This directory is created automatically and some papers may be mislabeled. Only document within the CiteSeer database are listed. The directory is intended to provide entry points for browsing the database and is not intended to be authoritative. Papers may not appear in all relevant categories. For example, papers in a sub-category may not appear in higher level categories.
163 Authentication in Distributed Systems: Theory and Practice - Lampson, Abadi, Burrows, Wobber (1992)(Correct)
this paper appeared in the Proceedings of the Thirteenth ACM Sympos - ium on Operating Systems Principles. unknown Lampson et al, Authentication in Distributed Systems 1
A preliminary version of / explain many existing and proposed security mechanisms. In particular we br program loading delegation access control and revocation. Categories
153 Example Based Learning for View-Based Human Face Detection - Sung, Poggio (1995)(Correct)
Finding human faces automatically in an image is a difficult yet important first step to a fully automatic
face recognition system. It is also an interesting academic problem because a successful face... / in front of the terminal. In some security and census systems one could br applications in automatic access control systems and human-computer
116 Role-Based Access Control Models - Sandhu, Coyne, Feinstein, Youman (1996)(Correct)
This article introduces a family of reference models for rolebased access control (RBAC) in which permissions are associated with roles, and users are made members of appropriate roles. This greatly s... / their interactions. Keywords security access control roles models br pages - . Role-Based Access Control Models yz Ravi S. Sandhu
109 A Type System for Java Bytecode Subroutines - Stata, Abadi (1998)(Correct)
Java is typically compiled into an intermediate language, JVML, that is interpreted by the Java Virtual Machine. Because mobile JVML code is not always trusted, a bytecode verifier enforces static con... / of the bytecode verifier for security its current descriptions are br as dereferencing an integer access control violations such as accessing
94 A Calculus for Access Control in Distributed Systems - Abadi, Burrows, Lampson, Plotkin (1991)(Correct)
This paper is a study of some of the concepts, protocols, and algorithms for security in distributed systems, with a focus on access control. Our treatment is fairly formal, as it is based on logics. ... / D. . Operating Systems Security and Protection-access control br A Calculus for Access Control in Distributed Systems MART
87 SDSI - A Simple Distributed Security Infrastructure - Rivest, Lampson (1996)(Correct)
We propose a new distributed security infrastructure, called SDSI (pronounced "Sudsy"). SDSI combines a simple public-key infrastructure design with a means of defining groups and issuing group-member... / SDSI -A Simple Distributed Security Infrastructure Ronald L. br clear terminology for defining access-control lists and security policies.
82 The Active Badge Location System - Want, Hopper, Falco, Gibbons (1992)(Correct)
A novel system for the location of people in an office environment is described. Members of staff wear badges that transmit signals providing information about their location to a centralized location... / and logging In many high-security installations card-key systems br tags has been in the area of access control and logging In many
79 World-Wide Web Proxies - Luotonen, Altis (1994)(Correct)
A WWW proxy server, proxy for short, provides access to the Web for people on closed subnets who can only access the Internet through a firewall machine. The hypertext server developed at CERN, cern_h... / without creating a potential security hole through which bad guys can br protocol level. The proxy can control access to services for individual
78 An Architecture for a Secure Service Discovery Service - Czerwinski, Zhao, Hodes, Joseph, Katz (1999)(Correct)
The widespread deployment of inexpensive communications
technology, computational resources in the networking
infrastructure, and network-enabled end devices
poses an interesting problem for end users... / services in the wide-area. Security is a core component of the SDS br the SDS uses an hybrid access control list and capability system to
73 Itinerant Agents for Mobile Computing - Chess, Grosof, Harrison, Levine.. (1995)(Correct)
This paper describes an abstract framework for itinerant agents that can be used to implement secure, remote applications in large, public networks such as the Internet or the IBM Global Network. Itin... / a method of employing public security services to enable authenticated br via proxy objects which enable access control to be enforced. In other
71 SIP: Session Initiation Protocol - Handley, Schulzrinne, Schooler (1998)(Correct)
Many styles of multimedia conferencing are likely to co-exist on the Internet, and many of them
share the need to invite users to participate. The Session Initiation Protocol (SIP) is a simple protoco... / . Security Considerations . br . . Access Control .
67 NetBill Security and Transaction Protocol - Cox, al. (1995)(Correct)
NetBill is a system for micropayments for information
goods on the Internet. This paper presents the NetBill
protocol and describes its security and transactional
features. Among our key innovations a... / allowing unlimited NetBill Security and Transaction Protocol br goods intact. Outsourcing access control different users can use
64 Secure Agreement Protocols: Reliable and Atomic Group Multicast in.. - Reiter (1994)(Correct)
Reliable and atomic group multicast have been proposed as fundamental communication paradigms to support secure distributed computing in systems in which processes may behave maliciously. These protoc... / computing especially when global security policies must be met despite the br and enforcement of global access control policy and secure audit. We
63 The SLam Calculus: Programming with Secrecy and Integrity - Heintze, Riecke (1998)(Correct)
The SLam calculus is a typed -calculus that maintains security information as well as type information.
