Pub Date : 1997-02-10DOI: 10.1109/NDSS.1997.579214
N. Ogurtsov, H. Orman, R. Schroeppel, S. O'Malley, O. Spatscheck
With the increasing growth of electronic communications, it is becoming important to provide a mechanism for enforcing various security policies on network communications. This paper discusses our implementation of several previously proposed protocols that enforce the Bell-LaPadula (1973) security model. We also introduce a new protocol called "Quantized Pump" that offers several advantages, and present experimental results to support our claims.
{"title":"Experimental results of covert channel limitation in one-way communication systems","authors":"N. Ogurtsov, H. Orman, R. Schroeppel, S. O'Malley, O. Spatscheck","doi":"10.1109/NDSS.1997.579214","DOIUrl":"https://doi.org/10.1109/NDSS.1997.579214","url":null,"abstract":"With the increasing growth of electronic communications, it is becoming important to provide a mechanism for enforcing various security policies on network communications. This paper discusses our implementation of several previously proposed protocols that enforce the Bell-LaPadula (1973) security model. We also introduce a new protocol called \"Quantized Pump\" that offers several advantages, and present experimental results to support our claims.","PeriodicalId":224439,"journal":{"name":"Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-02-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114671886","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1997-02-10DOI: 10.1109/NDSS.1997.579231
M. Sirbu, J. Chuang
The authors describe a method for fully distributed authentication using public key cryptography within the Kerberos ticket framework. By distributing most of the authentication workload away from the trusted intermediary and to the communicating parties, significant enhancements to security and scalability can be achieved as compared to Kerberos V5. Privacy of Kerberos clients is also enhanced. A working implementation of this extended protocol has been developed, and a migration plan is proposed for a transition from traditional to public key based Kerberos.
{"title":"Distributed authentication in Kerberos using public key cryptography","authors":"M. Sirbu, J. Chuang","doi":"10.1109/NDSS.1997.579231","DOIUrl":"https://doi.org/10.1109/NDSS.1997.579231","url":null,"abstract":"The authors describe a method for fully distributed authentication using public key cryptography within the Kerberos ticket framework. By distributing most of the authentication workload away from the trusted intermediary and to the communicating parties, significant enhancements to security and scalability can be achieved as compared to Kerberos V5. Privacy of Kerberos clients is also enhanced. A working implementation of this extended protocol has been developed, and a migration plan is proposed for a transition from traditional to public key based Kerberos.","PeriodicalId":224439,"journal":{"name":"Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-02-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114949258","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1997-02-10DOI: 10.1109/NDSS.1997.579227
B. Schimpf
Internet tools, especially Web browsers and servers, are being widely used for information access. However, these tools have some limitations in terms of the security available for those information accesses and of the robustness and availability of the infrastructure used to provide that security. This paper describes work done to utilize the security services and infrastructure of the Open Software Foundation (OSF) Distributed Computing Environment (DCE) to secure Web accesses. This work was done as part of an Advanced Technology Offering (ATO) by the OSF Research Institute jointly with Gradient Technologies Inc. and other ATO sponsors. A practical implementation has been completed. These combined technologies allow users to securely access both Web documents and application servers from a variety of desktop systems using standard, off-the-shelf Web browsers.
{"title":"Securing Web access with DCE","authors":"B. Schimpf","doi":"10.1109/NDSS.1997.579227","DOIUrl":"https://doi.org/10.1109/NDSS.1997.579227","url":null,"abstract":"Internet tools, especially Web browsers and servers, are being widely used for information access. However, these tools have some limitations in terms of the security available for those information accesses and of the robustness and availability of the infrastructure used to provide that security. This paper describes work done to utilize the security services and infrastructure of the Open Software Foundation (OSF) Distributed Computing Environment (DCE) to secure Web accesses. This work was done as part of an Advanced Technology Offering (ATO) by the OSF Research Institute jointly with Gradient Technologies Inc. and other ATO sponsors. A practical implementation has been completed. These combined technologies allow users to securely access both Web documents and application servers from a variety of desktop systems using standard, off-the-shelf Web browsers.","PeriodicalId":224439,"journal":{"name":"Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-02-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128802417","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1997-02-10DOI: 10.1109/NDSS.1997.579229
L. Lopez, J. Carracedo
The paper presents a model of hierarchical organization of certification authorities which can be applied to any open system network. In order to study the feasibility of the proposed model, a pilot experiment within a university environment is being carried out. The authors have developed an application which provides the users with security services using X.509 certificates. The authors have also developed a security server to provide RSA keys and management of certificates. The hierarchical infrastructure that is being created needs a multi-level policy which implies the use of various types of documents which are managed by people with different roles. One of the objectives being followed is to formalize the treatment of the information about policy, for which some components of the extensions field of the version 3 certificate have been used and other new ones are proposed.
{"title":"Hierarchical organization of certification authorities for secure environments","authors":"L. Lopez, J. Carracedo","doi":"10.1109/NDSS.1997.579229","DOIUrl":"https://doi.org/10.1109/NDSS.1997.579229","url":null,"abstract":"The paper presents a model of hierarchical organization of certification authorities which can be applied to any open system network. In order to study the feasibility of the proposed model, a pilot experiment within a university environment is being carried out. The authors have developed an application which provides the users with security services using X.509 certificates. The authors have also developed a security server to provide RSA keys and management of certificates. The hierarchical infrastructure that is being created needs a multi-level policy which implies the use of various types of documents which are managed by people with different roles. One of the objectives being followed is to formalize the treatment of the information about policy, for which some components of the extensions field of the version 3 certificate have been used and other new ones are proposed.","PeriodicalId":224439,"journal":{"name":"Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security","volume":"116 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-02-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127683113","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1997-02-10DOI: 10.1109/NDSS.1997.579221
Bryn Dole, S. Lodin, E. Spafford
One of the commonly accepted principles of software design for security is that making the source code openly available leads to better security. The presumption is that the open publication of source code will lead others to review the code for errors, however this openness is no guarantee of correctness. One of the most widely published and used pieces of security software in recent memory is the MIT implementation of the Kerberos authentication protocol. In the design of the protocol, random session keys are the basis for establishing the authenticity of service requests. Because of the way that the Kerberos Version 4 implementation selected its random keys, the secret keys could easily be guessed in a matter of seconds. This paper discusses the difficulty of generating good random numbers, the mistakes that were made in implementing Kerberos Version 4, and the breakdown of software engineering that allowed this flaw to remain unfixed for ten years. We discuss this as a particularly notable example of the need to examine security-critical code carefully, even when it is made publicly available.
一个被普遍接受的软件安全性设计原则是,开放源代码可以带来更好的安全性。假设源代码的公开发布将导致其他人审查代码中的错误,但是这种开放性并不能保证代码的正确性。最近发布和使用最广泛的安全软件之一是Kerberos身份验证协议的MIT实现。在协议设计中,随机会话密钥是建立服务请求真实性的基础。由于Kerberos Version 4实现选择其随机密钥的方式,可以很容易地在几秒钟内猜出秘密密钥。本文讨论了生成好的随机数的困难,在实现Kerberos Version 4时所犯的错误,以及软件工程的崩溃导致这个缺陷十年都没有得到修复。我们将此作为需要仔细检查安全关键代码的一个特别值得注意的示例来讨论,即使它是公开可用的。
