This directory is created automatically and some papers may be mislabeled. Only document within the CiteSeer database are listed. The directory is intended to provide entry points for browsing the database and is not intended to be authoritative. Papers may not appear in all relevant categories. For example, papers in a sub-category may not appear in higher level categories.
Language-Based Information-Flow Security - Sabelfeld, Myers (2002)(Correct)
Current standard security practices do not provide
substantial assurance that the end-to-end behavior of a
computing system satisfies important security policies such as
confidentiality. An end-to-end... / Language-Based Information-Flow Security Andrei Sabelfeld and Andrew C.
Towards An Extensible Virtual Machine - Boyapati (2002)(Correct)
The Java Virtual Machine Language (JVML) is rapidly emerging as the de-facto standard for representing portable code and Java Virtual Machines (JVMs) are increasingly being used as standard platforms ... / of the JVM platform is its security. JVML is a type safe language. br to provide ne-grained access control. Code from multiple
Gothic: A Group Access Control Architecture for Secure Multicast and.. - Judge, Ammar (2002)(Correct)
Multicast and anycast have received considerable attention
due to their ability to support networked services. There are distinct and
significant security vulnerabilities in both the multicast and any... / are distinct and significant security vulnerabilities in both the br Gothic A Group Access Control Architecture for Secure
A Simple View of Type-Secure Information Flow in the pi-Calculus - Pottier (2002)(Correct)
One way of enforcing a mandatory access control policy is to
use a static type system capable of guaranteeing a non-interference property.
Non-interference states that two processes with distinct ... / mandatory access control security policies e.g. to prevent secret br way of enforcing a mandatory access control policy is to use a static
Declarative Update Policies for Nonmonotonic Knowledge Bases - Eiter, al. (2002)(Correct)
Updating databases, and in particular relational databases, is a central issue which has
been well-studied in the database field for many years, and solutions have been incorporated into
commercial ... / area of network management and security For nonmonotonic br . . Access control policies .
Active Certificates: A Framework for Delegation - Borisov, Brewer (2002)(Correct)
In this paper, we present a novel approach to delegation
in computer systems. We exploit mobile code capabilities
of today's systems to build active certificates: cryptographically
signed mobile agent... / for the task at hand. This security concern is especially relevant in br of rights involves weakening access control restrictions that would
Bytecode verification on Java smart cards - Leroy (2002)(Correct)
This article presents a novel approach to the problem of bytecode verification for Java Card applets. By relying on prior off-card bytecode transformations, we simplify the bytecode verifier and reduc... /
A Law-Abiding Peer-to-Peer Network for Free-Software Distribution - Bakker, van Steen, Tanenbaum (2002)(Correct)
The Globe Distribution Network (GDN) is an application
for worldwide distribution of freely redistributable software
packages. The GDN takes a novel, optimistic approach
to stop the illegal distributi... / users high communication delays security threats and machine and network br Service gids The Gdn Access Control Service gdn Acs Is A
Efficient Frequency Domain Selective Scrambling of Digital Video - Zeng, Lei (2002)(Correct)
Multimedia data security is very important for multimedia commerce on the Internet such as videoon
-demand and real-time video multicast. Traditional cryptographic algorithms/systems for data security... / ABSTRACT Multimedia data security is very important for multimedia br Multimedia security contents access control video scrambling multimedia
STAR: Secure Real-Time Transaction Processing with Timeliness.. - Kang, Son, Stankovic (2002)(Correct)
Real-time databases are needed in security-critical applications,
e.g., e-commerce, agile manufacturing, and military
applications. In these applications, transactions and
data items can be classified... / Real-time databases are needed in security-critical applications e.g. br In our approach mandatory access control mechanisms are applied for
Towards an Access Control Mechanism for Wide-area Publish/Subscribe.. - Miklos (2002)(Correct)
The publish/subscribe communication model is increasingly
considered for implementing middleware infrastructures
for widely distributed applications. Scalability issues
and routing algorithms of such ... / attention has been given to security and management issues. In br Towards an Access Control Mechanism for Wide-area
On Probabilistic Combination of Face and Gait Cues for Identification - Shakhnarovich, Darrell (2002)(Correct)
We approach the task of person identification based on
face and gait cues. The cues are derived from multiple
simultaneous camera views, combined through the visual
hull algorithm to create imagery in... / activity monitoring and covert security and access control can all br and covert security and access control can all benefit from
Energy-Aware Routing in Cluster-Based Sensor Networks - Younis, Youssef, Arisha (2002)(Correct)
Recently there has been a growing interest in the applications of sensor networks. Since sensors are generally constrained in on-board energy supply, efficient management of the network is crucial in ... / such as combat field surveillance security and disaster management. These br time-based approach for media access control that enables the maintenance
Towards Practical Automated Trust Negotiation - Winsborough, Li (2002)(Correct)
Exchange of attribute credentials is a means to establish
mutual trust between strangers that wish to share resources
or conduct business transactions. Automated Trust Negotiation
(ATN) is an approach... / them belong to different security domains controlled by different br sensitive credentials by using access control policies. Existing ATN work
UMLsec: Extending UML for Secure Systems Development - Jürjens (2002)(Correct)
Developing secure-critical systems is difficult and there are many well-known examples of security weaknesses exploited in practice. Thus a sound methodology... unknown UMLsec: Extending UML
for Secu... / are many well-known examples of security weaknesses exploited in practice. br FH de nes role-based access control rights from object-oriented
PAMINA: A Certificate Based Privilege Management System - Nochta, Ebinger, Abeck (2002)(Correct)
In this paper we present PAMINA (Privilege Administration
and Management INfrAstructure), a privilege
management system using authorization certificates. Our
system supports distributed environments w... / the development of different security systems and services which are br need not to be involved in the access control decision process. PAMINA
Security Architectures Revisited - Härtig (2002)(Correct)
The knowledge in technologies needed to build secure
platforms, or Security Architectures, has significantly matured
over the recent years. These include small interface
technologies, access-control c... /
A Protocol to Improve the State Scalability of Source Specific.. - Cui, Maggiorini, Kim, Boussetta.. (2002)(Correct)
Source Specific Multicast (SSM) is a viable solution for current
multicast applications, since the driving applications to date are one to
many, including Internet TV, distance learning, file distribu... / billing address allocation and security. However SSM still confronts the br gives a better solution to the access control problem. When a receiver
Specifying and Analysing Trust for Internet Applications - Grandison, Sloman (2002)(Correct)
Key words:
The Internet is now being used for commercial, social and educational
interactions, which previously relied on direct face-to-face contact in order to
establish trust relationships. Thus, ... / of supporting different types of security policy Applications will br are aimed at authentication or access control whereas we are aiming at a
Unknown - Infrastructure For Service (2002)(Correct)
Security is paramount to the success of pervasive computing environments. The system presented in this paper provides a communications
and security infrastructure that goes far in advancing the goal o... /
From Protocol Stack to Protocol Heap - Role-Based Architecture - Braden, Faber, Handley (2002)(Correct)
Questioning whether layering is still an adequate foundation for networking architectures, this paper investigates non-layered approaches to the design and implementation of network protocols. The goa... / layer . and Transport-Layer Security at layer . For br them unnecessary and suitable access controls over metadata can make them
Compressed Accessibility Map: Efficient Access Control for XML - Yu, Srivastava, Lakshmanan (2002)(Correct)
XML is widely regm'ded as a promising memm for
data representation integq'ation, md exchmge. As
compmfies trmmact business over the Internet, the
sensitive nature of the information mmdates that
a... / it raises the question of security. Given the sensitive nature of br Accessibility Map Efficient Access Control for XML Ting Yu
A Survey of Policy Specification Approaches - Damianou, Bandara, Sloman, Lupu (2002)(Correct)
Policies are rules governing the choices in behaviour of a system. They are often used as a means of
implementing flexible and adaptive systems for management of internet services, distributed systems... / distributed systems and security systems. There is also a need for br systems where access control is implemented in a variety of
The HP Time Vault Service: Innovating the Way Confidential.. - Mont, Harrison, Sadler (2002)(Correct)
This paper focuses on the problem of protecting confidential information from unauthorized disclosures, subject to time-based criteria: it is a common issue in the industry, government and day-to-day ... / has strong implication in term of security and privacy. In involves the br conditions and constraints access control the satisfaction of trading
Offering a Multicast Delivery Service in a Programmable Secure IP VPN .. - Alchaal, Roca, Habert (2002)(Correct)
The programmable network approach is one possible solution to quickly adapt existing infrastructures to new requirements. This paper shows how programmable networking can be exploited within a VPN env... / How The Ip Vpn Approach O oads Security Management And Administration br only include authentication and access control but also the cryptographic
Lightweight Flexible Isolation for Language-based Extensible Systems - Daynès, Czajkowski (2002)(Correct)
Safe programming languages encourage the
development of dynamically extensible systems,
such as extensible Web servers and mobile agent
platforms. Although protection is of utmost
importance in th... / includes programmable built-in security mechanisms that programmers can br invocation and by introducing access control on the latter BR RSC
A Framework for Smart Proxies and Interceptors in RMI - Santos, Marques, Silva (2002)(Correct)
The Java Remote Method Invocation (RMI) API shields the developer from the details of distributed programming, allowing him to concentrate on application specific code. But to perform some operations ... / QoS fault tolerance and security sometimes it is necessary to br authentication and fine-grained access control in RMI. Keywords Java
Fast Inter-Ap Handoff Using Predictive Authentication Scheme in a.. - Pack, Choi (2002)(Correct)
this paper, we
proposed a fast Inter-AP handoff scheme based on a predictive authentication method. In our
scheme, a mobile host entering the area covered by an AP, performs authentication
procedur... / mechanism. In terms of security it is suggested that the br areas requires a system of access control for unauthorized users. In
Fine-Grain Authorization for Resource Management in The Grid.. - Keahey, Welch (2002)(Correct)
In this document we describe our work-in-progress for
enabling fine-grain authorization of resource
management. In particular we address the needs of Virtual
Organizations O/Os) to enforce their ow... / using GRAM and the Grid Security Infrastructure mechanisms. br user's grid credential and an access control list contained in a
Authenticity by Typing for Security Protocols - Gordon, Jeffrey (2001)(Correct)
We propose a new method to check authenticity properties of cryptographic protocols. First, code up the protocol in the spi-calculus of Abadi and Gordon. Second, specify authenticity properties by ann... / Authenticity by Typing for Security Protocols Andrew D. Gordon br Nec GS for checking access control HR SS and most
Principles of Policy in Secure Groups - Harney, Colgrove, McDaniel (2001)(Correct)
Security policy is increasingly being used as a vehicle for
specifying complex entity relationships. When used to define
group security, policy must be extended to state the entirety
of the security c... / Abstract Security policy is increasingly being used br the group audit group monitor access control messages or membership
MSR, Access Control, and the Most Powerful Attacker - Cervesato (2001)(Correct)
Most systems designed for the verification of security protocols operated under the unproved assumption that an attack can only result from the combination of a fixed number of message transformations... / designed for the verification of security protocols operated under the br MSR Access Control and the Most Powerful
The Active Process Interaction with its Environment - Kornblum, Raz, Shavitt (2001)(Correct)
Adding programmability to the interior of the network provides
an infrastructure for distributed applications. Speci cally, network
management and control applications require access to and contro... / and application exibility vs. security. We demonstrate the advantages br have complete monitoring and control access over all active sessions to
Decentralized Jini Security - Eronen, Nikander (2001)(Correct)
Among the different approaches to distributed computing,
the Jini technology provides a number of very promising
methods for attacking the fundamental problems involved.
Programs built according to th... / Decentralized Jini Security Pasi Eronen and Pekka Nikander
Generating Wrappers for Command Line Programs: The Cal-Aggie.. - Wohlstadter, Jackson, Devanbu (2001)(Correct)
Software developers writing new software have strong incentives to make their products compliant to standards such as corba, com, and JavaBeans. Standards-compliance facilitates inter-operability, com... / mediated by corba- compliant security services. While CAWOM has some br implement far more intricate access control policies. Our research goal
Typed MSR: Syntax and Examples - Cervesato (2001)(Correct)
Many design flaws and incorrect analyses of cryptographic protocols can be traced to inadequate specification languages
for message components, environment assumptions, and goals. In this paper, we pr... / typed specification language for security protocols which is intended br that include type-checking and access control validation. It uses multiset
A Specification Language for Crypto-Protocols based on Multiset.. - Cervesato (2001)(Correct)
MSR is an unambiguous, flexible, powerful and relatively
Submitted to the Seventeenth Conference on the Mathematical Foundations of Programming Semantics --- MFPS-XVII, Aarhus, Denmark, 24--27 May 200... / known as the Dolev-Yao model of security the cryptography is br that include type-checking and access control. In this paper we give a
Limiting the Disclosure of Access Control Policies during Automated.. - Seamons, Winslett, Yu (2001)(Correct)
Automated trust negotiation is a new approach to
establishing trust between strangers through the exchange
of property-based digital credentials, and the use of
mobile access control policies that spe... / than is possible with traditional security approaches that are based on br Limiting the Disclosure of Access Control Policies during Automated
The Ponder Policy Specification Language - Damianou, Dulay, Lupu, al. (2001)(Correct)
The Ponder language provides a common means of specifying
security policies that map onto various access control implementation
mechanisms for firewalls, operating systems, databases and Java. It ... / a common means of specifying security policies that map onto various br policies that map onto various access control implementation mechanisms for
Secure Information Flow and CPS - Zdancewic, Myers (2001)(Correct)
Security-typed languages enforce secrecy or integrity policies
by type-checking. This paper investigates continuation-passing style as
a means of proving that such languages enforce non-interference... / Abstract. Security-typed languages enforce secrecy br because unlike ordinary access control static information flow can
The Anatomy of the Grid - Enabling Scalable Virtual Organizations - Foster, Kesselman, Tuecke (2001)(Correct)
Grid" computing has emerged as an important new field, distinguished from conventional
distributed computing by its focus on large-scale resource sharing, innovative applications, and,
in some cases, ... / VOs. These technologies include security solutions that support management br and multi-stakeholder access control delegation and application
Systematic Construction of Security Types - Pottier, Skalka, Smith (2001)(Correct)
The Java JDK 1.2 Security Architecture includes a dynamic
mechanism for enforcing access control checks, so-called stack inspection.
This paper studies type systems which can statically guarantee ... / Systematic Construction of Security Types Franois Pottier br mechanism for enforcing access control checks so-called stack
An Access Control Architecture for Programmable Routers - Jun Gao Peter (2001)(Correct)
Programmable networks allow the router's
functionality to be extended dynamically through the use of
active extensions. This flexible architecture facilitates the
deployment of new network protocols a... / also raises serious safety and security concerns. These concerns must be br An Access Control Architecture for Programmable
Grid Information Services for Distributed Resource Sharing - Czajkowski, Fitzgerald, Foster.. (2001)(Correct)
Grid technologies enable large-scale sharing of resources
within formal or informal consortia of individuals
and/or institutions: what are sometimes called virtual
organizations. In these settings, th... / that addresses performance security scalability and robustness br for authentication and access control to information. Our
Micro-Mobility within Wireless Ad Hoc Networks: Towards Hybrid.. - Typpö (2001)(Correct)
This work studies two different approaches for mobile networking and
examines the integration of them. Protocol proposals for micro-mobility
management within wireless access networks on the edge of t... / Source Routing ESP Encrypted Security Payload FA Foreign Agent FORP br Care-of-Address MAC Medium Access Control MACA Multiple Access with
Java bytecode verification: an overview - Leroy (2001)(Correct)
Bytecode verification is a crucial security component for Java applets, on the Web and on embedded devices such as smart cards. This paper describes the main bytecode verification algorithms and surve... / Bytecode veri cation is a crucial security component for Java applets on br and implementing a suitable access control policy The
Applying decentralized trust management to DNS dynamic updates - Eronen, Sars (2001)(Correct)
DNS dynamic updates can be used to modify the data of a
DNS zone. This can be used to update DNS records of hosts
with dynamic IP addresses, for example. DNS dynamic updates
can be authenticated using... / been a good example of the lack of security in the basic Internet br restrictions than the use of access control lists. Introduction DNS
The Price of Safety in an Active Network - Alexander, Menage, Keromytis.. (2001)(Correct)
Security is a major challenge for "Active Networking", as accessible programmability creates numerous opportunities for mischief. The point at which programmability is exposed, e.g., through the loadi... / and Jonathan M. Smith Abstract Security is a major challenge for Active br and integrity resource and access control and name-space protection.
A Proposal for A Scalable Internet Multicast Architecture - Shi (2001)(Correct)
We propose a new network and system architecture for multicast in the Internet. Our main objectives are to find a cost-effective way to scale to a large number of multicast groups whose members are ge... / of the IP multicast model raises security concerns since it magni es the br of IP multicast lacks adequate access control and authentication mechanisms
Secure Information Flow via Linear Continuations - Zdancewic, Myers (2001)(Correct)
Security-typed languages enforce secrecy or integrity policies by type-checking.
This paper investigates continuation-passing style (CPS) as a means of proving
that such languages enforce noninterfere... / Cornell University Abstract. Security-typed languages enforce secrecy
MetaKlaim: Meta-Programming for Global Computing - Ferrari, Moggi, Pugliese (2001)(Correct)
Most foundational models for global computing have focused on the spatial dimension, however global computing requires also new ways of thinking about the temporal dimension. In particular, with no ce... / and linking of code fragments security checks like type-checking at br e.g. authentication and access control increase the exibility of
Framework for Authentication and Access Control of Client-Server.. - Amir, Nita-Rotaru, Stanton (2001)(Correct)
Researchers have made much progress in designing secure
and scalable protocols to provide speci c security services, such as data
secrecy, data integrity, entity authentication and access control,... / protocols to provide speci c security services such as data secrecy br for Authentication and Access Control of Client-Server Group
Attacks and benchmarking - Voloshynovskiy, Pereira, Pun.. (2001)(Correct)
Watermarking is a potential method for protection of ownership rights on digital audio, image and video data. Benchmarks are used to evaluate the performance of different watermarking algorithms. For ... / data without cracking the security of the watermarking algorithm br authentication and conditional-access control. Thus the information b
SPKI/SDSI HTTP Server / Certificate Chain Discovery in SPKI/SDSI - Clarke (2001)(Correct)
The issue of trust is of growing importance as our communities become increasingly
interconnected. When resources are shared over an untrusted network, how are decisions
on which principals are author... / actions determined SPKI SDSI a security infrastructure based on br It provides finegrained access control using a local name space
An Identity Escrow Scheme with Appointed Verifiers - Camenisch, Lysyanskaya (2001)(Correct)
An identity escrow scheme allows a member of a group to prove membership in this group without revealing any extra information. At the same time, in case of abuse, his identity can still be discovered... / We provide a formal de nition of security against such attacks. For the br Such a scheme allows anonymous access control. In this paper we put
On Regions and Linear Types (Extended Abstract) - Walker, Watkins (2001)(Correct)
We explore how two different mechanisms for reasoning about state, linear typing and the type, region and effect discipline, complement one another in the design of a strongly typed functional program... / Logics for Reasoning about Network Security.The views and conclusions br on linear type systems to help control access to and deallocation of
Higher-Order Types and Meta-Programming for Global Computing - Ferrari (2001)(Correct)
MetaKlaim is a case study in modeling the spatial, temporal and security aspects
necessary for global computing. MetaKlaim integrates MetaML (an extension
of SML for multi-stage programming) and Klaim... / modeling the spatial temporal and security aspects necessary for global br checks e.g. authentication and access control increase the exibility of
Instantaneous Offloading of Transient Web Server Load - Panteleenko, Freeh (2001)(Correct)
A modern web-hosting site is designed to handle load that is sometimes an order of magnitude
greater than the average load. Such a site can be expensive and is underutilized most of the time. We
des... / reside on dedicated servers for security or other reasons. This paper br through a combination of access control and read-only sharing.
Dynamic Homogenous AOP with PROSE - Popovici, Gross, Alonso (2001)(Correct)
Aspect Oriented Programming (AOP) is an important technique
to express modular and orthogonal adaptations of
existing software components. Woven into a program, an
aspect may change several units of f... / such concerns are transactions security distribution or logging. As a br contains the aspect code for access control and the code for accounting
On-card Bytecode Verification for Java Card - Leroy (2001)(Correct)
This paper presents a novel approach to the problem of bytecode verification for Java Card applets. Owing to its low memory requirements, our verification algorithm is the first that can be embedded o... / thus increasing tremendously the security of post-issuance downloading of br and implementing a suitable access control policy The security of
Intercepting Mobile Communications: The Insecurity of 802.11 - Borisov, Goldberg, Wagner (2001)(Correct)
The 802.11 standard for wireless networks includes a Wired Equivalent
Privacy (WEP) protocol, used to protect link-layer communications
from eavesdropping and other attacks. We have discovered
several... / have discovered several serious security flaws in the protocol stemming br casual eavesdropping. Access control A second goal of the
Why Autonomy Makes the Agent - Joseph, Kawamura (2001)(Correct)
This paper works on the premise that the position stated by Jennings et al.
[17] is correct. Specifically that, amongst other things, the agent metaphor is
a useful extension of the object-oriented me... /
Robust Declassification - Zdancewic, Myers (2001)(Correct)
Security properties based on information flow, such as
noninterference, provide strong guarantees that confidentiality
is maintained. However, programs often need to leak
some amount of confidential i... / Abstract Security properties based on information br have the advantage over access control policies in that they can
Building a Web-Based Federated Simulation System with Jini and XML - Huang, Miller (2001)(Correct)
In a Web-Based federated simulation system, a group of simulation models residing on different
machines attached to the Internet, called federates, collaborate with each other to accomplish a
common t... / distributed object invocation security load balancing and connection br a service is ensured through an access control list. A lease-based service
Astrolabe: A Robust and Scalable Technology For Distributed System.. - van Renesse, Birman (2001)(Correct)
this paper, we describe a new information management
service called Astrolabe. Astrolabe monitors the
dynamically changing state of a collection of distributed
resources, reporting summaries of this i... / D. . Operating Systems Security and Protection - br with integrity and write access control not confidentiality
Analysis of Source Code: A Case Study - Hartley, Krishnan (2001)(Correct)
This paper summarises our experience in using model checking technology to understand
concurrent programs. We use Verisoft to understand various aspects of a firewall tool kit.
The main conclusion i... / reliability especially related to security issues owing to the internet and br of programs including access control netacl authentication
Best Practices for Secure Development - Peteanu (2001)(Correct)
this document:
http://members.rogers.com/razvan.peteanu
-2-
Revision History
Version Release Date Notes
4.03 October 12, 2001 fixed a few other typos
4.02 October 11, 2001 added a missing reference ... /
Mobile Code Security by Java Bytecode Instrumentation - Chander, Mitchell (2001)(Correct)
Mobile code provides significant opportunities and risks.
Java bytecode is used to provide executable content to web
pages and is the basis for dynamic service configuration
in the Jini framework. Whi... / Mobile Code Security by Java Bytecode Instrumentation br conditions and basic resource access control. For example these tests
The Marvel Programming Model: a higher-order distributed process.. - Schmitt, Stefani (2001)(Correct)
Contents
1 Introduction 2
1.1 Requirements for a distributed programming model . . . . . . . . . . . . . . . . . . . . . 3
1.2 Introducing the M-calculus . . . . . . . . . . . . . . . . . . . . . . .... / quality of service security fault management etc. The br both process mobility and access control. In our view these calculi
Multilevel Security and Information Flow in Petri Net Workflows - Knorr (2001)(Correct)
In information systems --- especially with the growing importance of electronic
commerce --- the modeling and analysis of business processes has raised
interest over the last years. If combined with... / Multilevel Security and Information Flow in Petri br information flow mandatory access control multilevel security Petri
Certificate Chain Discovery in SPKI/SDSI - Clarke, Elien, Ellison, Fredette.. (2001)(Correct)
SPKI/SDSI is a novel public-key infrastructure emphasizing naming, groups, ease-of-use, and flexible authorization. To access a protected resource, a client must present to the server a proof that the... / here is a fundamental one. Any security mechanism should be able to br or G That is the access-control list ACL for the protected
A Policy Deployment Model for the Ponder Language - Dulay, Lupu, Sloman, Damianou (2001)(Correct)
Policies are rules that govern the choices in behaviour of a system. Security policies define what actions are
permitted or not permitted, for what or for whom, and under what conditions. Management p... / choices in behaviour of a system. Security policies define what actions are br policies with role-based access control as well as general-purpose
A Java Commodity Grid Kit - von Laszewski, Foster, Gawor, Lane (2001)(Correct)
In this paper we report on the features of the Java Commodity Grid Kit. The Java CoG Kit provides middleware for accessing Grid functionality from the Java framework. Java CoG Kit middleware is genera... / The community is also addressing security solutions that support br ranging from fine-grained access control to delegation single user to
Security Attributes in CORBA - Lang, al. (2001)(Correct)
This paper discusses the difficulties of describing an appropriate notion of the
security attributes caller and target in object-oriented middleware systems such as
CORBA. Our analysis points out that... / to IEEE Symposium on Security and Privacy Security Attributes
Understanding Trust Management Systems - Weeks (2001)(Correct)
This paper presents a mathematical framework for expressing
trust management systems. The framework makes
it easier to understand existing systems and to compare
them to one another, as well as to des... / the domain of interest is often security related. Finally because there br share resources often use an access control mechanism. The problem of
Communication-Efficient Group Key Agreement - Kim, Perrig, Tsudik (2001)(Correct)
Traditionally, research in secure group key agreement focuses on minimizing the computational overhead for cryptographic operations, and minimizing the communication overhead and the number of protoco... / the need for group-oriented security mechanisms in addition to the br integrity authentication and access control. These are achieved through
Beyond Address Spaces - Flexibility, Performance, Protection, and.. - Golm, Kleinöder, Bellosa (2001)(Correct)
Early type-safe operating systems were hampered by poor performance. Contrary to these experiences we show that an operating system that is founded on an object-oriented, type-safe intermediate code c... / -they are no longer done for security reasons but for robustness br it appropriate abstractions for access control page tags are not
ALMI: An Application Level Multicast Infrastructure - Pendarakis, Shi, Verma, Waldvogel (2001)(Correct)
The IP multicast model allows scalable and efficient multi-party communication, particularly for groups of large size. However, deployment of IP multicast requires substantial infrastructure modificat... / flow and congestion control security and access control. Motivated by br control security and access control. Motivated by these problems
Fine Grained Access Control for SOAP E-Services - Damiani, De Capitani (2001)(Correct)
Lightweight protocols for remote service invocation via
HTTP and XML, suchasSOAP, are rapidly gaining acceptance
among developers of Internet-based e-services, especially
because of their rewall-trav... / technique for access control security is currently de ned for either br Fine Grained Access Control for SOAP E-Services Ernesto
Formally Testing Fail-Safety of Electronic Purse Protocols - Jürjens, Wimmel (2001)(Correct)
Designing and implementing security-critical systems correctly is very difficult. In practice, most vulnerabilities arise from bugs in implementations. We present work towards systematic specification... / Designing and implementing security-critical systems correctly is br consideration. When considering access control for example fail-safety
M-Calculus: A Higher-Order Distributed Process Calculus - Schmitt, Stefani (2001)(Correct)
this paper a new process calculus, called the M-calculus, which represents an attempt at
defining a formal distributed programming model. Key insights for the calculus are similar to those laid out
in... / quality of service security fault management etc. The br both process mobility and access control. In our view these calculi
HOUSe-KEEPER, a vendor-independent architecture for easy management.. - Seigneur (2001)(Correct)
Home-networking is gaining momentum. In a couple of months, Windows XP will be
launched with the connected home experience as one of its core areas of interest. In the
medium term at least, there will... / The answer to the multi-user security requirement br as well as to easily grant access control and add some context
Stack Inspection: Theory and Variants - Fournet, Gordon (2001)(Correct)
Stack inspection is a security mechanism implemented in runtimes
such as the JVM and the CLR to accommodate components with
diverse levels of trust. Although stack inspection enables the finegrained
e... / Abstract Stack inspection is a security mechanism implemented in runtimes br the finegrained expression of access control policies it has rather a
A Framework for Distributed Trust Management - Kagal, Cost, Finin, Peng (2001)(Correct)
This paper discusses our infrastructure for handling distributed security and trust. It outlines a method for access control
across domains that handles complex inter domain trust relationships. We ha... / for handling distributed security and trust. It outlines a method br trust. It outlines a method for access control across domains that handles
Access Control Mechanisms for Inter-organizational Workflow - Kang, Park, Froscher (2001)(Correct)
As more businesses engage in globalization, inter-organizational
collaborative computing grows in importance. Since we cannot
expect homogeneous computing environments in participating
organization... / the scalability of existing security solutions the separation of br Access Control Mechanisms for
Why Information Security is Hard - An Economic Perspective - Anderson (2001)(Correct)
Introduction In a 1993 survey of fraud against automatic teller machines (ATMs) [2], it was found that patterns of fraud depended on who was liable for them. In the USA, if a customer disputed an ATM ... / Why Information Security is Hard An Economic br measures. Given better access control policy models formal proofs
Internet Access to a Home Area Network - Saif, Gordon, Greaves (2001)(Correct)
This article describes one such access unknown Umar Saif, Daniel Gordon,
and David J. Greaves
University of Cambridge,
Computer Laboratory
Internet Access to a
Home Area Network
The AutoHan proj... / cannot watch the closed-circuit security camera you installed so that br a security model based on an access control list. Why XML Entities
SIMS: A Secure Information Management System for Large-Scale Dynamic.. - Jiang, Dasgupta (2001)(Correct)
When two (or more) entities (or members) enter into
a coalition, they agree to share information, resources
and other assets according to some set of negotiated
rules. This paper addresses the issue o... / the same id and password is a security risk This is impractical. . br the authentication and the access control at these service points. The
An Integrated IPSEC and Mobile-IP for FreeBSD - Binkley (2001)(Correct)
Recently the Layer 2 802.11 link-layer security mechanism called
WEP has been shown to be flawed. In this paper we present a combined
layer 3 Mobile-IP and IPSEC routing architecture that is superio... / the Layer . link-layer security mechanism called WEP has been br is based on a more traditional access control list association between the
Interoperable Strategies in Automated Trust Negotiation - Yu, Winslett, Seamons (2001)(Correct)
Automated trust negotiation is an approach to establishing trust between strangers through
the exchange of digital credentials and the use of access control policies that specify what
combinations o... / and may not share a common security domain. In order for strangers br credentials and the use of access control policies that specify what
Distributed Credential Chain Discovery in Trust Management - Li, Winsborough, Mitchell (2001)(Correct)
We give goal-oriented algorithms for discovering credential chains in RT 0 , a role-based trust
management language introduced in this paper. The algorithms search credential graphs, a
representatio... / on Computer and Communication Security CCS' November - br The process of making access control decisions involves finding a
Dimensioning Server Access Bandwidth and Multicast Routing in Overlay .. - Shi, Turner, Waldvogel (2001)(Correct)
Application-level multicast is a new mechanism for enabling multicast in the Internet. Driven by the fast growth of network audio/video streams, application-level multicast has become increasingly imp... / reliable transport and multicast security have been hot research topics br and the lack of support in access control and transport services.
Herald: Achieving a Global Event Notification Service - Cabrera, Jones, Theimer (2001)(Correct)
This paper presents the design philosophy and initial
design decisions of Herald: a highly scalable global event
notification system that is being designed and built at
Microsoft Research. Herald is a... / upon reconnection. Security It should be possible to br of each Herald operation via access control to authenticated authorized
A Model of OASIS Role-Based Access Control and its Support for Active .. - Yao, Moody (2001)(Correct)
OASIS is a role-based access control architecture for achieving
secure interoperation of services in an open, distributed
environment. Services de ne roles and implement formally
speci ed policy for r... / and its Support for Active Security Walt Yao University of br A Model of OASIS Role-Based Access Control and its Support for Active
Don't Trust Your File Server - Mazieres, Shasha (2001)(Correct)
All too often, decisions about whom to trust in computer
systems are driven by the needs of system management
rather than data security. In particular, data storage
is often entrusted to people who ha... / management rather than data security. In particular data storage is br cryptography to enforce access control. Clients encrypted files
Some aspects of Unix file-system security - Wenzel (2001)(Correct)
Unix is a simple but powerful system where everything is either a
process or a file. Access to system resources works mainly via the filesystem,
including special files and devices. Most Unix security... / Some aspects of Unix file-system security Markus Wenzel TU Munchen br This includes any kind of access control such as read write access to