The type system propagates security information for each object in four forms: the object's
crea... / typed calculus that maintains security information as well as type
62 Going Beyond the Sandbox: An Overview of the New Security.. - Gong, Mueller, Prafullchandra.. (1997)(Correct)
This paper describes the new security architecture
that has been implemented as part of JDK1.2,
the forthcoming Java
TM
Development Kit. In going
beyond the sandbox security model in the original
re... / Sandbox An Overview of the New Security Architecture in the Java TM br JDK . provides fine-grained access control via an easily configurable
62 PayWord and MicroMint: Two simple micropayment schemes - Rivest, Shamir (1996)(Correct)
this paper. We discuss these related proposals further in Section 5. The user authenticates a complete chain to the vendor with a single public-key signature, and then successively reveals each paywor... / altogether. It has lower security but higher speed. It introduces a br and Haller in S Key for access control and by Winternitz as
62 Secure Group Communications Using Key Graphs - Wong, Gouda, Lam (1998)(Correct)
Many emerging applications (e.g., teleconference, real-time information services, pay per view, distributed interactive simulation, and collaborative work) are based upon a group communications model,... / have a much greater exposure to security breaches than unicast br information to exercise group access control. When a client wants to join
59 Face Recognition Under Varying Pose - Beymer (1993)(Correct)
Researchers in computer vision and pattern recognition have worked on automatic techniques for recognizing
human faces for the last 20 years. While some systems, especially template-based ones, have b... / face recognition. In building security a face recognizer could be used br front entrance for automatic access control. They could be used to
59 Access Control for Collaborative Environments - Shen, Dewan(Correct)
Access control is an indispensable part of any information
sharing system. Collaborative environments introduce
new requirements for access control, which cannot be met
by using existing models develo... / access control protection security user interface. br Access Control for Collaborative Environments
57 Role-Based Access Control - Ferraiolo, Kuhn (1992)(Correct)
While Mandatory Access Controls (MAC) are appropriate for multilevel secure military
applications, Discretionary Access Controls (DAC) are often perceived as meeting
the security processing needs of i... / of th National Computer Security Conference Abstract br Role-Based Access Control David Ferraiolo and Richard
57 Authentication in the Taos Operating System - Wobber, Abadi, Burrows, Lampson (1993)(Correct)
We describe a design for security in a distributed system and its implementation.
In our design, applications gain access to security services through a
narrow interface. This interface provides a not... / We describe a design for security in a distributed system and its br it to our needs. We use the access control model of security
50 A Core Calculus of Dependency - Abadi, Banerjee, Heintze, Riecke (1999)(Correct)
Notions of program dependency arise in many settings: security, partial evaluation, program slicing, and call-tracking. We argue that there is a central notion of dependency common to these settings t... / dependency arise in many settings security partial evaluation program br with security annotations for access control and information flow. To
49 Proxy-Based Authorization and Accounting for Distributed Systems - Neuman (1993)(Correct)
Despite recent widespread interest in the secure authentication
of principals across computer networks
there has been considerably less discussion of distributed
mechanisms to support authorization an... / Figure Relationship of security services a separate encryption br model strikes a balance between access-control-list and capability-based
49 Resource Access Control in Systems of Mobile Agents - Hennessy, Riely (1998)(Correct)
We describe a typing system for a distributed p-calculus which guarantees that distributed agents cannot access the resources of a system without first being granted the capability to do so. The lan... / analyses for proving various security properties of programs have also br Computer Science Resource Access Control In Systems Of Mobile Agents
47 The Rampart Toolkit for Building High-Integrity Services - Reiter (1995)(Correct)
Rampart is a toolkit of protocols to facilitate the development of high-integrity services, i.e., distributed services that retain their availability and correctness despite the malicious penetratio... / Many techniques for enforcing security policy in distributed systems br e.g. and access control services for the management
44 Deployment Issues for the IP Multicast Service and Architecture - Diot, Levine, Lyles, Kassem.. (2000)(Correct)
IP multicast offers scalable point-to-multipoint delivery
necessary for using group communication applications
on the Internet. However, the IP multicast service has
seen slow commercial deployment by... / address allocation. Security including protection against br meant to provide any kind of access control. As with all IP datagrams
41 Securing Ad Hoc Networks - Zhou, Haas (1999)(Correct)
Ad hoc networks are a new wireless networking paradigm for mobile hosts. Unlike traditional mobile wireless networks, ad hoc networks do not rely on any fixed infrastructure. Instead, hosts rely on ea... / The military tactical and other security-sensitive operations are still br On the physical and media access control layers an adversary could
36 Typed Memory Management in a Calculus of Capabilities - Crary, Walker, Morrisett (1999)(Correct)
An increasing number of systems rely on programming language
technology to ensure safety and security of low-level
code. Unfortunately, these systems typically rely on a complex,
trusted garbage colle... / technology to ensure safety and security of low-level code. br as Hydra have solved the access control problem before by associating
35 Face Recognition: A Convolutional Neural Network Approach - Lawrence, Giles, Tsoi, Back (1997)(Correct)
Faces represent complex, multidimensional, meaningful visual stimuli and developing a computational model for face recognition is difficult [43]. We present a hybrid neural network solution which comp... / people in real-time e.g. in a security monitoring system location br identification in computerized access control has resulted in an increased
34 Policy Driven Management For Distributed Systems - Sloman (1994)(Correct)
Separating management policy from the automated managers which interpret the policy
facilitates the dynamic change of behaviour of a distributed management system. This
permits it to adapt to evolutio... / management management policy security policy policy conflicts access br These are common in database access control and safety critical systems
34 Security Models - McLean (1994)(Correct)
this article we focus on the primary
use of security models, which has been to describe general confidentiality requirements. We
then give pointers to security model work in other areas.
2 Models of C... / Security Models John McLean br confidentiality called access control which was brought over into
34 A Formal Specification of Java Virtual Machine Instructions - Qian (1997)(Correct)
In this paper we formally specify a large subset of Java Virtual Machine instructions based on the descriptions in the Java Virtual Machine Specification by Lindholm and Yellin, in the Java Specificat... / that the applications do not have security problems. In this paper we br method clinit access control i.e. private public
34 A Formal Specification of Java Virtual Machine Instructions for.. - Qian (1998)(Correct)
In this chapter we formally specify a subset of Java Virtual Machine (JVM) instructions for objects, methods and subroutines based on the official JVM Specification, the official Java Language Speci... / specification defines parts of the security of internet programming in br method clinit access control modifiers exception
33 A Secure Identity-Based Capability System - Gong (1989)(Correct)
We present the design of an Identity-based CAPability protection system ICAP,
which is aimed at a distributed system in a network environment. The semantics of
traditional capabilities are modified to... / propagations to enforce security policies including the br complete revocation. A separate access control list is to represent and
33 A Logical Language for Expressing Authorizations - Jajodia, Samarati, Subrahmanian (1997)(Correct)
A major drawback of existing access control systems is
that they have all been developed with a specific access control
policy in mind. This means that all protection requirements
(i.e., accesses to b... / and INT- and by National Security Agency under grants br A major drawback of existing access control systems is that they have all
33 The Anatomy of the Grid - Enabling Scalable Virtual Organizations - Foster, Kesselman, Tuecke (2001)(Correct)
Grid" computing has emerged as an important new field, distinguished from conventional
distributed computing by its focus on large-scale resource sharing, innovative applications, and,
in some cases, ... / VOs. These technologies include security solutions that support management br and multi-stakeholder access control delegation and application
32 Enforceable Security Policies - Schneider (1998)(Correct)
A precise characterization is given for the class of security policies that can be enforced using mechanisms that work by monitoring system execution, and a class of automata is introduced for specify... / Enforceable Security Policies Fred B. Schneider
31 The Medusa Applications Environment - Wray, Glauert, Hopper(Correct)
Medusa is a peer to peer architecture for controlling
networked multimedia devices. This paper describes the
software model presented to the applications
programmer. Active objects called modules are ... / intermediate modules. Secondly security is provided by naming br is that there is no access control and in fact no security
31 Identity Escrow - Kilian, Petrank (1997)(Correct)
We introduce the notion of escrowed identity, an application of key-escrow ideas
to the problem of identification. In escrowed identity, one party A does not give his
identity to another party B, bu... / agents is almost . Enhanced security Even the escrow agency after br identification schemes in access control communication and commerce
30 An HTTP-based Infrastructure for Mobile Agents - Lingnau, Drobnik, Dömel (1995)(Correct)
Mobile agents are an emerging technology attracting interest from the fields of distributed systems, information retrieval, electronic commerce and artificial intelligence. We present an infrastruct... / future advances in e.g.HTTP security and electronic payment resulting br and do authentication and access control for all agent operations. In a
28 Probabilistic Noninterference in a Concurrent Language - Volpano, Smith (1998)(Correct)
In [15], we give a type system that guarantees that well-typed multi-threaded programs are possibilistically noninterfering. If thread scheduling is probabilistic, however, then well-typed programs ma... / of the th IEEE Computer Security Foundations Workshop Rockport br the sensitive data using some access control mechanism. But often the code
28 Byzantine Quorum Systems - Dahlia Malkhi (1997)(Correct)
Quorum systems are well-known tools for ensuring the consistency
and availability of replicated data despite the benign
failure of data repositories. In this paper we consider
the arbitrary (Byzantine... / employed in the implementation of security mechanisms. Naor and Wool br methods to construct an access-control service using quorums. Their
28 Understanding Java Stack Inspection - Wallach, Felten (1998)(Correct)
Current implementations of Java make security decisions by searching the runtime call stack. These systems have attractive security properties, but they have been criticized as being dependent on spec... / implementations of Java make security decisions by searching the br of a well-understood logic for access control and demonstrates how stack
28 The Operating System Kernel as a Secure Programmable Machine - Engler, Kaashoek, O'Toole, Jr. (1994)(Correct)
To provide modularity and performance, operating
system kernels should have only minimal embedded
functionality. Today's operating systems are large,
inefficient and, most importantly, inflexible. In ... / -bit capabilities that rely on security though obscurity br The operational view of access control is that each resource e.g.
28 Grid Information Services for Distributed Resource Sharing - Czajkowski, Fitzgerald, Foster.. (2001)(Correct)
Grid technologies enable large-scale sharing of resources
within formal or informal consortia of individuals
and/or institutions: what are sometimes called virtual
organizations. In these settings, th... / that addresses performance security scalability and robustness br for authentication and access control to information. Our
27 A Pattern Matching Model for Misuse Intrusion Detection - Kumar, Spafford (1994)(Correct)
This paper describes a generic model of matching that can be usefully applied to misuse intrusion detection. The model is based on Colored Petri Nets. Guards define the context in which signatures are... / directly overlap with traditional security models which are primarily br with information flow and access control models. Examples of these
27 Securing Distance-Vector Routing Protocols - Smith, Murthy, Garcia-Luna-Aceves (1997)(Correct)
We analyze the security requirements of distance-vector routing protocols, identify their vulnerabilities, and propose countermeasures to these vulnerabilities. The innovation we propose involves the ... / Network and Distributed Systems Security. This material is posted here br claimed by a system entity. Access Control is the protection against
26 The Role of Trust Management in Distributed Systems Security - Blaze, Feigenbaum, Ioannidis..(Correct)
Existing authorization mechanisms fail to provide powerful and robust tools for handling security at the scale necessary for today's Internet. These mechanisms are coming under increasing strain fro... / Management in Distributed Systems Security Matt Blaze Joan br in operating systems is the Access Control List ACL Briefly an ACL
26 Java Security: Present and Near Future - Gong (1997)(Correct)
Windowing Toolkit, a package for building GUIs in
Java
bytecode verifier Mechanism to verify that Java language constraints are satisfied
by the class bytecode
class loader Mechanism to dynamically ... / and growing interest in Java's security as well as in new security br features protection domain access control authorization and delegation
26 ALMI: An Application Level Multicast Infrastructure - Pendarakis, Shi, Verma, Waldvogel (2000)(Correct)
The IP multicast model allows scalable and ecient multi-party communication, particularly for groups of large size. However, deployment of IP multicast requires substantial infrastructure modi cations... / ow and congestion control security and access control. Motivated by br control security and access control. Motivated by these problems
25 Lattice-Based Access Control Models - Sandhu (1993)(Correct)
The objective of this article is to give a tutorial on lattice-based access control models for computer security. The paper begins with a review of Denning's axioms for information flow policies, whic... / access control models for computer security. The paper begins with a review
25 Using Secure Coprocessors - Yee (1994)(Correct)
How do we build distributed systems that are secure? Cryptographic techniques can be used to secure the communications between physically separated systems, but this is not enough: we must be able to ... / cryptography integrity privacy security Abstract How do we build
25 The Typed Access Matrix Model - Sandhu (1992)(Correct)
The access matrix model as formalized by Harrison, Ruzzo, and Ullman (HRU) has broad expressive power. Unfortunately, HRU has weak safety properties (i.e., the determination of whether or not a given ... / Proceedings of IEEE Symposium on Security and Privacy Oakland California br Introduction The need for access controls arises in any computer
24 A Formal Framework and Evaluation Method for Network Denial of Service - Meadows (1999)(Correct)
Denial of service is becoming a growing concern. As our systems communicate more and more with others that we know less and less, they become increasingly vulnerable to hostile intruders who may take ... / to such definitions of protocol security as are found in in which br enforcement of the appropriate access control policy to protect us as is
24 A Decentralized Model for Information Flow Control - Myers, Liskov (1997)(Correct)
This paper presents a new model for controlling information flow in systems with mutual distrust and decentralized authority. The model allows users to share information with distrusted code (e.g., do... / improves on existing multilevel security models by allowing users to br by security models based on access control lists or capabilities i.e.
24 Seal: A Framework for Secure Mobile Computations - Vitek, Castagna (1999)(Correct)
The Seal calculus is a distributed process calculus with localities
and mobility of computational entities called seals. Seal is also
a framework for writing secure distributed applications over l... / by examples focused on security and management distributed br program mobility and resource access control are essential mechanisms. We
23 Implementing Protection Domains in the Java Development Kit 1.2 - Gong, Schemers (1988)(Correct)
The forthcoming Java
TM
Development Kit (JDK1.2)
provides fine-grained access control via an easily configurable
security policy. In this paper, we describe the
design and implementation in JDK1.2 o... / on Network and Distributed System Security San Diego CA March br JDK . provides fine-grained access control via an easily configurable
23 Protecting Mobile Agents through Tracing - Vigna (1997)(Correct)
Mobile code systems provide a flexible and powerful platform to build distributed applications in an Internet scale, but they rise strong requirements from the security point of view. Security issues ... / rise strong requirements from the security point of view. Security issues br Using suitable access control and sandboxing mechanisms it
22 A Unified Framework for Enforcing Multiple Access Control Policies - Jajodia, al. (1997)(Correct)
Although several access control policies can be devised for
controlling access to information, all existing authorization
models, and the corresponding enforcement mechanisms, are
based on a specific ... / properties required to hold on the security specifications and prove that br for Enforcing Multiple Access Control Policies Sushil Jajodia
22 OS Support for General-Purpose Routers - Peterson, Karlin, Li (1999)(Correct)
This paper argues that there is a need for routers to move
from being closed, special-purpose network devices to being
open, general-purpose computing/communication systems.
