Pub Date : 1992-06-16DOI: 10.1109/CSFW.1992.236792
I. S. Moskowitz, O. Costich
Using classical automata theory the authors show how noninterference can be viewed as a relatively simple phenomenon. They also give direction for future work concerning probabilistic security problems using classical automata theory.<>
{"title":"A classical automata approach to noninterference type problems","authors":"I. S. Moskowitz, O. Costich","doi":"10.1109/CSFW.1992.236792","DOIUrl":"https://doi.org/10.1109/CSFW.1992.236792","url":null,"abstract":"Using classical automata theory the authors show how noninterference can be viewed as a relatively simple phenomenon. They also give direction for future work concerning probabilistic security problems using classical automata theory.<<ETX>>","PeriodicalId":350578,"journal":{"name":"[1992] Proceedings The Computer Security Foundations Workshop V","volume":"61 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1992-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127226971","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1992-06-16DOI: 10.1109/CSFW.1992.236789
Sylvan Pinsky
This paper introduces necessary and sufficient conditions for solving the Haigh-Young view-identical problem. A decision procedure, based on properties of the state transition matrix and the function relating states to outputs, is used to establish the equivalence between non-interference and the existence of Haigh-Young view-identical relations on the set of states.<>
{"title":"An algebraic approach to non-interference (computer security)","authors":"Sylvan Pinsky","doi":"10.1109/CSFW.1992.236789","DOIUrl":"https://doi.org/10.1109/CSFW.1992.236789","url":null,"abstract":"This paper introduces necessary and sufficient conditions for solving the Haigh-Young view-identical problem. A decision procedure, based on properties of the state transition matrix and the function relating states to outputs, is used to establish the equivalence between non-interference and the existence of Haigh-Young view-identical relations on the set of states.<<ETX>>","PeriodicalId":350578,"journal":{"name":"[1992] Proceedings The Computer Security Foundations Workshop V","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1992-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115114311","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1992-06-16DOI: 10.1109/CSFW.1992.236784
Claudio Calvelli, V. Varadharajan
This papers gives a precise analysis of some of the delegation protocols described by V. Varadharajan et. al. (1991). They analysed the problem of delegation in distributed systems and proposed three delegation protocols-chained, nested and linked-based on different inter-object trust assumptions in the system. They also considered some delegation protocols for the Kerberos authentication system. The authors give an analysis of the chained, nested, and linked delegation protocols using the calculus for access control by M. Abadi et. al. (1991), and analyse the delegation protocols for Kerberos using the belief logic of R. Kaislar and V.D. Gligor (1991).<>
{"title":"An analysis of some delegation protocols for distributed systems","authors":"Claudio Calvelli, V. Varadharajan","doi":"10.1109/CSFW.1992.236784","DOIUrl":"https://doi.org/10.1109/CSFW.1992.236784","url":null,"abstract":"This papers gives a precise analysis of some of the delegation protocols described by V. Varadharajan et. al. (1991). They analysed the problem of delegation in distributed systems and proposed three delegation protocols-chained, nested and linked-based on different inter-object trust assumptions in the system. They also considered some delegation protocols for the Kerberos authentication system. The authors give an analysis of the chained, nested, and linked delegation protocols using the calculus for access control by M. Abadi et. al. (1991), and analyse the delegation protocols for Kerberos using the belief logic of R. Kaislar and V.D. Gligor (1991).<<ETX>>","PeriodicalId":350578,"journal":{"name":"[1992] Proceedings The Computer Security Foundations Workshop V","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1992-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131125511","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1992-06-16DOI: 10.1109/CSFW.1992.236785
E. Campbell, R. Safavi-Naini, P. Pleasants
The authors propose an extension of the BAN logic to reason about a secure protocol in a hostile and/or unknown environment. Probabilities, attached to the sentences and rules of the logic, allow them to quantify the beliefs of principals and represent the insecurities and uncertainties of a real life situation. They develop a probabilistic logic and obtain tight lower bounds on the probability of the conclusion which correspond to the minimum trust that can be put on the goal of the protocol. This gives them a powerful tool to model and study the performance of secure protocols. They discuss a probabilistic semantic for BAN logic and apply the results to the Needham-Schroeder protocol. The paper concludes by discussing the merits of these results and mentioning some open problems.<>
{"title":"Partial belief and probabilistic reasoning in the analysis of secure protocols","authors":"E. Campbell, R. Safavi-Naini, P. Pleasants","doi":"10.1109/CSFW.1992.236785","DOIUrl":"https://doi.org/10.1109/CSFW.1992.236785","url":null,"abstract":"The authors propose an extension of the BAN logic to reason about a secure protocol in a hostile and/or unknown environment. Probabilities, attached to the sentences and rules of the logic, allow them to quantify the beliefs of principals and represent the insecurities and uncertainties of a real life situation. They develop a probabilistic logic and obtain tight lower bounds on the probability of the conclusion which correspond to the minimum trust that can be put on the goal of the protocol. This gives them a powerful tool to model and study the performance of secure protocols. They discuss a probabilistic semantic for BAN logic and apply the results to the Needham-Schroeder protocol. The paper concludes by discussing the merits of these results and mentioning some open problems.<<ETX>>","PeriodicalId":350578,"journal":{"name":"[1992] Proceedings The Computer Security Foundations Workshop V","volume":"03 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1992-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127193044","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1992-06-16DOI: 10.1109/CSFW.1992.236778