{"title":"Misplaced trust: Kerberos 4 session keys","authors":"Bryn Dole, S. Lodin, E. Spafford","doi":"10.1109/NDSS.1997.579221","DOIUrl":"https://doi.org/10.1109/NDSS.1997.579221","url":null,"abstract":"One of the commonly accepted principles of software design for security is that making the source code openly available leads to better security. The presumption is that the open publication of source code will lead others to review the code for errors, however this openness is no guarantee of correctness. One of the most widely published and used pieces of security software in recent memory is the MIT implementation of the Kerberos authentication protocol. In the design of the protocol, random session keys are the basis for establishing the authenticity of service requests. Because of the way that the Kerberos Version 4 implementation selected its random keys, the secret keys could easily be guessed in a matter of seconds. This paper discusses the difficulty of generating good random numbers, the mistakes that were made in implementing Kerberos Version 4, and the breakdown of software engineering that allowed this flaw to remain unfixed for ten years. We discuss this as a particularly notable example of the need to examine security-critical code carefully, even when it is made publicly available.","PeriodicalId":224439,"journal":{"name":"Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security","volume":"704 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-02-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132314783","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1997-02-10DOI: 10.1109/NDSS.1997.579223
Karen E. Sirois, S. Kent
This paper describes the work undertaken to secure Nimrod, a complex and sophisticated routing system that unifies interior and exterior routing functions. The focus of this work is countering attacks that would degrade or deny service to network subscribers. The work began with an analysis of security requirements for Nimrod, based on a hybrid approach that refines top-down requirements generation with an understanding of attack scenarios and the capabilities and limitations of countermeasures. The countermeasures selected for use here include several newly developed sequence integrity mechanisms, plus a protocol for shared secret establishment. A novel aspect of this work is the protection of subscriber traffic in support of the overall communication availability security goal.
{"title":"Securing the Nimrod routing architecture","authors":"Karen E. Sirois, S. Kent","doi":"10.1109/NDSS.1997.579223","DOIUrl":"https://doi.org/10.1109/NDSS.1997.579223","url":null,"abstract":"This paper describes the work undertaken to secure Nimrod, a complex and sophisticated routing system that unifies interior and exterior routing functions. The focus of this work is countering attacks that would degrade or deny service to network subscribers. The work began with an analysis of security requirements for Nimrod, based on a hybrid approach that refines top-down requirements generation with an understanding of attack scenarios and the capabilities and limitations of countermeasures. The countermeasures selected for use here include several newly developed sequence integrity mechanisms, plus a protocol for shared secret establishment. A novel aspect of this work is the protection of subscriber traffic in support of the overall communication availability security goal.","PeriodicalId":224439,"journal":{"name":"Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security","volume":"91 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-02-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124065355","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1997-02-10DOI: 10.1109/NDSS.1997.579219
S. Brackin
This paper describes a simple interface specification language (ISL) for cryptographic protocols and their desired properties, and an automatic authentication protocol analyzer (AAPA) that automatically either proves-using an extension of the Gong, Needham, Yahalom (1990) belief logic-that specified protocols have their desired properties, or identifies precisely where these proof attempts fail. The ISL and the AAPA make it easy for protocol designers to incorporate formal analysis into the protocol design process, where they clarify designs and reveals a large class of common errors. The ISL and the AAPA have already shown potential deficiencies in published protocols and been useful in designing new protocols.
{"title":"An interface specification language for automatically analyzing cryptographic protocols","authors":"S. Brackin","doi":"10.1109/NDSS.1997.579219","DOIUrl":"https://doi.org/10.1109/NDSS.1997.579219","url":null,"abstract":"This paper describes a simple interface specification language (ISL) for cryptographic protocols and their desired properties, and an automatic authentication protocol analyzer (AAPA) that automatically either proves-using an extension of the Gong, Needham, Yahalom (1990) belief logic-that specified protocols have their desired properties, or identifies precisely where these proof attempts fail. The ISL and the AAPA make it easy for protocol designers to incorporate formal analysis into the protocol design process, where they clarify designs and reveals a large class of common errors. The ISL and the AAPA have already shown potential deficiencies in published protocols and been useful in designing new protocols.","PeriodicalId":224439,"journal":{"name":"Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-02-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131962658","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1997-02-10DOI: 10.1109/NDSS.1997.579226
R. Hauser, T. Przygienda, G. Tsudik
Security in link-state routing protocols is a feature that is both desirable and costly. This paper examines the cost of security and presents two techniques for efficient and secure processing of link state updates. The first technique is geared towards a relatively stable internetwork environment while the second is designed with a more volatile environment in mind.