The central challenge in m... / reliability ordered delivery security as well as implement br Such a router might enforce access control much like a traditional
21 Thinking About Firewalls - Ranum (1994)(Correct)
Generally, he who occupies the field of battle first and awaits his enemy is at ease. ¾ ¾ Sun Tzu Many companies connect to the Internet, guarded by "firewalls" designed to prevent unauthorized access... / continuum between ease of use and security. This paper describes some of the br that permit user-customizable access control are often exploited by
21 Intrusion Tolerance in Distributed Computing Systems - Deswarte, Blain, Fabre (1991)(Correct)
An intrusion-tolerant distributed system is a system
which is designed so that any intrusion into a part of the
system will not endanger confidentiality, integrity and
availability. This approach is s... / the IEEE Symposium on Research in Security and Privacy Oakland Ca.May br based on paradigms such as access control matrix reference monitor
21 Hardening COTS Software with Generic Software Wrappers - Fraser, Badger, Feldman (1999)(Correct)
Numerous techniques exist to augment the security
functionality of Commercial Off-The-Shelf (COTS) applications
and operating systems, making them more
suitable for use in mission-critical systems. Al... / of the IEEE Symposium on Security and Privacy Copyright c fl br that is known to cause harm access control intrusion detection In
20 Flexible Alias Protection - Noble, Vitek, Potter(Correct)
Aliasing is endemic in object oriented programming. Because
an object can be modified via any alias, object oriented programs are
hard to understand, maintain, and analyse. Flexible alias protection... / even more seriously opening security holes in the application. We br mechanism for implementing access control. In e ect the type system
20 Key Management for Secure Internet Multicast using Boolean Function.. - Isabella Chang (1999)(Correct)
The Internet today provides no support for privacy or authentication
of multicast packets. However, an increasing number of applications
will require secure multicast services in order to restrict gro... / employing a hierarchy of group security agents. The scheme proposed in br member in question loses the access control privileges for the multicast
20 Argos - A Configurable Access Control System for Interoperable.. - Jonscher, Dittrich (1995)(Correct)
The integration of autonomous information systems causes a fundamental problem for security
management. How to ensure a consistent authorisation state if several independent software
components are in... / causes a fundamental problem for security management. How to ensure a br Argos -A Configurable Access Control System for Interoperable
20 Authorization In Distributed Systems: A New Approach - Woo, Lam (1993)(Correct)
In most existing systems, authorization is specified using some low-level system-specific
mechanisms, e.g., protection bits, capabilities and access control lists. We argue that
authorization is an in... / Journal Of Computer Security Ios Press Authorization In br bits capabilities and access control lists. We argue that
19 JFlow: Practical Mostly-Static Information Flow Control - Myers (1999)(Correct)
A promising technique for protecting privacy and integrity of
sensitive data is to statically check information flow within
programs that manipulate the data. While previous work
has proposed programm... / increasingly mobile. Conventional security techniques such as discretionary br dynamic type tests access control and exceptions. This paper
19 Cryptographic Traces for Mobile Agents - Vigna (1998)(Correct)
Mobile code systems are technologies that allow applications
to move their code, and possibly the corresponding state, among the
nodes of a wide-area network. Code mobility is a flexible and power... / remote hosts introduces serious security issues. These issues include br Using suitable access control and sandboxing mechanisms it
18 Access Rights Administration in Role-Based Security Systems - Nyanchama, Osborn (1994)(Correct)
This paper examines the concept of role-based protection and, in particular, role
organization. From basic role relationships, a model for role organization is developed.
The role graph model, its ope... / Administration in Role-Based Security Systems Matunda Nyanchama br Roles role-based protection access control privilege graph least
18 Supporting Location-Awareness in Open Distributed Systems - Leonhardt (1998)(Correct)
Mobile computers and communication devices are establishing themselves as ubiquitous
features of daily life. This development is linked to tremendous growth in the
number and sophistication of mobile ... / . . . Security . br providing location prediction access control and other functions.
18 Architectural Design Patterns for Multiagent Coordination - Sandra Hayden (1999)(Correct)
This paper presents our first step towards agent-oriented software
engineering, focusing on the area of coordinated multi-agent systems.
In multi-agent systems, the interactions between the agents are... / should feature in the design of a security mechanism for agents. The br access. The embassy provides access control and so should feature in the
18 KLAIM: a Kernel Language for Agents Interaction and Mobility - De Nicola, Ferrari, Pugliese (1997)(Correct)
We investigate the issue of designing a kernel programming language for Mobile Computing and describe Klaim, a language that supports a programming paradigm where processes, like data, can be moved fr... / for network programming is security e.g. privacy and integrity br related to capabilities and access control has been developed.
17 Detecting Intruders in Computer Systems - Lunt (1993)(Correct)
Although a computer system's primary defense is its access controls, computer
system access controls cannot be relied upon in most cases to safeguard against a
penetration or insider attack. Even the ... / of data that are not necessarily security relevant. To address the need br system's primary defense is its access controls computer system access
17 On the Characterisation of Law and Computer Systems: The Normative.. - Jones (1993)(Correct)
this paper was to address the role of deontic logic in legal knowledge representation. However, we now feel that this question cannot, and should not, be divorced from consideration of a much broader ... / from Formal Specification of Security Requirements using the Theory of br interaction for instance access-control regulations The paper is
17 Nested Java Processes: OS Structure for Mobile Code - Tullmann, Lepreau (1998)(Correct)
The majority of work on protection in single-language
mobile code environments focuses on information security
issues and depends on the language environment for
solutions to the problems of resource ... / focuses on information security issues and depends on the br to providing all-or-nothing access control depending on whether the
17 The State of the Art in Electronic Payment Systems - Asokan, al. (1997)(Correct)
This article unknown 0018-9162/97/$10.00 1997 IEEE Computer
The State of the Art
in Electronic
Payment Systems
he exchange of goods conducted face-to-face
between two parties dates back to before... / suffer from various well-known security problems Money can be br They should only be used to control access to a physical token like a
17 A Global Authentication Service without Global Trust - Birrell, Lampson, Needham, Schroeder (1986)(Correct)
This paper describes a design for an authentication service for a very large scale, very long lifetime, distributed system. The paper introduces a methodology for describing authentication protocols t... / in Proc. IEEE Symposium on Security and Privacy Oakland CA April br are suitable for inclusion in access control lists. The naming of a role
16 Intrusion Detection using Sequences of System Calls - Hofmeyr, Forrest, Somayaji (1998)(Correct)
this paper we are primarily concerned with determining empirically if the
discriminator is stable. Efficiency is a secondary consideration, and is addressed in this
paper to the extent that we analyze... / computer systems are plagued by security vulnerabilities. Whether it is br tools such as encryption access controls firewalls and audit trails
16 Authentication of Mobile Users - Refik Molva (1994)(Correct)
Internetworks of the future will allow and promote universal access. Network users will be able
to access the network at a multitude of access points separated by significant geographic distance and
m... / a new set of inter-domain security mechanisms is needed to allow br unsolved issues tracking and access control. A user is normally
16 Experience with Secure Multi-Processing in Java - Balfanz, al. (1998)(Correct)
As Java
TM
is the preferred platform for the deployment
of network computers, it is appealing to
run multiple applications on a single Java desktop.
