%0 Conference Proceedings %A Anderson, Ross J. %D 1994 %T Liability and Computer Security: Nine Principles %J Third European Symposium on Research in Computer Security (ESORICS 94) %E Gollman, Dieter %I Springer-Verlag %C Brighton, United Kingdom %6 1 %P 231-245 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Digital Payment %L Anderson94 %X The conventional wisdom is that security priorities should be set by risk analysis. However, reality is subtly different: many computer security systems are at least as much about shedding liability as about minimising risk. Banks use computer security mechanisms to transfer liability to their customers; companies use them to transfer liability to their insurers, or (via the public prosecutor) to the taxpayer; and they are also used to shift the blame to other departments ("we did everything that GCHQ/the internal auditors told us to"). We derive nine principles which might help designers avoid the most common pitfalls. %0 Conference Proceedings %A Banâtre, Jean-Pierre %A Bryce, Ciaran %A Le Métayer, Daniel %D 1994 %T Compile-time Detection of Information Flow in Sequential Programs %J Third European Symposium on Research in Computer Security (ESORICS 94) %E Gollman, Dieter %I Springer-Verlag %C Brighton, United Kingdom %6 1 %P 55-73 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F High Assurance Software %K formal verification, program analysis, verification tools, computer security, information flow %L BBM94 %X We give a formal definition of the notion of information flow for a simple guarded command language. We propose an axiomatisation of security properties based on this notion of information flow and we prove its soudness with respect to the operational semantics of the language. We the identify the sources of non determinism in proofs and we derive in successive steps an inference algorithm which is both sound and complete with respect to the inference system. %0 Conference Proceedings %A Beth, Thomas %A Borcherding, Malte %A Klein, Birgit %D 1994 %T Valuation of Trust in Open Networks %J Third European Symposium on Research in Computer Security (ESORICS 94) %E Gollman, Dieter %I Springer-Verlag %C Brighton, United Kingdom %6 1 %P 3-18 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Measures %K Trust values, Trust measures, Distributed systems, Security %L BBK94 %X Authentication in open networks usually requires participation of trusted entities. Many protocols allow trust to be obtained by recommendation of other entities whose recommendations are known to be reliable. To consider an entity as being trustworthy, especially if there have been several mediators or contradicting recommendations, it is necessary to have a means of estimating its trustworthiness. In this paper we present a method for the valuation of trustworthiness which can be used to accept or reject an entity as being suitable for sensitive tasks. It constitutes an extension of the work of Yahalom, Klein and Beth. %0 Conference Proceedings %A Boly, Jean-Paul %A Bosselaers, Antoon %A Cramer, Ronald %A Michelsen, Rolf %A Mjølsnes, Stig %A Muller, Frank %A Pedersen, Torben %A Pfitzmann, Birgit %A de Rooij, Peter %A Schoenmakers, Berry %A Schunter, Matthias %A Vallée, Luc %A Waidner, Michael %D 1994 %T The ESPRIT Project CAFE - High Security Digital Payment Systems - %J Third European Symposium on Research in Computer Security (ESORICS 94) %E Gollman, Dieter %I Springer-Verlag %C Brighton, United Kingdom %6 1 %P 217-230 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Digital Payment %K Security in Applications (Financial), Security versus other Requirements (Performance, Fault Tolerance) %L BBCMMMPPRSSVW94 %X CAFE ("Conditional Access for Europe") is an ongoing project in the European Community's ESPRIT program. The goal of CAFE is to develop innovative systems for conditional access, and in particular, digital payment systems. An important aspect of CAFE is high security of all parties concerned, with the least possible requirements that they are forced to trust other parties (so-called multi-party security). This should give legal certainty to everybody at all times. Moreover, both the electronic money issuer and the individual users are less dependent on the tamper-resistance of devices than in usual digital payment systems. Since CAFE aims at the market of small everyday payments that is currently dominated by cash, payments are offline, and privacy is an important issue. The basic devices used in CAFE are so-called electronic wallets, whose outlook is quite similar to pocket calculators or PDAs (Personal Digital Assistant). Particular advantages of the electronic wallets are that PINs can be entered directly, so that fake-terminal attacks are prevented. Other features are: - loss tolerance: If a user loses an electronic wallet, or the wallet breaks or is stolen, the user can be given the money