{"title":"Reducing the cost of security in link-state routing","authors":"R. Hauser, T. Przygienda, G. Tsudik","doi":"10.1109/NDSS.1997.579226","DOIUrl":"https://doi.org/10.1109/NDSS.1997.579226","url":null,"abstract":"Security in link-state routing protocols is a feature that is both desirable and costly. This paper examines the cost of security and presents two techniques for efficient and secure processing of link state updates. The first technique is geared towards a relatively stable internetwork environment while the second is designed with a more volatile environment in mind.","PeriodicalId":224439,"journal":{"name":"Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-02-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114166151","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1997-02-10DOI: 10.1109/NDSS.1997.579216
Abdelaziz Mounji, B. L. Charlier
Computer security is a topic of growing concern because, on the one hand, the power of computers continues to increase at exponential speed and all computers are virtually connected to each other and because, on the other hand, the lack of reliability of software systems may cause dramatic and unrecoverable damage to computer systems and hence to the newly emerging computerized society. Among the possible approaches to improve the current situation, expert systems have been advocated to be an important one. Typical tasks that such expert systems attempt to achieve include finding system vulnerabilities and detecting malicious behaviour of users. We extend our intrusion detection system ASAX with a deductive subsystem that allows us to assess the security level of a software configuration on a real time basis. By coupling the two subsystems-intrusion detection and configuration analysis-we moreover achieve a better tuning of the intrusion detection since the system has only to enable intrusion detection rules that are specifically required by the current state of the configuration. We also report some preliminary performance measurements, which suggest that our approach can be practical in real life contexts.
{"title":"Continuous assessment of a Unix configuration: integrating intrusion detection and configuration analysis","authors":"Abdelaziz Mounji, B. L. Charlier","doi":"10.1109/NDSS.1997.579216","DOIUrl":"https://doi.org/10.1109/NDSS.1997.579216","url":null,"abstract":"Computer security is a topic of growing concern because, on the one hand, the power of computers continues to increase at exponential speed and all computers are virtually connected to each other and because, on the other hand, the lack of reliability of software systems may cause dramatic and unrecoverable damage to computer systems and hence to the newly emerging computerized society. Among the possible approaches to improve the current situation, expert systems have been advocated to be an important one. Typical tasks that such expert systems attempt to achieve include finding system vulnerabilities and detecting malicious behaviour of users. We extend our intrusion detection system ASAX with a deductive subsystem that allows us to assess the security level of a software configuration on a real time basis. By coupling the two subsystems-intrusion detection and configuration analysis-we moreover achieve a better tuning of the intrusion detection since the system has only to enable intrusion detection rules that are specifically required by the current state of the configuration. We also report some preliminary performance measurements, which suggest that our approach can be practical in real life contexts.","PeriodicalId":224439,"journal":{"name":"Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-02-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127709052","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1997-02-10DOI: 10.1109/NDSS.1997.579215
David M. Martin, S. Rajagopalan, A. Rubin
This paper explores the problem of protecting a site on the Internet against hostile external Java applets while allowing trusted internal applets to run. With careful implementation, a site can be made resistant to current Java security weaknesses as well as those yet to be discovered. In addition, we describe a new attack on certain sophisticated firewalls that is most effectively realized as a Java applet.
{"title":"Blocking Java applets at the firewall","authors":"David M. Martin, S. Rajagopalan, A. Rubin","doi":"10.1109/NDSS.1997.579215","DOIUrl":"https://doi.org/10.1109/NDSS.1997.579215","url":null,"abstract":"This paper explores the problem of protecting a site on the Internet against hostile external Java applets while allowing trusted internal applets to run. With careful implementation, a site can be made resistant to current Java security weaknesses as well as those yet to be discovered. In addition, we describe a new attack on certain sophisticated firewalls that is most effectively realized as a Java applet.","PeriodicalId":224439,"journal":{"name":"Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security","volume":"89 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-02-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133624817","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: