This paper investigates mechanisms that guarantee secure information flow in a computer system. These mechanisms are examined within a mathematical framework suitable for formulating the requirements of secure information flow among security classes. The central component of the model is a lattice structure derived from the security classes and justified by… (More)
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage. The model includes profiles for representing the… (More)
ertification mechanism for verifying the secure flow of information through a program. Because it exploits the properties of a lattice structure among security classes, the procedure is sufficiently simple that it can easily be included in the analysis phase of most existing compilers. Appropriate semantics are presented and proved correct. An important… (More)
The distribution of keys in a computer network using single key or public key encryption is discussed. We consider the possibility that communication keys may be compromised, and show that key distribution protocols with timestamps prevent replays of compromised keys. The timestamps have the additional benefit of replacing a two-step handshake.
I never thought I would find a technical book that makes pleasant bedtime reading-I was wrong. This book is a joy to read, with page after page of "war stories" the author has collected over the years. (It isn't quite a "you cannot put it down page-turner" like a good mystery novel, but that is only because the average story is less than a page long. And… (More)
Editors' abstract. Netwar is not mainly about technology—but good information technology sure makes a difference. In this chapter, Denning (Georgetown University) examines how activists, hacktivists, and cyberterrorists use the Internet, and what influence they have been able to exert on policymakers. Social activists seem the most effective of these netwar… (More)
Public-key signature systems can be vulnerable to attack if the protocols for signing messages allow a cryptanalyst to obtain signatures on arbitrary messages of the cryptanalyst's choice. This vulnerability is shown to arise from the homomorphic structure of public-key systems. A method of foiling the attack is described. 1. INTRODUCTION George Davida … (More)
A new inference control, called random sample queries, is proposed for safeguarding confidential data in on-line statistical databases. The random sample queries control deals directly with the basic principle of compromise by making it impossible for a questioner to control precisely the formation of query sets. Queries for relative frequencies and… (More)