back, although it is a prepaid payment system. - different currencies. - open architecture and system. The aim is to demonstrate a set of the systems developed in one or more field trials at the end of the project. Note that these will be real hardware systems, suitable for mass productions. This paper concentrates on the basic techniques used in the CAFE protocols. %0 Conference Proceedings %A Boulahia-Cuppens, N. %A Cuppens, F. %A Gabillon, A. %A Yazdanian, K. %D 1994 %T Decomposition of Multilevel Objects in an Object-Oriented Database %J Third European Symposium on Research in Computer Security (ESORICS 94) %E Gollman, Dieter %I Springer-Verlag %C Brighton, United Kingdom %6 1 %P 375-402 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Database I %L BCGY94 %X For many reasons, multilevel relations are decomposed. Several decomposition algorithms have been proposed but we show that many difficulties would appear when implementing them -especially performance loss and problems to propagate low classified updates to higher classified relation. In this paper, we propose a security model which provides means to protect all characteristics of an object including object existence, attribute tuple values and attribute set values and we show how to decompose a multilevel object oriented database which supports these complex multilevel objects into a collection of single level databases. This idea is similar to the idea already proposed for multilevel relational databases. However, our approach takes fully advantage of the object oriented model. Hence, we claim that the kernelized architecture we suggest for object oriented databases does not suffer from the drawbacks noticed for relational systems based on this architecture. In particular, it does not cause important performance losses and the semantics of update operations is straightforward in comparison with the one previously developed for multi-level relations. %0 Conference Proceedings %A Boyd, Colin %A Mao, Wenbo %D 1994 %T Designing Secure Key Exchange Protocols %J Third European Symposium on Research in Computer Security (ESORICS 94) %E Gollman, Dieter %I Springer-Verlag %C Brighton, United Kingdom %6 1 %P 93-105 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Key Management I %K Cryptographic protocols, key management, authentication %L BM94 %X Protocols for authentication and key exchange have proved difficult to develop correctly despite their apparent simplicity in terms of the length and number of messages involved. A number of formal techniques have been developed to help analyse such protocols and have been useful in detecting errors. Nevertheless it is still difficult to be certain that a particular protocol is correct. This paper explores a different approach; instead of analysing existing protocols the aim is to design protocols to be secure in the first place. A methodology is developed for designing key exchange protocols in a restricted way such that they must be correct according to a defined security criterion. The protocols are defined abstractly with the cryptographic operations specified only according to their basic functions. This allows the protocols to be made concrete in a variety of ways. A number of concrete protocols are presented, some of which appear novel and, at the same time, efficient in comparison with existing ones. %0 Conference Proceedings %A Calas, Christel %D 1994 %T Distributed File System over a Multilevel Secure Architecture Problems and Solutions %J Third European Symposium on Research in Computer Security (ESORICS 94) %E Gollman, Dieter %I Springer-Verlag %C Brighton, United Kingdom %6 1 %P 281-297 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Distributed Systems %K Security, Distributed file system, Multilevel security, M2S machine, secure LAN %L Calas94 %X This paper presents the principles of a distributed and secure file system. It relies on M2S machines and a secure network which control dependencies and avoid any storage and temporal covert channel. It describes how, from NFS (Network File System) principles, we adapt the organization and the structures to obtain practical services despite constraining controls performed by the hardware. Finally it proves that it is possible to obtain a practical distributed file system, with usable features without any compromise on security enforcement. %0 Conference Proceedings %A Camenisch, Jan L. %A Piveteau, Jean-Marc %A Stadler, Markus A. %D 1994 %T An Efficient Electronic Payment System Protecting Privacy %J Third European Symposium on Research in Computer Security (ESORICS 94) %E Gollman, Dieter %I Springer-Verlag %C Brighton, United Kingdom %6 1 %P 207-215 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Digital Payment %K electronic payment systems, privacy, cryptography %L CPS94 %X Previously proposed anonymous electronic payment systems have the drawback that the bank has to maintain large databases, which is a handicap for the realization of such systems. In this paper, we present a practical anonymous payment system that significantly reduces the size of such databases. It uses the concept of anonymous accounts and offers anonymity as an add-on feature to existing EFTPOS systems. %0 Conference Proceedings %A Chen, Lidong %D 1994 %T Oblivious Signatures %J Third European Symposium on Research in Computer Security (ESORICS 94) %E Gollman, Dieter %I Springer-Verlag %C Brighton, United Kingdom %6 1 %P 161-172 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Authentication %K oblivious signatures %L Chen94 %X Two special digital signatures schemes, oblivious signatures, are proposed. In the first, the recipient can choose one and only one of n keys to get a message signed without revealing to the signer with which key the message is signed. In the second, the recipient can choose one and only one of n messages to be signed without revealing to the signer on which message the signature is made. %0 Conference Proceedings %A Ciampichetti, Alessandro %A Bertino, Elisa %A Mancini, Luigi %D 1994 %T Mark-and-Sweep Garbage Collection in Multilevel Secure Object-Oriented Database Systems %J Third European Symposium on Research in Computer Security (ESORICS 94) %E Gollman, Dieter %I Springer-Verlag %C Brighton, United Kingdom %6 1 %P 359-373 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Database I %K object-oriented database systems, mandatory access control, garbage collection, object deletion, mark-and-sweep %L CBM94 %X In this paper, the introduction of garbage collection techniques in a multilevel secure object-oriented database system is discussed; in particular, the attention is focused on mark-and-sweep collectors. A secure garbage collection scheme guarantees referential integrity and avoids potential covert channels arising form object deletion. %0 Conference Proceedings %A Cuppens, F. %A Trouessin, G. %D 1994 %T Information Flow Controls vs Inference Controls: An Integrated Approach %J Third European Symposium on Research in Computer Security (ESORICS 94) %E Gollman, Dieter %I Springer-Verlag %C Brighton, United Kingdom %6 1 %P 447-468 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Database II %K Security model, Information flow control, Database security, Inference control, Modal logic %L CT94 %X This paper proposes a formal method for modeling database security based on a logical interpretation of two problems: the (internal) information flow controls and the (external) information inference controls. Examples are developed that illustrate the inability of "classical" security models such as non-interference and non-deducibility to completely take into account the inference problem, because both are too constraining: the former model leads to the existence problem, whereas the latter one leads to the elimination problem. The causality model, which has been developed to solve the information flow control problem by considering that "what is known, must be permitted to be known", does not also explicitly take into account the inference problem. But we show that it is possible to extend causality so that inference can in fact be solved by formalizing the security policy consistency in the following way "any information must not be both permitted and forbidden, to be known". However, some difficulties remain if we do not consider that a subject can perform not only valid derivations but also plausible derivations. In particular, we show that classical solutions to the inference problem such as use of polyinstantiated databases are not plainly satisfactory, unless the security policy is able to estimate how it is plausible that an abductive reasoning can occur. %0 Conference Proceedings %A d'Ausbourg, Bruno %D 1994 %T Implementing Secure Dependencies over a Network by Designing a Distributed Security SubSystem %J Third European Symposium on Research in Computer Security (ESORICS 94) %E Gollman, Dieter %I Springer-Verlag %C Brighton, United Kingdom %6 1 %P 249-266 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Distributed Systems %L dAusbourg94 %X It was recently argued that the presence of covert channels should no longer be taken for granted in multilevel secure systems. Until today, multilevel security seems to have been an ideal approach and not a requirement to meet. The question is: is it possible to design a practical multilevel system offering full security? Based on which architecture? The approach described in this paper reflects some results of a research project which suggests some ideas to answer this question. We have chose the distributed architecture of a secure LAN as an application framework. In particular we show how controls exerted on dependencies permit to control exhaustively the elementary flows of information. The enforced rules govern both the observation and