J. Verschuren, R. Govaerts, J. Vandewalle
This article discusses a distributed implementation of the Bell-LaPadula security policy model. Implementation of a confidentiality service in the OSIRM is not sufficient for enforcing the Bell-LaPadula model. Also integrity services are necessary. In this article both public key systems (PKSs) as well as symmetric cryptographic systems are considered for the realisation of these security services. By concentrating on the key distribution, no cryptographic algorithms or protocols are excluded on beforehand. It is investigated how key-distributions can be found resulting in a minimum number of keys. Application of PKSs results in a key distribution which requires less keys than key-distributions going with the use of a symmetric system. Moreover, practical or viable key-distributions going with symmetric algorithms turn out to be more sensitive to the disclosure of a secret key than key-distributions going with PKSs. A combination of a PKS and a symmetric system is indicated which does not suffer from the disadvantages going with the use of symmetric systems alone.<>
{"title":"Realisation of the Bell-LaPadula security policy in an OSI-distributed system using asymmetric and symmetric cryptographic algorithms","authors":"J. Verschuren, R. Govaerts, J. Vandewalle","doi":"10.1109/CSFW.1992.236778","DOIUrl":"https://doi.org/10.1109/CSFW.1992.236778","url":null,"abstract":"This article discusses a distributed implementation of the Bell-LaPadula security policy model. Implementation of a confidentiality service in the OSIRM is not sufficient for enforcing the Bell-LaPadula model. Also integrity services are necessary. In this article both public key systems (PKSs) as well as symmetric cryptographic systems are considered for the realisation of these security services. By concentrating on the key distribution, no cryptographic algorithms or protocols are excluded on beforehand. It is investigated how key-distributions can be found resulting in a minimum number of keys. Application of PKSs results in a key distribution which requires less keys than key-distributions going with the use of a symmetric system. Moreover, practical or viable key-distributions going with symmetric algorithms turn out to be more sensitive to the disclosure of a secret key than key-distributions going with PKSs. A combination of a PKS and a symmetric system is indicated which does not suffer from the disadvantages going with the use of symmetric systems alone.<<ETX>>","PeriodicalId":350578,"journal":{"name":"[1992] Proceedings The Computer Security Foundations Workshop V","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1992-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127421446","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1992-06-16DOI: 10.1109/CSFW.1992.236780
P. Ammann, R. Lipton, R. Sandhu
Formal demonstration of equivalence or nonequivalence of different security models helps identify the fundamental constructs and principles in such models. The authors demonstrate the nonequivalence of two monotonic access control models that differ only in the creation operation for new subjects and/or objects; in particular, they show that single-parent creation is less expressive than multi-parent creation in monotonic models. The paper also demonstrates that in nonmonotonic models, multi-parent creation can be reduced to single-parent creation, thereby neutralizing the difference in expressive power. The nonequivalence proof is carried out on an abstract access control model, following which the results are interpreted in standard formulations. In particular, they apply the results to demonstrate nonequivalence of the schematic protection model (SPM) and the extended schematic protection model (ESPM). They also show how the results apply to the typed access matrix model (TAM).<>
{"title":"The expressive power of multi-parent creation in monotonic access control models","authors":"P. Ammann, R. Lipton, R. Sandhu","doi":"10.1109/CSFW.1992.236780","DOIUrl":"https://doi.org/10.1109/CSFW.1992.236780","url":null,"abstract":"Formal demonstration of equivalence or nonequivalence of different security models helps identify the fundamental constructs and principles in such models. The authors demonstrate the nonequivalence of two monotonic access control models that differ only in the creation operation for new subjects and/or objects; in particular, they show that single-parent creation is less expressive than multi-parent creation in monotonic models. The paper also demonstrates that in nonmonotonic models, multi-parent creation can be reduced to single-parent creation, thereby neutralizing the difference in expressive power. The nonequivalence proof is carried out on an abstract access control model, following which the results are interpreted in standard formulations. In particular, they apply the results to demonstrate nonequivalence of the schematic protection model (SPM) and the extended schematic protection model (ESPM). They also show how the results apply to the typed access matrix model (TAM).<<ETX>>","PeriodicalId":350578,"journal":{"name":"[1992] Proceedings The Computer Security Foundations Workshop V","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1992-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132944190","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1992-06-16DOI: 10.1109/CSFW.1992.236777
M. Zurko
This paper describes the user attribute service (UAS), a tool providing the storage and management of application-specific per-user security attributes for applications running in a distributed environment. The UAS provides for the security and integrity of attribute-to-user bindings, as well as the secrecy of those bindings, if the application or user requests it. Four goals of the UAS are support of least privilege, local control and autonomy, instantiation of trust relationships, and psychological acceptability. Mechanisms to group and enable privilege attributes support the least privilege principal at the user request level. Functions are designed to enhance the usability of the UAS within and across domains by attribute holders and security managers.<>
