Pub Date : 1999-05-14DOI: 10.1109/SECPRI.1999.766909
Wenke Lee, S. Stolfo, K. Mok
There is often the need to update an installed intrusion detection system (IDS) due to new attack methods or upgraded computing environments. Since many current IDSs are constructed by manual encoding of expert knowledge, changes to IDSs are expensive and slow. We describe a data mining framework for adaptively building Intrusion Detection (ID) models. The central idea is to utilize auditing programs to extract an extensive set of features that describe each network connection or host session, and apply data mining programs to learn rules that accurately capture the behavior of intrusions and normal activities. These rules can then be used for misuse detection and anomaly detection. New detection models are incorporated into an existing IDS through a meta-learning (or co-operative learning) process, which produces a meta detection model that combines evidence from multiple models. We discuss the strengths of our data mining programs, namely, classification, meta-learning, association rules, and frequent episodes. We report on the results of applying these programs to the extensively gathered network audit data for the 1998 DARPA Intrusion Detection Evaluation Program.
{"title":"A data mining framework for building intrusion detection models","authors":"Wenke Lee, S. Stolfo, K. Mok","doi":"10.1109/SECPRI.1999.766909","DOIUrl":"https://doi.org/10.1109/SECPRI.1999.766909","url":null,"abstract":"There is often the need to update an installed intrusion detection system (IDS) due to new attack methods or upgraded computing environments. Since many current IDSs are constructed by manual encoding of expert knowledge, changes to IDSs are expensive and slow. We describe a data mining framework for adaptively building Intrusion Detection (ID) models. The central idea is to utilize auditing programs to extract an extensive set of features that describe each network connection or host session, and apply data mining programs to learn rules that accurately capture the behavior of intrusions and normal activities. These rules can then be used for misuse detection and anomaly detection. New detection models are incorporated into an existing IDS through a meta-learning (or co-operative learning) process, which produces a meta detection model that combines evidence from multiple models. We discuss the strengths of our data mining programs, namely, classification, meta-learning, association rules, and frequent episodes. We report on the results of applying these programs to the extensively gathered network audit data for the 1998 DARPA Intrusion Detection Evaluation Program.","PeriodicalId":204019,"journal":{"name":"Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1999-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121172398","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1999-05-14DOI: 10.1109/SECPRI.1999.766902
T. Jensen, D. Métayer, Tommy Thorn
A fundamental problem in software based security is whether local security checks inserted into the code are sufficient to implement a global security property. We introduce a formalism based on a two-level linear time temporal logic for specifying global security properties pertaining to the control flow of the program, and illustrate its expressive power with a number of existing properties. We define a minimalistic, security dedicated program model that only contains procedure call and run time security checks and propose an automatic method for verifying that an implementation using local security checks satisfies a global security property. For a given formula in the temporal logic, we prove that there exists a bound on the size of the states that have to be considered in order to assure the validity of the formula: this reduces the problem to finite state model checking. Finally, we instantiate the framework to the security architecture proposed for Java (JDK 1.2).
{"title":"Verification of control flow based security properties","authors":"T. Jensen, D. Métayer, Tommy Thorn","doi":"10.1109/SECPRI.1999.766902","DOIUrl":"https://doi.org/10.1109/SECPRI.1999.766902","url":null,"abstract":"A fundamental problem in software based security is whether local security checks inserted into the code are sufficient to implement a global security property. We introduce a formalism based on a two-level linear time temporal logic for specifying global security properties pertaining to the control flow of the program, and illustrate its expressive power with a number of existing properties. We define a minimalistic, security dedicated program model that only contains procedure call and run time security checks and propose an automatic method for verifying that an implementation using local security checks satisfies a global security property. For a given formula in the temporal logic, we prove that there exists a bound on the size of the states that have to be considered in order to assure the validity of the formula: this reduces the problem to finite state model checking. Finally, we instantiate the framework to the security architecture proposed for Java (JDK 1.2).","PeriodicalId":204019,"journal":{"name":"Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1999-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122741715","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1999-05-14DOI: 10.1109/SECPRI.1999.766908
S. Kent
Summary form only given. The history of network security is outlined by looking at technology in 1979 and comparing it with that of 1999. The following areas are included: crypto based net security; access control and authentication; and security protocols.
{"title":"Network security: then and now or 20 years in 10 minutes","authors":"S. Kent","doi":"10.1109/SECPRI.1999.766908","DOIUrl":"https://doi.org/10.1109/SECPRI.1999.766908","url":null,"abstract":"Summary form only given. The history of network security is outlined by looking at technology in 1979 and comparing it with that of 1999. The following areas are included: crypto based net security; access control and authentication; and security protocols.","PeriodicalId":204019,"journal":{"name":"Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1999-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123296292","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1999-05-09DOI: 10.1109/SECPRI.1999.766921
Brian D. Snow
Twenty years from now there will still be software security-enhanced applications vulnerable to buffer overflow problems. These products should not be called secure, but will be sold as such. Twenty years from now there will still be security-enhanced operating systems that will crash when applications misbehave. They will not be secure either. The author considers how we will have sufficient functionality, plenty of performance, but not enough assurance.
{"title":"The future is not assured-but it should be","authors":"Brian D. Snow","doi":"10.1109/SECPRI.1999.766921","DOIUrl":"https://doi.org/10.1109/SECPRI.1999.766921","url":null,"abstract":"Twenty years from now there will still be software security-enhanced applications vulnerable to buffer overflow problems. These products should not be called secure, but will be sold as such. Twenty years from now there will still be security-enhanced operating systems that will crash when applications misbehave. They will not be secure either. The author considers how we will have sufficient functionality, plenty of performance, but not enough assurance.","PeriodicalId":204019,"journal":{"name":"Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1999-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114804257","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1999-05-09DOI: 10.1109/SECPRI.1999.766913
S. Dawson, S. Vimercati, P. Samarati
Although mandatory access control in database systems has been extensively studied in recent years, and several models and systems have been proposed, capabilities for enforcement of mandatory constraints remain limited. Lack of support for expressing and combating inference channels that improperly leak protected information remains a major limitation in today's multilevel systems. Moreover the working assumption that data are classified at insertion time makes previous approaches inapplicable to the classification of existing, possibly historical, data repositories that need to be classified for release. Such a capability would be of great benefit to, and appears to be in demand by, governmental, public and private institutions. We address the problem of classifying existing data repositories by taking into consideration explicit data classification as well as association and inference constraints. Constraints are expressed in a unified, DBMS- and model-independent framework, making the approach largely applicable. We introduce the concept of minimal classification as a labeling of data elements that while satisfying the constraints, ensures that no data element is classified at a level higher than necessary. We also describe a technique and present an algorithm for generating data classifications that are both minimal and preferred according to certain criteria. Our approach is based on preprocessing, or compiling, constraints to produce a set of simple classification assignments that can then be efficiently applied to classify any database instance.
{"title":"Specification and enforcement of classification and inference constraints","authors":"S. Dawson, S. Vimercati, P. Samarati","doi":"10.1109/SECPRI.1999.766913","DOIUrl":"https://doi.org/10.1109/SECPRI.1999.766913","url":null,"abstract":"Although mandatory access control in database systems has been extensively studied in recent years, and several models and systems have been proposed, capabilities for enforcement of mandatory constraints remain limited. Lack of support for expressing and combating inference channels that improperly leak protected information remains a major limitation in today's multilevel systems. Moreover the working assumption that data are classified at insertion time makes previous approaches inapplicable to the classification of existing, possibly historical, data repositories that need to be classified for release. Such a capability would be of great benefit to, and appears to be in demand by, governmental, public and private institutions. We address the problem of classifying existing data repositories by taking into consideration explicit data classification as well as association and inference constraints. Constraints are expressed in a unified, DBMS- and model-independent framework, making the approach largely applicable. We introduce the concept of minimal classification as a labeling of data elements that while satisfying the constraints, ensures that no data element is classified at a level higher than necessary. We also describe a technique and present an algorithm for generating data classifications that are both minimal and preferred according to certain criteria. Our approach is based on preprocessing, or compiling, constraints to produce a set of simple classification assignments that can then be efficiently applied to classify any database instance.","PeriodicalId":204019,"journal":{"name":"Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1999-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130176744","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1999-05-09DOI: 10.1109/SECPRI.1999.766716
David Evans, Andrew Twyman
The article introduces a new approach to code safety. We present Naccio, a system architecture that allows a large class of safety policies to be expressed in a general and platform-independent way. Policies are defined in terms of abstract resource manipulations. We describe mechanisms that can be used to efficiently and conveniently enforce these safety policies by transforming programs. We are developing implementations of Naccio that enforce policies on JavaVM classes and Win32 executables. We report on results using the JavaVM prototype.
{"title":"Flexible policy-directed code safety","authors":"David Evans, Andrew Twyman","doi":"10.1109/SECPRI.1999.766716","DOIUrl":"https://doi.org/10.1109/SECPRI.1999.766716","url":null,"abstract":"The article introduces a new approach to code safety. We present Naccio, a system architecture that allows a large class of safety policies to be expressed in a general and platform-independent way. Policies are defined in terms of abstract resource manipulations. We describe mechanisms that can be used to efficiently and conveniently enforce these safety policies by transforming programs. We are developing implementations of Naccio that enforce policies on JavaVM classes and Win32 executables. We report on results using the JavaVM prototype.","PeriodicalId":204019,"journal":{"name":"Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344)","volume":"78 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1999-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123902079","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1999-05-09DOI: 10.1109/SECPRI.1999.766713
T. Fraser, L. Badger, M. Feldman
Numerous techniques exist to augment the security functionality of commercial off-the-shelf (COTS) applications and operating systems, making them more suitable for use in mission-critical systems. Although individually useful, as a group these techniques present difficulties to system developers because they are not based on a common framework which might simplify integration and promote portability and reuse. The paper presents techniques for developing Generic Software Wrappers-protected, non-bypassable kernel-resident software extensions for augmenting security without modification of COTS source. We describe the key elements of our work: our high-level Wrapper Definition Language (WDL), and our framework for configuring, activating, and managing wrappers. We also discuss code reuse, automatic management of extensions, a framework for system-building through composition, platform-independence, and our experiences with our Solaris and FreeBSD prototypes.