the handling of data over the whole system. They are achieved by means of some hardware mechanisms that submit the access of hosts to the medium to a secure medium access control protocol. We evaluate how secure dependencies used to ensure confidentiality in such an architecture may also be used to answer some other needs with respect to other attributes of security. %0 Conference Proceedings %A Dacier, Marc %A Deswarte, Yves %D 1994 %T Privilege Graph: an Extension to the Typed Access Matrix Model %J Third European Symposium on Research in Computer Security (ESORICS 94) %E Gollman, Dieter %I Springer-Verlag %C Brighton, United Kingdom %6 1 %P 317-334 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Access Controls %L DD94 %X In this paper, an extension to the TAM model is proposed to deal efficiently with authorization schemes involving sets of privileges. This new formalism provides a technique to analyse the safety problem for this kind of schemes and can be useful to identify which privilege transfers can lead to unsafe protection states. Further extensions are suggested towards quantitative evaluation of operational security and intrustion detection. %0 Conference Proceedings %A Hardjono, Thomas %A Seberry, Jennifer %D 1994 %T Authentication via Multi-Service Tickets in the Kuperee Server %J Third European Symposium on Research in Computer Security (ESORICS 94) %E Gollman, Dieter %I Springer-Verlag %C Brighton, United Kingdom %6 1 %P 143-160 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Authentication %L HS94 %X The subject of this paper is the authentication services as found in the Kuperee server. The authentication protocol is based on the Zheng-Seberry public key cryptosystem, and makes use of the distinct features of the cryptosystem. Although couched in the terminology of Kerberos, the protocol had subtle features, such as the binding together of two entities by a third entity, leading to the need of equal co-operation by the two entities in order to complete the authentication procedure. Another important feature is the use of multi-service ticket to access multiple services offered by different servers. This removes the need of the Client to consult the Trusted Authority each time it needs a service from a Server. In addition, this allows an increased level of parallelism in which several Servers may be concurrently executing applications on behalf of a single Client. The scheme is also extendible to cover a more global scenario in which several realms exist, each under the care of a trusted authority. Finally, the algorithms that implement the scheme are presented in terms of the underlying cryptosystem. Although the scheme currently employs a public key cryptosystem, future developments of the server may combine private key cryptosystems to enhance performance. %0 Conference Proceedings %A Hauser, Ralf %A Janson, Philippe %A Molva, Refik %A Tsudik, Gene %A Van Herreweghen, Els %D 1994 %T Robust and Secure Password and Key Change Method %J Third European Symposium on Research in Computer Security (ESORICS 94) %E Gollman, Dieter %I Springer-Verlag %C Brighton, United Kingdom %6 1 %P 107-122 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Key Management I %L HJMTH94 %X This paper discusses issues and idiosyncrasies associated with changing passwords and keys in distributed computer systems. Current approaches are often complicated and fail to provide the desired level of security and fault tolerance. A novel and very simple approach to changing passwords/keys is presented and analyzed. It provides a means for human users and service programs to change passwords and keys in a robust and secure fashion. %0 Conference Proceedings %A Jiwa, Azad %A Seberry, Jennifer %A Zheng, Yuliang %D 1994 %T Beacon Based Authentication %J Third European Symposium on Research in Computer Security (ESORICS 94) %E Gollman, Dieter %I Springer-Verlag %C Brighton, United Kingdom %6 1 %P 125-141 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Authentication %K Beacon, Authentication, Network Security, Information Security, Security Protocol %L JSZ94 %X Reliable authentication of communicating entities is essential for achieving security in a distributed computing environment. The design of such systems as Kerberos, SPX and more recently KryptoKnight and Kusperee, have largely been successful in addressing the problem. The common element with these implementations is the need for a trusted third-party authentication service. This essentially requires a great deal of trust to be invested in the authentication server which adds a level of complexity and reduces system flexibility. The use of a Beacon to promote trust between communicating parties was first suggested by M. Rabin in "Transactions protected by beacons," Journal of Computer and System Sciences, Vol. 27, pp 256-267, 1983. In this paper we revive Rabin's ideas which have been largely overlooked in the past decade. In particular we present a novel approach to the authentication problem based on a service called Beacon which continuously broadcasts certified nonces. We argue that this approach considerably simplifies the solution to the authentication problem and we illustrate the impact of such a service by "Beaconizing" the well know Needham and Schroeder protocol. The modified protocol would be suitable for deployment at upper layers of the communication stack. %0 Conference Proceedings %A Mao, Wenbo %A Boyd, Colin %D 1994 %T On Strengthening Authentication Protocols to Foil Cryptanalysis %J Third European Symposium on Research in Computer Security (ESORICS 94) %E Gollman, Dieter %I Springer-Verlag %C Brighton, United Kingdom %6 1 %P 193-204 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Key Management II %L MB94 %X Cryptographic protocols have usually been designed at an abstract level without concern for the cryptographic algorithms used in implementation. In this paper, it is shown that the abstract protocol definition can have an important effect on the ability of an attacker to mount a successful attack on an implementation. In particular, it will be determined whether an adversary is able to generate corresponding pairs of plaintext and ciphertext to use as a lever in compromising secret keys. The ideas are illustrated by analysis of two well-known authentication systems which have been used in practice. They are Kerberos and KryptoKnight. It is shown that for the Kerberos protocol, an adversary can acquire at will an unlimited number of known plaintext-ciphertext pairs. Similarly, an adversary in the KryptoKnight system can acquire an unlimited number of data pairs which, by a less direct means, can be seen to be cryptanalytically equivalent to known plaintext-ciphertext pairs. We propose new protocols, using key derivation techniques, which achieve the same end goals as these others without this undesirable feature. %0 Conference Proceedings %A Maurer, Ueli M. %A Schmid, Pierre E. %D 1994 %T A Calculus for Secure Channel Establishment in Open Networks %J Third European Symposium on Research in Computer Security (ESORICS 94) %E Gollman, Dieter %I Springer-Verlag %C Brighton, United Kingdom %6 1 %P 175-192 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Key Management II %K Network security, Key management, Cryptography, Security transformations, Formal models %L MS94 %X This paper presents a calculus of channel security properties which allows to analyse and compare protocols for establishing secure channels in a insecure open network at a high level of abstraction. A channel is characterized by its direction, time of availability and its security properties. Cryptographic primitives and trust relations are interpreted as transformations for channel security properties, and cryptographic protocols can be viewed as combinations of such transformations. A protocol thus allows to transform a set of secure channels established during an initial setup phase, together with a set of secure channels specified by the security requirements. The necessary and sufficient requirements for establishing a secure channels between two entities are characterized in terms of secure channels to be made available during the initial setup phase and in terms of trust relations between users and/or between users and trusted authorities. %0 Conference Proceedings %A Motro, Amihai %A Marks, Donald G. %A Jajodia, Sushil %D 1994 %T Aggregation in Relational Databases: Controlled Disclosure of Sensitive Information %J Third European Symposium on Research in Computer Security (ESORICS 94) %E Gollman, Dieter %I Springer-Verlag %C Brighton, United Kingdom %6 1 %P 431-445 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Database II %L MMJ94 %X It has been observed that often the release of a limited part of an information resource poses no security risks, but the release of a sufficiently large part of that resource might pose such risks. This problem of controlled disclosure of sensitive information is an example of what is known as the aggregation problem. In this paper we argue that it should be possible to articulate specific secrets within a database that should be protected against overdisclosure, and we probide a general framework in which such controlled disclosure can be achieved. Our methods also foil attempts to attack these predifined secrets by disguising queries as queries whose definitions do not resemble secrets, but whose answers nevertheless "nibble" at secrets. Our method also foil attempts to attack secrets by breaking queries into sequences of smaller requests that extract information less conspicuously. The accounting methods we employ to thwart such attempts are shown to be both accurate and economical. %0 Conference Proceedings %A O'Halloran, C. %A Sennett, C. T. %D 1994 %T Security