{"title":"Attribute support for inter-domain use","authors":"M. Zurko","doi":"10.1109/CSFW.1992.236777","DOIUrl":"https://doi.org/10.1109/CSFW.1992.236777","url":null,"abstract":"This paper describes the user attribute service (UAS), a tool providing the storage and management of application-specific per-user security attributes for applications running in a distributed environment. The UAS provides for the security and integrity of attribute-to-user bindings, as well as the secrecy of those bindings, if the application or user requests it. Four goals of the UAS are support of least privilege, local control and autonomy, instantiation of trust relationships, and psychological acceptability. Mechanisms to group and enable privilege attributes support the least privilege principal at the user request level. Functions are designed to enhance the usability of the UAS within and across domains by attribute holders and security managers.<<ETX>>","PeriodicalId":350578,"journal":{"name":"[1992] Proceedings The Computer Security Foundations Workshop V","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1992-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132213991","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1992-06-16DOI: 10.1109/CSFW.1992.236783
P. Helman, G. Liepins, Wynette Richards
Computer use is modeled as a mixture of two stochastic processes, normal and misuse. Intrusion detection is formally defined as identifying those transactions generated by the misuse process. Bounds for detection performance are derived in terms of the ratios of the densities of the processes at the individual transactions. It is shown that any optimal intrusion detection system must rank transaction suspicion consistently with these ratios. Sparsity of data requires that transactions be grouped into equivalence classes that preserve the order of the true ratio ranking and reduce the number of singleton and unobserved transactions. Results are described that demonstrate that in general this 'singleton reduction' problem is NP-hard.<>
{"title":"Foundations of intrusion detection (computer security)","authors":"P. Helman, G. Liepins, Wynette Richards","doi":"10.1109/CSFW.1992.236783","DOIUrl":"https://doi.org/10.1109/CSFW.1992.236783","url":null,"abstract":"Computer use is modeled as a mixture of two stochastic processes, normal and misuse. Intrusion detection is formally defined as identifying those transactions generated by the misuse process. Bounds for detection performance are derived in terms of the ratios of the densities of the processes at the individual transactions. It is shown that any optimal intrusion detection system must rank transaction suspicion consistently with these ratios. Sparsity of data requires that transactions be grouped into equivalence classes that preserve the order of the true ratio ranking and reduce the number of singleton and unobserved transactions. Results are described that demonstrate that in general this 'singleton reduction' problem is NP-hard.<<ETX>>","PeriodicalId":350578,"journal":{"name":"[1992] Proceedings The Computer Security Foundations Workshop V","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1992-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125176475","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1992-06-16DOI: 10.1109/CSFW.1992.236788
M. Mowbray
This paper gives a new definition of security, which takes causal information into account. The new definition can be used to determine the security of nondeterministic concurrent systems for which high-level information may be either input into the system during its operation, or inherent in the original state of the system. It is possible to have systems which are secure under this definition which write to audit before performing each transition. The definition satisfies several useful composition properties, including one which gives it some protection from Trojan horse attacks.<>
{"title":"Causal security (computer systems)","authors":"M. Mowbray","doi":"10.1109/CSFW.1992.236788","DOIUrl":"https://doi.org/10.1109/CSFW.1992.236788","url":null,"abstract":"This paper gives a new definition of security, which takes causal information into account. The new definition can be used to determine the security of nondeterministic concurrent systems for which high-level information may be either input into the system during its operation, or inherent in the original state of the system. It is possible to have systems which are secure under this definition which write to audit before performing each transition. The definition satisfies several useful composition properties, including one which gives it some protection from Trojan horse attacks.<<ETX>>","PeriodicalId":350578,"journal":{"name":"[1992] Proceedings The Computer Security Foundations Workshop V","volume":"89 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1992-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114601978","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1992-06-16DOI: 10.1109/CSFW.1992.236779
J. Landauer, T. Redmond
The authors present an abstract framework for composing models of system components. The abstract presentation is designed to be applicable to a very wide range of models of computation. They introduce a restricted model of computation and develop techniques that are useful for composing security models for modular systems. They include a small example of a composed security model.<>
{"title":"A framework for composition of security models","authors":"J. Landauer, T. Redmond","doi":"10.1109/CSFW.1992.236779","DOIUrl":"https://doi.org/10.1109/CSFW.1992.236779","url":null,"abstract":"The authors present an abstract framework for composing models of system components. The abstract presentation is designed to be applicable to a very wide range of models of computation. They introduce a restricted model of computation and develop techniques that are useful for composing security models for modular systems. They include a small example of a composed security model.<<ETX>>","PeriodicalId":350578,"journal":{"name":"[1992] Proceedings The Computer Security Foundations Workshop V","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1992-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126982274","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: