also. ARIES/NT is an extension of the ARIES recovery and concurrency control method developed recently for the single-level transaction model by Mohan. et. al. in the IBM Research Report RJ6649.

We propose a new mode of multiple encryption, namely "Triple DES cipher block chaining with output feedback masking." The aim is to provide strong protection against certain attacks ("dictionary attacks" and "matching ciphertext attacks") which exploit the DES blocksize of 64 bits. The new mode obtains this protection through the introduction of secret masking values that are Exclusive-ORed with the intermediate outputs of each triple-DES encryption operation. The secret mask value is derived from a fourth encryption operation per message block, in addition to the three used in previous modes. The new mode is part of a suite of encryption modes proposed in the ANSI X9.F.1 Triple-DES draft standard (X9.52). 1 1 Introduction Much effort has gone into attempted cryptanalysis of multiple DES [2, 3, 4, 6, 8, 10, 11, 14, 17, 18, 21]. Because the DES is still a fundamentally sound base to build on, the American National Standards Institute (ANSI) committee X9.F.1 is working to sta...

Application layer proxies already play an important role in today's networks, serving as firewalls and HTTP caches --- and their role is being expanded to include encryption, compression, and mobility support services. Current application layer proxies suffer major performance penalties as they spend most of their time moving data back and forth between connections; context switching and crossing protection boundaries for each chunk of data they handle. We present a technique called TCP Splice that provides kernel support for data relaying operations which runs at near router speeds. In our lab testing, we find SOCKS firewalls using TCP Splice can sustain a data throughput twice that of normal firewalls, with an average packet forwarding latency 30 times less. KEYWORDS: TCP, Firewalls, SOCKS, Application Layer Proxies, Performance 1. INTRODUCTION Many designs for internet services use split-connection proxies, in which proxy machine is interposed between the server and the client m...

This report has been submitted for publication outside of IBM and will probably be copyrighted if accepted for publication. It has been issued as a Research Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher, its distribution outside of IBM

been issued as a Research Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher, its distribution outside of IBM prior to publication should be limited to peer communications and specific requests. After outside publication, requests should

Abstract — Corporate decision makers have normally been disconnected from the details of the security management infrastructures of their organizations. The management of security resources has traditionally been the domain of a small group of skilled and technically savvy professionals, who report

fact-based strategic insights for senior executives around critical public and private sector issues. This executive brief is based on an in-depth study by the Institute’s research team. It is part of an ongoing commitment by IBM Global Business Services to provide analysis and viewpoints that help

Software engineering research has focused mainly on software construction and has neglected software maintenance and evolution. Proposed is a shift in research from synthesis to analysis. Reverse engineering is introduced as a possible solution to program understanding and software analysis

LIMITED DISTRIBUTION NOTICE: This report has been submitted for publication outside of IBM and will probably be copyrighted if accepted for publication. Ithas been issued as a Research

LIMITED DISTRIBUTION NOTICE: This report has been submitted for publication outside of IBM and will probably be copyrighted if accepted for publication. It has been issued as a Research Report