We experimented with using the Java platform as a... / Java architecture including its security features. We have implemented br We also suggest how user-based access control to specify policies about
16 Language Issues in Mobile Program Security - Volpano, Smith (1998)(Correct)
Many programming languages have been developed and implemented
for mobile code environments. They are typically quite expressive.
But while security is an important aspect of any mobile code
technol... / Language Issues in Mobile Program Security Dennis Volpano and
16 Authorization in Distributed Systems: A Formal Approach - Woo, Lam (1992)(Correct)
In most systems, authorization is specified using
some low-level system-specific mechanisms,
e.g. protection bits, capabilities and access control
lists. We argue that authorization is an independent
... / Introduction To guarantee the security of a distributed system many br bits capabilities and access control lists. We argue that
16 Proof-Carrying Authentication - Appel, Felten (1999)(Correct)
We have designed and implemented a general and powerful distributed authentication framework based on higher-order logic. Authentication frameworks --- including Taos, SPKI, SDSI, and X.509 --- have b... / on Computer and Communications Security November . Copyright c br are name-tokey bindings access control and delegation. To
16 Digital Signatures for Flows and Multicasts - Wong, Lam (1999)(Correct)
t. Domain Based Internet Security Policy
Management. In Proceedings of DARPA Information Survuvability Conference and
Exposition, pages 41-53. DARPA, Hilton Head, South Carolina, January 2000.
cate-b... / . Wra J. Wray. Generic Security Service API Version br January . cate-based Access Control for Widely Distributed
15 A Policy Based Role Object Model - Lupu, Sloman (1997)(Correct)
Enterprise roles define the duties and responsibilities of the individuals which are assigned to them. This paper introduces a framework for the management of large distributed systems which makes use... / and procedures relating to security or specifications of duties br policies are translated into access control lists which are interpreted
15 Supporting Multiple Access Control Policies in Database Systems - Bertino, Jajodia, Samarati (1996)(Correct)
Although there are several choices of policies for protection
of information, access control models have been
developed for a fixed set pre-defined access control policies
that are then built into the... / that can support different security policies. The mechanism enforces br Supporting Multiple Access Control Policies in Database Systems
15 A Survey of Distributed File Systems - Satyanarayanan Department Of (1989)(Correct)
Abstract
This paper is a survey of the current state of the art in the design and
implementation of distributed file systems. It consists of four major parts: an
overview of background material, case... / to specifiy and enforce security now become important. Unix br The latter also addressed access control caching and transparent
15 A Type System for Expressive Security Policies - Cornell (1999)(Correct)
Certified code is a general mechanism for enforcing security
properties. In this paradigm, untrusted agent
code carries annotations that allow a host to verify
its trustworthiness. Before running the ... / A Type System for Expressive Security Policies David Walker
14 Static Analysis of Processes for No Read-Up and No Write-Down - Bodei, Degano, Nielson, Nielson (1999)(Correct)
We study a variant of the no read-up/no write-down security property of
Bell and LaPadula for processes in the ß-calculus. Once processes are given levels of
security clearance, we statically check ... / of the no read-up no write-down security property of Bell and LaPadula br model based on a multi-level access control see We first define
14 On Access Checking in Capability-Based Systems - Kain, Landwehr (1987)(Correct)
Public descriptions of capability-based system designs often do not clarify the necessary details concerning the propagation of access rights within the systems. A casual reader may assume that it is ... / cannot enforce either the military security policy or the Bell and LaPadula br enforcement. Index Terms-Access control capabilities
14 The CRISIS Wide Area Security Architecture - Belani, Vahdat, Anderson, Dahlin (1998)(Correct)
This paper presents the design and implementation of
a new authentication and access control system, called
CRISIS. A goal of CRISIS is to explore the systematic
application of a number of design prin... / The CRISIS Wide Area Security Architecture Eshwar Belani br of a new authentication and access control system called CRISIS. A goal
14 Scalable Multicast Key Distribution - Ballardie (1994)(Correct)
Multicasting is becoming an increasingly important and desired form of communication
on the Internet, not surprisingly because its typical applications include audioand
video conferencing [4]. Providi... / video conferencing Providing security services such as traffic br to be combined with group access control. Without group access
14 The Specification and Modeling of Computer Security - McLean (1990)(Correct)
This paper provides an introduction to computer security modeling in general, the Bell
and LaPadula model in particular, and the limitations of the model. Many of the issues