through Type Analysis %J Third European Symposium on Research in Computer Security (ESORICS 94) %E Gollman, Dieter %I Springer-Verlag %C Brighton, United Kingdom %6 1 %P 75-89 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F High Assurance Software %K Types, formal techniques, secure computer systems, security evaluation %L OHS94 %X The objective of the work reported in this paper is to develop very low cost techniques for demonstrating that the trusted software for a secure system has the security properties claimed for it. The approach also supports integrity properties. The approach is based on type checking, which ensures that operations cannot be called with arguments they should not handle. This paper presents an informal technical description of the work with respect to a particular case study. An outline of the type checking algorithm is given in an appendix. %0 Conference Proceedings %A Robinson, C. L. %A Wiseman, S. R. %D 1994 %T A Consideration of the Modes of Operation for Secure Systems %J Third European Symposium on Research in Computer Security (ESORICS 94) %E Gollman, Dieter %I Springer-Verlag %C Brighton, United Kingdom %6 1 %P 333-356 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Access Controls %K Security mode of operation, Dedicated, System high, Compartmented, Multi-level, System model, Z notation %L RW94 %X Secure systems are often characterised by a 'mode of operation'. This acts as a shorthand for the degree of risk to the information on the system and the minimum security functionality required as a countermeasure. This paper examines the UK definitions of these modes and proposes a model of a system which can be used to capture the distinctions between them. The variations of possible secure system functionality within each mode are then discussed. Some new definitions, which are orthogonal to the modes of operation, are proposed which can be used to resolve ambiguities. %0 Conference Proceedings %A Roscoe, A.W. %A Woodcock, J.C.P. %A Wulf, L. %D 1994 %T Non-interference through Determinism %J Third European Symposium on Research in Computer Security (ESORICS 94) %E Gollman, Dieter %I Springer-Verlag %C Brighton, United Kingdom %6 1 %P 3-18 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F High Assurance Software %K security, non-interference, formal methods, process algebra, determinism, automatic verification %L RWW94 %X The standard approach to the specification of a secure system is to present a (usually state-based) abstract security model separately from the specification of the system's functional requirements, and establishing a correspondence between the two specifications. This complex treatment has resulted in development methods distinct from those usually advocated for general applications. We provide a novel and intellectually satisfying formulation of security properties in a process algebraic framework, and show that these are preserved under refinement. We relate the results to a more familiar state-based (Z) specification methodology. There are efficient algorithms for verifying our security properties using model checking. %0 Conference Proceedings %A Sandhu, Ravi S. %A Ganta, Srinivas %D 1994 %T On the Expressive Power of the Unary Transformation Model %J Third European Symposium on Research in Computer Security (ESORICS 94) %E Gollman, Dieter %I Springer-Verlag %C Brighton, United Kingdom %6 1 %P 301-318 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Access Controls %K Access control, Access rights, Authorization, Client-Server Architecture, Expressive Power %L SG94 %X The Transformation Model (TRM) was recently introduced in the literature by Sandhu and Ganta. TRM is based on the concept of transformation of rights. The propagation of access rights in TRM is authorized entirely by existing rights for the object in question. It has been demonstrated in the earlier work that TRM is useful for expressing various kinds of consistency, confidentiality, and integrity controls. In our previous work, a special case of TRM named Binary Transformation Model (BTRM) was defined. We proved that BTRM is equivalent in expressive power to TRM. This result indicates that it suffices to allow testing for only two cells in the matrix. In this paper we study the relation ship between TRM and the Unary Transformation Model (UTRM). In the UTRM, individual commands are restricted to testing for only one cell of the matrix (whereas individual TRM commands can test for multiple cells of the matrix). Contrary to our initial conjecture, we found that TRM and UTRM are formally equivalent in terms of expressive power. The implications of this result on safety analysis is also discussed in this paper. %0 Conference Proceedings %A Siron, Pierre %A d'Ausbourg, Bruno %D 1994 %T A Secure Medium Access Control Protocol: Security versus Performances %J Third European Symposium on Research in Computer