CONTENTS - Emerald
CONTENTS - Emerald
CONTENTS - Emerald
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
language which would cope with a variety of operating systems, databases and microprocessor<br />
cards. The shortcomings of Unix and MCOS are described, as is a prototype<br />
shell which is essentially a state machine acting on a description le, together with<br />
naming conventions for secret data.<br />
041231 `An Authorization Model for Personal Databases'<br />
C Radu, M Vandenwauver, R Govaerts, J Vandewalle, Cardis 94 pp 61{72<br />
The authors describe a database security model for smartcards which came out of<br />
their work with CAFE. This is centrally administered, role and capability based, and<br />
has a granularity hierarchy of objects with a tree structure; each capability gives access<br />
to everything below the node it names.<br />
041232 `A Security Architecture for Fault-Tolerant Systems'<br />
MK Reiter, KP Birman, R van Renesse, ACM Transactions on Computer Systems v<br />
12 no 4 (Nov 94) pp 340{371<br />
The authors describe Horus, an architecture for distributed systems based on secure<br />
process groups. Its underlying mechanisms are founded on fault tolerant authentication<br />
protocols, some of which are described, and a secure time service. These mechanisms<br />
are implemented in a layer which is inaccessible to user processes.<br />
041233 `Non-interference through Determinism'<br />
AW Roscoe, JCP Woodcock,LWulf, ESORICS 94 pp 33{53<br />
The authors consider noninterference in terms of the nondeterminism introduced<br />
into an abstract machine by hiding and interleaving operations, and propose to protect<br />
low users from high data by insisting that their virtual machines be deterministic.<br />
Under this de nition, security is preserved by re nement. A le system design is<br />
sketched, and the relationship between Z and CSP formalisms is discussed.<br />
041234 `Propagation of Authorizations in Distributed Database Systems'<br />
P Samarati, P Ammann, S Jajodia, Fairfax 94 pp 136{147<br />
Authorisations which propagate in distributed systems may do so inconsistently,<br />
especially in the presence of intermittent site and communications failures. Algorithms<br />
are presented for restoring consistency; logs of authorisation table updates are kept<br />
locally and propagated, and procedures exist for dealing with out-of-order updates by<br />
referring to these logs.<br />
041235 `On the Expressive Power of the Unary Transformation Model'<br />
RS Sandhu, S Ganta, ESORICS 94 pp 301{318<br />
The authors develop their transformation model of access control by introducing<br />
a variant in which individual commands can test only one cell of the access control<br />
matrix at a time. They prove that this has just as much expressive power, provided<br />
that every user and every object can be constrained to be of a unique type.<br />
041236 `To Net Or Not To Net?'<br />
WSchwartau, Network Security (Dec 94) pp 7{11<br />
The author describes a product called Sidewinder, whose purpose is to enforce a<br />
multilevel integrity policy in an Internet environment.<br />
041237 `Total ordered security level assignment which inhibits entity<br />
inference'<br />
H Shina, Y Okuda, H Nagase, ISITA 94 pp 273{276<br />
The authors propose an algorithm to assign security labels to entities in a computer<br />
system in accordance with a model such as Bell-LaPadula. The proposed algorithm<br />
generates the highest security label for each entity. This is in contrast to the low water<br />
mark principle which assigns the lowest label to each entity.<br />
17