raised are of interest not... / and Modeling of Computer Security John McLean Center for High
14 Assuring Distributed Trusted Mach - Fine, Minear (1993)(Correct)
The Distributed Trusted Mach (DTMach) program
is developing a design for a high-assurance, secure,
distributed system based on Mach. To achieve this
goal, it is first necessary to identify the general... / step in developing the DTMach security policy a categorization of
14 Efficient Communication-Storage Tradeoffs for Multicast Encryption - Canetti, Malkin, Nissim(Correct)
We consider re-keying protocols for secure multicasting in a
dynamic multicast group with a center. There is a variety of different
scenarios using multicast, presenting a wide range of efficiency r... / See overview in The main security concerns are typically access br concerns are typically access control making sure that only
14 Building Flexible Groupware Through Open Protocols - Roseman, Greenberg (1993)(Correct)
This paper presents a technical approach to building flexible
groupware applications. Flexibility provides the promise of
personalizable groupware, allowing different groups to work
with the system in... / The New Components And Security. Related Work A Handful Of br or the degree of access control Our own approach of
14 The Ponder Policy Specification Language - Damianou, Dulay, Lupu, Sloman (2001)(Correct)
The Ponder language provides a common means of
speciing security policies that map onto various access
control implementation mechanisms for firewalls,
operating systems, databases and Java. It suppor... / a common means of speciC ing security policies that map onto various br policies that map onto various access control implementation mechanisms for
13 Access Control: Principles and Practice - Sandhu, Samarati (1994)(Correct)
This article begins with an explanation of access control and its relationship to other security
services such as authentication, auditing and administration. It then reviews the access matrix
model a... / which could lead to breach of security. This article begins with an br Access Control Principles and Practice
13 Dyad: A System for Using Physically Secure Coprocessors - Tygar, Yee (1991)(Correct)
The Dyad project at Carnegie Mellon University is using physically secure
coprocessors to achieve new protocols and systems addressing a number of
perplexing security problems. These coprocessors can ... / addressing a number of perplexing security problems. These coprocessors can
13 IO-Lite: A Unified I/O Buffering and Caching System - Vivek Pai (1997)(Correct)
This paper presents the design, implementation,
and evaluation of IO-Lite, a unified I/O buffering
and caching system for general-purpose operating
systems. IO-Lite unifies all buffering and caching
i... / and concurrently. Protection and security are maintained through a br through a combination of access control and read-only sharing. IOLite
13 Trials of Traced Traitors - Pfitzmann (1996)(Correct)
Traitor tracing schemes as introduced by Chor, Fiat, and Naor at Crypto '94 are intended for tracing people who abuse a broadcast encryption scheme by allowing additional, illegitimate users to decryp... / of such evidence i.e.the security of trials that would be held br box does not defy analysis by access control e.g.by requiring a password
13 Perfectly-Secure Key Distribution for Dynamic Conferences - Blundo, De Santis, Herzberg, Kutten, .. (1995)(Correct)
A key distribution scheme for dynamic conferences is a method by which initially
an (off-line) trusted server distributes private individual pieces of information
to a set of users. Later, each member... / and is a major component of the security subsystem of distributed systems br asymmetric clientserver model access-control validation partial key
13 A Grid-Enabled MPI: Message Passing in Heterogeneous Distributed.. - Foster, Karonis (1998)(Correct)
Application development for high-performance distributed computing systems, or computational grids as they are sometimes called, requires "grid-enabled" tools that hide mundane aspects of the heteroge... / in question. . The Globus security service is used to handle br be subject to different access control policies and be connected by
13 Towards a Calculus of Secure Mobile Computations - Vitek, Castagna (1998)(Correct)
The Seal calculus is a calculus of mobile computations
designed for programming secure distributed
applications over large scale open networks. The calculus
is a distributed variant of the ß-calculus ... / mechanisms to implement flexible security policies. Security is br incorporates a strong resource access control based on linear revocable
13 Intrusion Detection in Wireless Ad-Hoc Networks - Zhang, Lee (2000)(Correct)
As the recent denial-of-service attacks on several major Internet
sites have shown us, no open computer network is
immune from intrusions. The wireless ad-hoc network is
particularly vulnerable due to... / attacks. The history of security research has taught us a valuable br neighboring nodes. The medium access control MAC protocol is essential
13 A Domain and Type Enforcement UNIX Prototype - Badger (1996)(Correct)
UNIX system security today often relies on correct
operation of numerous privileged subsystems
and careful attention by expert system administrators.
In the context of global and possibly hostile
netw... / Of The Fifth Usenix Unix Security Symposium Salt Lake City Utah br Type Enforcement DTE is an access control technology for partitioning
13 PUNCH: An architecture for Web-enabled wide-area network-computing - Kapadia, Fortes (1999)(Correct)
This paper addresses the architectural issues that arise in the design of a universally accessible wide-area network-computing unknown Cluster Computing 2 (1999) 153--164 153
PUNCH: An architecture fo... / access to all managed information. Security and access control across br information. Security and access control across administrative domains
13 An Authorization Model for Workflows - Atluri, Huang (1996)(Correct)
Workflows represent processes in manufacturing and office
environments that typically consist of several well-defined activities (known
as tasks). To ensure that these tasks are executed by author... / objects resulting in compromising security. In this paper we propose a br than the conventional access control techniques are required when
13 Separation of Duty in Role-Based Environments - Simon, Zurko (1997)(Correct)
Separation of Duty is a principle that has a long history in computer security research. Many computing systems provide rudimentary support for this principle, but often the support is inconsistent wi... / has a long history in computer security research. Many computing systems br in the context of role-based access control. We then characterize
12 Filesystems for Network-Attached Secure Disks - Gibson, al. (1997)(Correct)
Network-attached storage enables network-striped data transfers directly between client and storage to provide clients with scalable bandwidth on large transfers. Network-attached storage also decoupl... / network support for security Deering Exploiting the br policy and enforcement of access control avoiding unnecessary
12 A Transparent Object-Oriented Schema Change Approach Using View.. - Ra, Rundensteiner (1995)(Correct)
When a database is shared by many users, updates to the database schema are almost always prohibited because
there is a risk of making existing application programs obsolete when they run against the ... / independence access control and security. Perceiving the importance of br views are data independence access control and security. Perceiving the
12 The Compositional Security Checker: A Tool for the Verification of.. - Focardi, al. (1997)(Correct)
The Compositional Security Checker (CoSeC for short) is a semantic-based tool for the automatic verification of some compositional information flow properties. The specifications given as inputs to Co... / The Compositional Security Checker A Tool for the br problem. In the Discretionary Access Control security DAC for short
12 Implementing Proxy Objects in a Reflective ORB - Ledoux (1997)(Correct)
In this short paper, we experiment reflective techniques dealing with the implemention of an ORB. We
focus on a specific problem - the proxy representation - in order to emphasize the major advantages... / exception transaction ffl security access control Most of these br transaction ffl security access control Most of these features exist
12 HORB: Distributed Execution of Java Programs - Satoshi (1997)(Correct)
HORB is a Java ORB (Object Request Broker) that extends
Java for distributed object oriented computing. Applications of HORB
and HORB itself are network portable and transferable, since HORB
provide... / method call object passing security and so on. The usage of HORB is br Security by distributed access control list A remote class of HORB
12 Secure Composition of Insecure Components - Sewell, Vitek (1999)(Correct)
Software systems are becoming heterogeneous: instead of a small number of
large programs from well-established sources, a user's desktop may now consist of
many smaller components that interact in int... / like to know that a number of security properties hold e.g. that br irrelevant. While passwords and access control mechanisms are adequate to
12 ZN-Face: A system for access control using automated face recognition - Konen, al. (1995)(Correct)
We present a biometric access control device which
is based on the identification of human faces. The system
combines a console for semi-automated image
acquisition with the necessary algorithms for f... / control device for real-world security applications. Face br Zurich ZN-Face A system for access control using automated face
12 A Logic-based Knowledge Representation for Authorization with.. - Li, al. (1999)(Correct)
We introduce Delegation Logic (DL), a logic-based knowledge representation
(i.e., language) that deals with authorization in large-scale, open, distributed systems. Of
central importance in any syst... / trust management in the computer-security literature and previous work on br tasks authentication and access control. Authentication answers the
12 Grids as Production Computing Environments: The Engineering Aspects.. - Johnston, Gannon, Nitzberg (1999)(Correct)
Information Power Grid (IPG) is the name of NASA's
project to build a fully distributed computing and data
management environment -- a Grid. The IPG project has
near, medium, and long-term goals th... / LDAP information servers and PKI security services and the engineering br fault tolerant communication access control data location management
12 Securing the Border Gateway Routing Protocol - Smith, Garcia-Luna-Aceves (1996)(Correct)
We analyze the security of the BGP routing protocol, and identify a number of vulnerabilities
in its design and the corresponding threats. We then present a set of proposed modifications to the
prot... / Abstract We analyze the security of the BGP routing protocol and br claimed by a system entity. Access Control is the protection against
12 Active Views for Electronic Commerce - Abiteboul, Cluet, Mignet, Amann.. (1999)(Correct)
Electronic commerce is emerging as a major Websupported
application. In this paper we argue
that database technology can, and should, provide
the backbone for a wide range of such applications.
Mo... / has many aspects including security authentication electronic br mechanisms for notification access control and logging tracing of users
12 Equational Properties of Mobile Ambients - Gordon (2001)(Correct)
This paper develops tools for proving equations in the ambient calculus.
In earlier work (Cardelli and Gordon 2000b), we introduced the ambient calculus by
adding ambients|mobile, hierarchical protect... / some of the equations establish security properties of systems modelled br devices. The calculus models access control as well as mobility. For
11 A Network Perimeter With Secure External Access - Avolio, Ranum (1994)(Correct)
INTRODUCTION A private network that carries sensitive data between local computers requires proper security measures to protect the privacy and integrity of the traffic. When such a network is connect... / local computers requires proper security measures to protect the privacy br strong user authentication access control and integrity protection for
11 Computational Issues in Secure Interoperation - Gong, Qian (1996)(Correct)
Advances in distributed systems and networking
technology have made interoperation not only feasible
but also increasingly popular. We define the interoperation
of secure systems and its security, and... / of secure systems and its security and prove complexity and br for systems with very simple access control structures while for a