Security (ESORICS 94) %E Gollman, Dieter %I Springer-Verlag %C Brighton, United Kingdom %6 1 %P 267-279 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Distributed Systems %L SA94 %X Many systems were built in order to protect confidentiality of data and processes. This can be done by using multilevel architectures of machines and networks. But these architectures tolerate the existence of covert channels. We designed an architecture of a distributed security subsystem in order to avoid them, basing it on the use of secure dependencies. Controls exerted on dependencies can control exhaustively elementary flows of information. These controls are achieved by means of some hardware mechanisms which govern the access of hosts to the medium according to a secure medium access control protocol (or SMAC). This approach implements in a straightforward manner some multilevel security conditions that ensure a very high degree of protection. We wanted to measure the real cost of introducing security inside a MAC protocol, by comparing under simulation the performances of the SMAC protocol with some other standard but insecure MAC protocols. %0 Conference Proceedings %A Thomas, Roshan K. %A Sandhu, Ravi S. %D 1994 %T Supporting Object-based High-assurance Write-up in Multilevel Databases for the Replicated Architecture %J Third European Symposium on Research in Computer Security (ESORICS 94) %E Gollman, Dieter %I Springer-Verlag %C Brighton, United Kingdom %6 1 %P 403-428 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Database I %K Replicated architecture, object-oriented databases, write-up, serial correctness, message-filtering, signaling channels %L TS94 %X We discuss the support of high-assurance write-up actions in multilevel secure object-oriented databases under the replicated architecture. In this architecture, there exists a separate untrusted single-level database for each security level. Data is replicated across these databases (or containers), as each databases stores a copy of all the data whose class is dominated by that of the database. Our work utilizes an underlying message filter based upon object-oriented security model. Supporting message-based write-up actions with synchronous semantics directly impacts confidentiality, integrity, and performance issues. Also, an important concern in the replicated architecture is the maintenance of the mutual consistency of the replicated data. In this paper we offer solutions to support write-up actions while preserving the conflicting goals of confidentiality, integrity and efficiency and at the same time demonstrate how the effects of updates arising from write-up actions are replicated correctly to guarantee such mutual consistency. Finally, we wish to emphasize that our elaboration of the message filter model demands minimum functionality form the TCB that is hosted within the trusted front end (TFE), and further requires no trusted subjects (i.e. subjects who are exempted, perhaps partially, from the usual mandatory controls). Collectively, these make verification of our solutions easier, since we have the assurance that covert channels cannot be introduced through the TFE. %0 Conference Proceedings %A Zorkadis, Vasilios %D 1994 %T Security versus Performance Requirements in Data Communication Systems %J Third European Symposium on Research in Computer Security (ESORICS 94) %E Gollman, Dieter %I Springer-Verlag %C Brighton, United Kingdom %6 1 %P 19-30 %Y Goos, G. %E Hartmanis, J. %E van Leeuwen, J. %S Lecture Notes in Computer Science %F Measures %K security, communications performance %L Zorkadis94 %X The research activities in secure computer networks have paid little attention to the tradeoff between security and other quality requirements of the communication service. This paper aims to introduce performance aspects regarding secure computer networks. First we attempt to quantify the tradeoff between security and performance in secure data communication systems by means of queueing theory. Our second target is to reduce the performance degradation caused by the security mechanisms and protocols. For this purpose, optimization concepts are proposed. The key points in the optimization concepts are: preprocessing, messages segmenting and compression. They have to be integrated or considered in secure communication protocols to improve their performance characteristics. Preprocessing aims to exploit the idle periods of the system (e.g., computer or special crypto-chip), to take the stochastic nature of such communication processes into consideration, e.g., using the OFB-mode for generating (pseudo) random bit sequences after connection establishment. Segmenting is proposed for long messages in order to better exploit the pipeline nature of communication systems. Also, compression is discussed as a means to further improve the performance measures of secure communication.