{"title":"客座编辑前言","authors":"T. Insoll","doi":"10.1558/jia.25863","DOIUrl":null,"url":null,"abstract":"This issue of theJournal of Computer Security is drawn from papers presented at the 2000 European Symposium on Research in Computer Security (ESORICS 2000), held in Toulouse, France, 4–6 October 2000. The ESORICS symposia have been held every two years since 1990 and represent the main European forum for security research. Several papers presented at the ESORICS 2000 Symposium were invited for submission to the Journal. Submitted papers were revised for journal publication and subjected to the normal rigorous review process of the Journal. This issue contains four papers selected for publication through this process. “Manageable access control for CORBA”, by Gerald Brose presents a language and its support for specifying and managing access control policies. This language provides a formal notation that allows the security administrators to express a wide range of practical security policies. This language called VPL for View Policy Language is based on the concept of role already widely used in the RBAC model. In this paper, roles have a strictly functional interpretation and groups are used to model organizational structure. VPL also uses the concept of view that is introduced as a grouping concept for providing a more comprehensive specification of access control policies. This paper then shows how to combine these concepts in the context of CORBA. Gerhard Schellhorn and colleagues, in “Verified formal security models for multiapplicative smart cards”, present two security models that are extensions of the classical Bell/LaPadula and Biba models. The first model is designed at a very abstract level and the second refines the first by inserting more practical issues that are useful for multiapplicative smart cards. These models include requirements for authentication and intransitive noninterference, and avoid the need for trusted processes that is generally viewed as a drawback of the Bell/LaPadula model. An interesting and useful contribution is that, unlike several theoretical papers on noninterference previously published, this paper describes how to use such a model in developing a practical system. “Checking secure interactions of smart card applets: extended version”, by Pierre Bieber and colleagues is a paper on a similar topic. In the context of a multiapplicative smart card, this paper shows how to verify that applets interact in a secure way. The suggested security policy is a MAC policy that associates labels to applet attributes and methods. The main contribution is then to define a technique based on model checking to verify that actual information flows between applets are authorized. This approach is illustrated in the context of an electronic purse running on Java Card.","PeriodicalId":41225,"journal":{"name":"Journal of Islamic Archaeology","volume":null,"pages":null},"PeriodicalIF":0.7000,"publicationDate":"2023-03-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Guest Editor’s Preface\",\"authors\":\"T. Insoll\",\"doi\":\"10.1558/jia.25863\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This issue of theJournal of Computer Security is drawn from papers presented at the 2000 European Symposium on Research in Computer Security (ESORICS 2000), held in Toulouse, France, 4–6 October 2000. The ESORICS symposia have been held every two years since 1990 and represent the main European forum for security research. Several papers presented at the ESORICS 2000 Symposium were invited for submission to the Journal. Submitted papers were revised for journal publication and subjected to the normal rigorous review process of the Journal. This issue contains four papers selected for publication through this process. “Manageable access control for CORBA”, by Gerald Brose presents a language and its support for specifying and managing access control policies. This language provides a formal notation that allows the security administrators to express a wide range of practical security policies. This language called VPL for View Policy Language is based on the concept of role already widely used in the RBAC model. In this paper, roles have a strictly functional interpretation and groups are used to model organizational structure. VPL also uses the concept of view that is introduced as a grouping concept for providing a more comprehensive specification of access control policies. This paper then shows how to combine these concepts in the context of CORBA. Gerhard Schellhorn and colleagues, in “Verified formal security models for multiapplicative smart cards”, present two security models that are extensions of the classical Bell/LaPadula and Biba models. The first model is designed at a very abstract level and the second refines the first by inserting more practical issues that are useful for multiapplicative smart cards. These models include requirements for authentication and intransitive noninterference, and avoid the need for trusted processes that is generally viewed as a drawback of the Bell/LaPadula model. An interesting and useful contribution is that, unlike several theoretical papers on noninterference previously published, this paper describes how to use such a model in developing a practical system. “Checking secure interactions of smart card applets: extended version”, by Pierre Bieber and colleagues is a paper on a similar topic. In the context of a multiapplicative smart card, this paper shows how to verify that applets interact in a secure way. The suggested security policy is a MAC policy that associates labels to applet attributes and methods. The main contribution is then to define a technique based on model checking to verify that actual information flows between applets are authorized. This approach is illustrated in the context of an electronic purse running on Java Card.\",\"PeriodicalId\":41225,\"journal\":{\"name\":\"Journal of Islamic Archaeology\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.7000,\"publicationDate\":\"2023-03-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Islamic Archaeology\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1558/jia.25863\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"0\",\"JCRName\":\"ARCHAEOLOGY\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Islamic Archaeology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1558/jia.25863","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"0","JCRName":"ARCHAEOLOGY","Score":null,"Total":0}
This issue of theJournal of Computer Security is drawn from papers presented at the 2000 European Symposium on Research in Computer Security (ESORICS 2000), held in Toulouse, France, 4–6 October 2000. The ESORICS symposia have been held every two years since 1990 and represent the main European forum for security research. Several papers presented at the ESORICS 2000 Symposium were invited for submission to the Journal. Submitted papers were revised for journal publication and subjected to the normal rigorous review process of the Journal. This issue contains four papers selected for publication through this process. “Manageable access control for CORBA”, by Gerald Brose presents a language and its support for specifying and managing access control policies. This language provides a formal notation that allows the security administrators to express a wide range of practical security policies. This language called VPL for View Policy Language is based on the concept of role already widely used in the RBAC model. In this paper, roles have a strictly functional interpretation and groups are used to model organizational structure. VPL also uses the concept of view that is introduced as a grouping concept for providing a more comprehensive specification of access control policies. This paper then shows how to combine these concepts in the context of CORBA. Gerhard Schellhorn and colleagues, in “Verified formal security models for multiapplicative smart cards”, present two security models that are extensions of the classical Bell/LaPadula and Biba models. The first model is designed at a very abstract level and the second refines the first by inserting more practical issues that are useful for multiapplicative smart cards. These models include requirements for authentication and intransitive noninterference, and avoid the need for trusted processes that is generally viewed as a drawback of the Bell/LaPadula model. An interesting and useful contribution is that, unlike several theoretical papers on noninterference previously published, this paper describes how to use such a model in developing a practical system. “Checking secure interactions of smart card applets: extended version”, by Pierre Bieber and colleagues is a paper on a similar topic. In the context of a multiapplicative smart card, this paper shows how to verify that applets interact in a secure way. The suggested security policy is a MAC policy that associates labels to applet attributes and methods. The main contribution is then to define a technique based on model checking to verify that actual information flows between applets are authorized. This approach is illustrated in the context of an electronic purse running on Java Card.
期刊介绍:
The Journal of Islamic Archaeology is the only journal today devoted to the field of Islamic archaeology on a global scale. In the context of this journal, “Islamic archaeology” refers neither to a specific time period, nor to a particular geographical region, as Islam is global and the center of the “Islamic world” has shifted many times over the centuries. Likewise, it is not defined by a single methodology or theoretical construct (for example; it is not the “Islamic” equivalent of “Biblical archaeology”, with an emphasis on the study of places and peoples mentioned in religious texts). The term refers to the archaeological study of Islamic societies, polities, and communities, wherever they are found. It may be considered a type of “historical” archaeology, in which the study of historically (textually) known societies can be studied through a combination of “texts and tell”.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