{"title":"Hardening COTS software with generic software wrappers","authors":"T. Fraser, L. Badger, M. Feldman","doi":"10.1109/SECPRI.1999.766713","DOIUrl":"https://doi.org/10.1109/SECPRI.1999.766713","url":null,"abstract":"Numerous techniques exist to augment the security functionality of commercial off-the-shelf (COTS) applications and operating systems, making them more suitable for use in mission-critical systems. Although individually useful, as a group these techniques present difficulties to system developers because they are not based on a common framework which might simplify integration and promote portability and reuse. The paper presents techniques for developing Generic Software Wrappers-protected, non-bypassable kernel-resident software extensions for augmenting security without modification of COTS source. We describe the key elements of our work: our high-level Wrapper Definition Language (WDL), and our framework for configuring, activating, and managing wrappers. We also discuss code reuse, automatic management of extensions, a framework for system-building through composition, platform-independence, and our experiences with our Solaris and FreeBSD prototypes.","PeriodicalId":204019,"journal":{"name":"Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344)","volume":"81 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1999-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115835325","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1999-05-09DOI: 10.1109/SECPRI.1999.766916
C. Meadows
We show how the NRL Protocol Analyzer, a special-purpose formal methods tool designed for the verification of cryptographic protocols, was used in the analysis of the Internet Key Exchange (IKE) protocol. We describe some of the challenges we faced in analyzing IKE, which specifies a set of closely related subprotocols, and we show how this led to a number of improvements to the Analyzer. We also describe the results of our analysis, which uncovered several ambiguities and omissions in the specification which would have made possible attacks on some implementations that conformed to the letter, if not necessarily the intentions, of the specifications.
{"title":"Analysis of the Internet Key Exchange protocol using the NRL Protocol Analyzer","authors":"C. Meadows","doi":"10.1109/SECPRI.1999.766916","DOIUrl":"https://doi.org/10.1109/SECPRI.1999.766916","url":null,"abstract":"We show how the NRL Protocol Analyzer, a special-purpose formal methods tool designed for the verification of cryptographic protocols, was used in the analysis of the Internet Key Exchange (IKE) protocol. We describe some of the challenges we faced in analyzing IKE, which specifies a set of closely related subprotocols, and we show how this led to a number of improvements to the Analyzer. We also describe the results of our analysis, which uncovered several ambiguities and omissions in the specification which would have made possible attacks on some implementations that conformed to the letter, if not necessarily the intentions, of the specifications.","PeriodicalId":204019,"journal":{"name":"Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344)","volume":"79 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1999-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122160185","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1999-05-09DOI: 10.1109/SECPRI.1999.766904
V. Gligor
The author presents some highlights of two areas of operating systems security that figured prominently in some of the best research in the areas of security and privacy over the past twenty years (1980-99). He examines the following: reference monitors and trusted computing bases, and intrusion detection.
{"title":"20 years of operating systems security","authors":"V. Gligor","doi":"10.1109/SECPRI.1999.766904","DOIUrl":"https://doi.org/10.1109/SECPRI.1999.766904","url":null,"abstract":"The author presents some highlights of two areas of operating systems security that figured prominently in some of the best research in the areas of security and privacy over the past twenty years (1980-99). He examines the following: reference monitors and trusted computing bases, and intrusion detection.","PeriodicalId":204019,"journal":{"name":"Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1999-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114970675","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1999-05-09DOI: 10.1109/SECPRI.1999.766914
D. Rosenthal, Francis Fung
Two security domains that want to exchange information securely may need to agree on translations of mandatory access control (MAC) labels of their information, if their MAC labels have a different syntax or semantics. It is desirable that these translations do not introduce any confidentiality violations. We present a property, the security level translation property (SLTP), which must hold if the security level translation functions satisfy MAC confidentiality. This property is in some sense the best possible non-disclosure test of the level translations in the absence of a "common domain" that gives the real relationships among the levels of the two domains.
{"title":"A test for non-disclosure in security level translations","authors":"D. Rosenthal, Francis Fung","doi":"10.1109/SECPRI.1999.766914","DOIUrl":"https://doi.org/10.1109/SECPRI.1999.766914","url":null,"abstract":"Two security domains that want to exchange information securely may need to agree on translations of mandatory access control (MAC) labels of their information, if their MAC labels have a different syntax or semantics. It is desirable that these translations do not introduce any confidentiality violations. We present a property, the security level translation property (SLTP), which must hold if the security level translation functions satisfy MAC confidentiality. This property is in some sense the best possible non-disclosure test of the level translations in the absence of a \"common domain\" that gives the real relationships among the levels of the two domains.","PeriodicalId":204019,"journal":{"name":"Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344)","volume":"102 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1999-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133409550","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: