and subsequently whmh data sets an active user may read or wrote. Flow controls regulate the dissemination of values among the data sets accessible to a user. Inference controls protect statistical databases by preventing questioners from deducing confidential information by posing carefully designed sequences

Abstruct- A method for rapid visual recognition of personal identity is described, based on the failure of a statistical test of independence. The most unique phenotypic feature visible in a person’s face is the detailed texture of each eye’s iris: An estimate of its statistical complexity in a sample of the human population reveals variation corresponding to several hundred independent degrees-of-freedom. Morphogenetic randomness in the texture expressed phenotypically in the iris trabecular meshwork ensures that a test of statistical independence on two coded patterns originating from different eyes is passed almost certainly, whereas the same test is failed almost certainly when the compared codes originate from the same eye. The visible texture of a person’s iris in a real-time video image is encoded into a compact sequence of multi-scale quadrature 2-D Gabor wavelet coefficients, whose most-significant bits comprise a 256-byte “iris code. ” Statistical decision theory generates identification decisions from Exclusive-OR comparisons of complete iris codes at the rate of 4000 per second, including calculation of decision confidence levels. The distributions observed empirically in such comparisons imply a theoretical “cross-over ” error rate of one in 131000 when a decision criterion is adopted that would equalize the false accept and false reject error rates. In the typical recognition case, given the mean observed degree of iris code agreement, the decision confidence levels correspond formally to a conditional false accept probability of one in about lo”’. Index Terms- Image analysis, statistical pattern recognition, biometric identification, statistical decision theory, 2-D Gabor filters, wavelets, texture analysis, morphogenesis. I.

The objective of this article is to give a tutorial on lattice-based access control models for computer security. The paper begins with a review of Denning's axioms for information flow policies, which provide a theoretical foundation for these models. The structure of security labels in the military and government sectors, and the resulting lattice is discussed. This is followed by a review of the Bell-LaPadula model, which enforces information flow policies by means of its simple-security and *-properties. It is noted that information flow through covert channels is beyond the scope of such access controls. Variations of the Bell-LaPadula model are considered. The paper next discusses the Biba integrity model, examining its relationship to the Bell-LaPadula model. The paper then reviews the Chinese Wall policy, which arises in a segment of the commercial sector. It is shown how this policy can be enforced in a lattice framework.

Scientists need new tools to explore and browse large collections of scholarly literature. Thanks to organizations such as JSTOR, which scan and index the original bound archives of many journals, modern scientists can search digital libraries spanning hundreds of years. A scientist, suddenly

This report describes release 2.0 of the SimpleScalar tool set, a suite of free, publicly available simulation tools that offer both detailed and high-performance simulation of modern microprocessors. The new release offers more tools and capabilities, precompiled binaries, cleaner interfaces, better documentation, easier installation, improved portability, and higher performance. This report contains a complete description of the tool set, including retrieval and installation instructions, a description of how to use the tools, a description of the target SimpleScalar architecture, and many details about the internals of the tools and how to customize them. With this guide, the tool set can be brought up and generating results in under an hour (on supported platforms). 1

In this paper we analyse the well known Needham-Schroeder Public-Key Protocol using FDR, a refinement checker for CSP. We use FDR to discover an attack upon the protocol, which allows an intruder to impersonate another agent. We adapt the protocol, and then use FDR to show that the new protocol is secure, at least for a small system. Finally we prove a result which tells us that if this small system is secure, then so is a system of arbitrary size. 1 Introduction In a distributed computer system, it is necessary to have some mechanism whereby a pair of agents can be assured of each other's identity---they should become sure that they really are talking to each other, rather than to an intruder impersonating the other agent. This is the role of an authentication protocol. In this paper we use the Failures Divergences Refinement Checker (FDR) [11, 5], a model checker for CSP, to analyse the Needham-Schroeder PublicKey Authentication Protocol [8]. FDR takes as input two CSP processes, ...

State-of-the-art and emerging scientific applications require fast access to large quantities of data and commensurately fast computational resources. Both resources and data are often distributed in a wide-area network with components administered locally and independently. Computations may involve hundreds of processes that must be able to acquire resources dynamically and communicate e#ciently. This paper analyzes the unique security requirements of large-scale distributed (grid) computing and develops a security policy and a corresponding security architecture. An implementation of the architecture within the Globus metacomputing toolkit is discussed.

Since 1973 technological, political, regulatory, and economic forces have been changing the worldwide economy in a fashion comparable to the changes experienced during the nineteenth century Industrial Revolution. As in the nineteenth century, we are experiencing declining costs, increaing average (but decreasing marginal) productivity of labor, reduced growth rates of labor income, excess capacity, and the requirement for downsizing and exit. The last two decades indicate corporate internal control systems have failed to deal effectively with these changes, especially slow growth and the requirement for exit. The next several decades pose a major challenge for Western firms and political systems as these forces continue to work their way through the worldwide economy.

Click is a new software architecture for building flexible and configurable routers. A Click router is assembled from packet processing modules called elements. Individual elements implement simple router functions like packet classification, queueing, scheduling, and interfacing with network devices. A router configuration is a directed graph with elements at the vertices; packets flow along the edges of the graph. Configurations are written in a declarative language that supports user-defined abstractions. This language is both readable by humans and easily manipulated by tools. We present language tools that optimize router configurations and ensure they satisfy simple invariants. Due to Click’s architecture and language, Click router configurations are modular and easy to extend. A standards-compliant Click IP router has sixteen elements on its forwarding path. We present extensions to this router that support dropping policies, fairness among flows, quality-of-service, and

Trust is a judgement of unquestionable utility — as humans we use it every day of our lives. However, trust has suffered from an imperfect understanding, a plethora of definitions, and informal use in the literature and in everyday life. It is common to say “I trust you, ” but what does that mean? This thesis provides a clarification of trust. We present a formalism for trust which provides us with a tool for precise discussion. The formalism is implementable: it can be embedded in an artificial agent, enabling the agent to make trust-based decisions. Its applicability in the domain of Distributed Artificial Intelligence (DAI) is raised. The thesis presents a testbed populated by simple trusting agents which substantiates the utility of the formalism. The formalism provides a step in the direction of a proper understanding and definition of human trust. A contribution of the thesis is its detailed exploration of the possibilities of future work in the area. Summary 1. Overview This thesis presents an overview of trust as a social phenomenon and discusses it formally. It argues that trust is: • A means for understanding and adapting to the complexity of the environment. • A means of providing added robustness to independent agents. • A useful judgement in the light of experience of the behaviour of others. • Applicable to inanimate others. The thesis argues these points from the point of view of artificial agents. Trust in an artificial agent is a means of providing an additional tool for the consideration of other agents and the environment in which it exists. Moreover, a formalisation of trust enables the embedding of the concept into an artificial agent. This has been done, and is documented in the thesis. 2. Exposition There are places in the thesis where it is necessary to give a broad outline before going deeper. In consequence it may seem that the subject is not receiving a thorough treatment, or that too much is being discussed at one time! (This is particularly apparent in the first and second chapters.) To present a thorough understanding of trust, we have proceeded breadth first in the introductory chapters. Chapter 3 expands, depth first, presenting critical views of established researchers.