None of the classical access control models such as DAC, MAC, RBAC, TBAC or TMAC is fully satisfactory to model security policies that are not restricted to static permissions but also include contextual rules related to permissions, prohibitions, obligations and recommendations. This is typically the case of security policies that apply to the health care… (More)
—This paper presents the results of an experiment in security evaluation. The system is modeled as a privilege graph that exhibits its security vuinerabilities. Quantitative measures that estimate the effort an attacker might expend to exploit these vulnerabilities to defeat the system security objectives are proposed. A set of tools has been developed to… (More)
—Checking data possession in networked information systems such as those related to critical infrastructures (power facilities, airports, data vaults, defense systems, and so forth) is a matter of crucial importance. Remote data possession checking protocols permit checking that a remote server can access an uncorrupted file in such a way that the verifier… (More)
This paper analyzes the problem of checking the integrity of files stored on remote servers. Since servers are prone to successful attacks by malicious hackers, the result of simple integrity checks run on the servers cannot be trusted. Conversely, downloading the files from the server to the verifying host is impractical. Two solutions are proposed, based… (More)
An intrusion-tolerant distributed system is a system which is designed so that any intrusion into a part of the system will not endanger confidentiality, integrity and availability. This approach is suitable for distributed systems, because distribution enables isolation of elements so that an intrusion gives physical access to only a part of the system. By… (More)
12.1 INTRODUCTION Because of its origins in the analytic study of law and ethics, it is natural to expect that the earliest and most obvious applications of deontic logic in computer science should appear in the construction of what are sometimes calledìegal expert systems' |systems intended to support in the analysis of legal texts, in drawing consequences… (More)
The files are stored in PDF, with the report number as filename. Alternatively, reports are available by post from the above address.
This paper describes a generic architecture for intrusion tolerant Internet servers. It aims to build systems that are able to survive attacks in the context of an open network such as the Internet. To do so, the design is based on fault tolerance techniques, in particular redundancy and diversification. These techniques give a system the additional… (More)