Edit WYSIWYGattachfile Attach PDF Raw View►More Actions▼More Actions

Restore topic to revision: You will be able to review the topic before saving it to a new revision

Copy text and form data to a new topic (no attachments will be copied though).
Name of copy:
You will be able to review the copied topic before saving

Rename/move topic... scans links in all public webs (recommended)
Rename/move topic... scans links in CBI_ComputerSecurity web only
Delete topic... scans links in all public webs (recommended)
Delete topic... scans links in CBI_ComputerSecurity web only

Revision Date Username Comment
510 Nov 2014 - 12:33ThomasMisa 
403 Oct 2013 - 15:23norqu036? 
325 Feb 2013 - 10:03NicLewis 
220 Feb 2013 - 08:35NicLewis 
119 Feb 2013 - 15:13NicLewis 

Render style:     Context:

 History: r5 < r4 < r3 < r2 < r1
[X] Hide this message.
Notice: On June 30, 2016, UMWiki service will be decommissioned. If you have information in UMWIki that needs to be preserved, you should make plans to move it before that date. Google Sites is anticipated to be the most popular and appropriate alternative for users because it offers a more modern and user-friendly interface and unlimited capacity. To learn more about the features of Google Sites and other alternatives, and to identify which one best fits your needs, see the University’s Website Solution Selection Guide. If you have concerns or would like help regarding this change and your options, please contact Technology Help at help@umn.edu
You are here: UMWiki>CBI_ComputerSecurity Web>Publications>ClassicPapersACSAC (10 Nov 2014, ThomasMisa)

Current Activitieslock Who is Who?lock People Programs Publications CSHW_2014 Systems Events Mechanisms

ACSAC Classic Papers (www.acsac.org)


lock Login Required to View Attachment

Matt Blaze:

Key Escrow from a Safe Distance: Looking Back at the Clipper Chip (2011 | lock PDF): This article looks back on the 1993 US government attempt to mandate encryption technology that possessed a backdoor, using hardware to wrap the session key of any encrypted communication with its own “escrow key,” which the government kept in a database, and could use to decrypt the communication (presumably with a warrant). This scheme failed, partly due to backlash from the tech community and industry against the government holding a database of keys that could be leaked, wariness of an encryption scheme that was partially classified, and because no one (with the exception of AT&T) wanted to adopt expensive hardware-based encryption when inexpensive software-based encryption was becoming practical. The result of this failure was that government agencies found other, more accountable ways of dealing with encryption, including targeted surveillance, rather than broad surveillance of communications.

John Dobson and Brian Randell:

Building Reliable Secure Computing Systems Out of Unreliable Insecure Components (2001 | lock PDF): The main point of this article is that security and reliability are not the separate issues in computing as once taught. Based on their early distributed computing efforts using Unix machines in the 1980s, the authors argue that information that needs to be kept secure is also probably valuable, and making it reliably available should also be a priority. However, they argue, sufficient security has not been built into our increasingly complex infrastructure (the Internet), and the value of distributed computing is more important than ever to guard against these increasing threats.

Paul Karger and Roger Schell:

Multics Security Evaluation: Vulnerability Analysis (1974 | Two versions - Original lock PDF | Reprint lock PDF): Seminal report on the security issues of the Multics multi-user operating system.

Thirty Years Later: Lessons from the Multics Security Evaluation (2002 | lock PDF): Retrospective on the Multics Security Evaluation of 1974, and how the lessons of that analysis (basically, the need to implement a secure kernel before any OS should be placed in an open environment) were not being applied to the weaker operating systems that government and industry were attempting to “harden” after the fact.

Richard Kemmerer:

A Practical Approach to Identifying Storage and Timing Channels: Twenty Years Later (2002 | lock PDF): This article looks back on the first methodology outlined for discovering channels within a computer that may act as “covert channels,” passing data to programs or users that do not have the required security levels to see that data.

Carl Landwehr, Constance Heitmeyer, and John D. McLean:

A Security Model for Military Message Systems: Retrospective (2001 | lock PDF): This article republishes a report drafted for the Military Message Experiment, which was, in the late 70s and early 80s, investigating replacing arcane pneumatic tube messaging with e-mail via the ARPANET. The problem was to produce a messaging system that replicated the secure environment on a trusted computer, but over the extended network. The solution outlined was to produce applications with multiple levels of security, rather than simply focus on the security of the operating system, as was the norm at the time. The security models outlined would contribute to the contemporary concept of job-related permissions, and multilevel objects, where an application’s permissions change depending on the user, and the task being done. Each application was effectively encapsulated. This approach used real-world analogies, such as safes, file folders, and documents, which users could understand. This should all sound quite familiar to computer users today.

John McHugh:

An Information Flow Tool for Gypsy - An Extended Abstract Revisited (2001 | lock PDF): This article looks back on the impact of a dissertation done in the mid-80s, which proposed a tool that could discover where operating systems were leaking information through covert channels, which had been a major impediment for OSs seeking A1 security status. The analyzer tool ultimately worked, and allowed the designer a great degree of flexibility in finding and eliminating potential information leaks, influencing the security testing tools that would follow.

O. Sami Saydjari:

LOCK: An Historical Perspective (2002 | lock PDF): LOCK (Logical Coprocessing Kernel) was a program out of the National Computer Security Center. It was the last of the highly trustworthy operating system research projects, with the proposal written in 1987. The article looks back on the importance of LOCK’s design principles to subsequent security models. It was intended to produce realistic security goals that did not compromise system performance more than necessary, and outlined methods of preventing performance degradation, such as using multiple processors, and attempting to use hardware acceleration when possible. The goal was to degrade system performance by less than 10% compared to an “unLOCKed” computer. This was an important step in balancing security with usability, as security measures were often a severe burden on computer resources.

Paul Syverson:

A Peel of Onion (2011 | lock PDF): This article traces the origins and development of onion routing, which began in 1995, a means of obscuring the originating and terminating points of networked traffic. The goal was to provide anonymous routing, rather than total anonymity, as the originating and terminating nodes could still see the respective sensitive IP addresses involved, and any unencrypted information could also be seen anywhere along the line. This work subsequently resulted in the TOR (The Onion Router) service of today. This concept uses multiple nodes between parties. Online communication traffic between the parties passes from node to node, obscuring the originating and terminating IP addresses on either end. This has advantages over a simple VPN, which still reveals originating and terminating IP addresses on either end of the communication. This system mitigates one of the security issues of Internet communication, and has provided a tool for dissidents living under oppressive regimes, and those wishing to bypass IP-based censorship.

-- ThomasMisa - 10 Nov 2014

Topic revision: r5 - 10 Nov 2014 - 12:33:17 - ThomasMisa
Signed in as lewi0740 (NicLewis) | Sign out
UMWiki UMWiki
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding UMWiki? Send feedback