictionary attacks. Other secure protocols have been proposed based on the use of randomized confounders (L. Gong et al., 1993). We use some basic results from number theory to present password guessing attacks on all versions of EKE discussed in the paper (S. Bellovin and M. Merritt, 1992) and we also offer countermeasures to the attacks. However for the RSA version of EKE, we show that simple modifications are not enough to rescue the protocol. Attacks are also presented on half encrypted versions of EKE. We also show how randomized confounders cannot protect Direct Authentication Protocol and Secret Public Key Protocol versions of a secure password scheme from attacks. We discuss why these attacks are possible against seemingly secure protocols and what is necessary to make secure protocols.","PeriodicalId":114355,"journal":{"name":"Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097)","volume":"127 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-05-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121550377","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1997-05-04DOI: 10.1109/SECPRI.1997.601331
P. Ammann, S. Jajodia, Catherine D. McCollum, B. Blaustein
We consider the problem of surviving information warfare attacks on databases. We adopt a fault tolerance approach to the different phases of an attack. To maintain precise information about the attack, we mark data to reflect the severity of detected damage as well as the degree to which the damaged data has been repaired. In the case of partially repaired data, integrity constraints might be violated, but data is nonetheless available to support mission objectives. We define a notion of consistency suitable for databases in which some information is known to be damaged, and other information is known to be only partially repaired. We present a protocol for normal transactions with respect to the damage markings and show that consistency preserving normal transactions maintain database consistency in the presence of damage. We present an algorithm for taking consistent snapshots of databases under attack. The snapshot algorithm has the virtue of not interfering with countermeasure transactions.
{"title":"Surviving information warfare attacks on databases","authors":"P. Ammann, S. Jajodia, Catherine D. McCollum, B. Blaustein","doi":"10.1109/SECPRI.1997.601331","DOIUrl":"https://doi.org/10.1109/SECPRI.1997.601331","url":null,"abstract":"We consider the problem of surviving information warfare attacks on databases. We adopt a fault tolerance approach to the different phases of an attack. To maintain precise information about the attack, we mark data to reflect the severity of detected damage as well as the degree to which the damaged data has been repaired. In the case of partially repaired data, integrity constraints might be violated, but data is nonetheless available to support mission objectives. We define a notion of consistency suitable for databases in which some information is known to be damaged, and other information is known to be only partially repaired. We present a protocol for normal transactions with respect to the damage markings and show that consistency preserving normal transactions maintain database consistency in the presence of damage. We present an algorithm for taking consistent snapshots of databases under attack. The snapshot algorithm has the virtue of not interfering with countermeasure transactions.","PeriodicalId":114355,"journal":{"name":"Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-05-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114954774","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: