- Full text PDF available (74)
- This year (1)
- Last 5 years (20)
- Last 10 years (43)
Journals and Conferences
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage. The model includes profiles for representing the… (More)
This paper investigates mechanisms that guarantee secure information flow in a computer system. These mechanisms are examined within a mathematical framework suitable for formulating the requirements of secure information flow among security classes. The central component of the model is a lattice structure derived from the security classes and justified by… (More)
ertification mechanism for verifying the secure flow of information through a program. Because it exploits the properties of a lattice structure among security classes, the procedure is sufficiently simple that it can easily be included in the analysis phase of most existing compilers. Appropriate semantics are presented and proved correct. An important… (More)
The distribution of keys in a computer network using single key or public key encryption is discussed. We consider the possibility that communication keys may be compromised, and show that key distribution protocols with timestamps prevent replays of compromised keys. The timestamps have the additional benefit of replacing a two-step handshake.
The query programs of certain databases report raw statistics for query sets, which are groups of records specified implicitly by a characteristic formula. The raw statistics include query set size and sums of powers of values in the query set. Many users and designers believe that the individual records will remain confidential as long as query programs… (More)
Public-key signature systems can be vulnerable to attack if the protocols for signing messages allow a cryptanalyst to obtain signatures on arbitrary messages of the cryptanalyst's choice. This vulnerability is shown to arise from the homomorphic structure of publickey systems. A method of foiling the attack is described.
The 1982 ilr Force Summer Study on Multilevel Data Management Security recommended several approaches to designing a multilevel secure database system. One of the approaches uses an untrusted database system to manage the data, and an isolated trusted filter to enforce security.The filter attaches a security classification label to each data record,… (More)
A multilevel relational data model that meets the basic operational requirements for a multilevel database system is described. The model is an extension of the standard relational model, and consists of multilevel relations, which contain classification attributes as well as data attributes; multilevel relational integrity rules, which extend the integrity… (More)