Your search keyword '"Logical security"' showing total 12 results

1. Computer security in the real world

Author

Butler W. Lampson

Subjects

General Computer Science, Computer science, Network security, Internet privacy, Covert channel, Data security, Access control, Audit, Internet security, Asset (computer security), Computer security, computer.software_genre, Logical security, Security information and event management, Information security audit, Security association, Distributed System Security Architecture, Message authentication code, Authentication, Cloud computing security, business.industry, Authorization, Information security, Computer security model, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Security service, Network Access Control, Security through obscurity, Network security policy, The Internet, business, computer

Abstract

Most computers today are insecure because security is costly in terms of user inconvenience and foregone features, and people are unwilling to pay the price. Real-world security depends more on punishment than on locks, but it's hard to even find network attackers, much less punish them. The basic elements of security are authentication, authorization, and auditing: the gold standard. The idea of one principal speaking for another is the key to doing these uniformly across the Internet.

Published

2004

2. Are Password Requirements too Difficult?

Author

Kim Schaffer

Subjects

Password, Password policy, Authentication, Software_OPERATINGSYSTEMS, General Computer Science, Computer science, business.industry, Internet privacy, Authorization, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Passphrase, Access control, Computer security, computer.software_genre, Logical security, One-time password, Password strength, S/KEY, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Microsoft Office password protection, Challenge–response authentication, business, computer

Abstract

It might be prudent to enhance password mechanisms while training users to take the additional responsibility of managing passwords.

Published

2011

3. A survey of Web security

Author

Aviel D. Rubin and Daniel E. Geer

Subjects

Information privacy, General Computer Science, Computer science, Internet privacy, Covert channel, Data security, computer.software_genre, Computer security, Internet security, Asset (computer security), Logical security, Security information and event management, Security association, Cloud computing security, business.industry, Information security, Computer security model, Web application security, Security service, Network Access Control, Security through obscurity, Human-computer interaction in information security, Network security policy, The Internet, Web service, business, computer

Abstract

Developing security methods for the Web is a daunting task, in part because security concerns arose after the fact. Today, with an internationally connected user network and rapidly expanding Web functionality, reliability and security are critical. Vendors engaged in retrofitting security must contend with the Web environment's peculiarities, which include location irrelevance, statelessness, code and user mobility, and stranger-to-stranger communication. The authors offer a survey of Web security issues, focusing on particular areas of concern, such as server security, mobile code, data transfer, and user privacy.

Published

1998

4. Security control for COTS components

Author

Qun Zhong and Nigel Edwards

Subjects

Security bug, Cloud computing security, General Computer Science, Computer science, business.industry, Covert channel, Information security, Computer security model, Asset (computer security), Computer security, computer.software_genre, Logical security, Security information and event management, Security testing, Security controls, Security engineering, Security service, Software security assurance, Sandbox (computer security), Security through obscurity, Software engineering, business, computer, Countermeasure (computer)

Abstract

Using COTS components poses serious threats to system security. The authors analyze the risks and describe how their sandbox method can limit the damage potential of COTS components. The sandbox model was originally developed for fault tolerance. Rather than eliminating actual failures, it provides a restricted environment to confine application behavior. The approach confines the damage caused if an application accidentally or maliciously misbehaves. The authors' sandbox method differs from Java's, in that it is built with OS support rather than with support from a particular language. The authors describe the Sendmail version of their sandbox method. Their approach requires B-level security features not found on most conventional OSs. Typically developed for government or military use, B-level certified OSs have more sophisticated security features. The authors explain that their method does not eliminate security problems but rather mitigates the damage caused by compromised applications and thus prevents most common security breaches. Untrusted COTS components can thus be safely plugged into a system without major reengineering, provided there is a suitable security platform.

Published

1998

5. Remote booting in a hostile world: to whom am I speaking? [Computer security

Author

Mark Lomas and Bruce Christianson

Subjects

General Computer Science, Computer science, business.industry, Network security, Hash function, Trojan horse, Cryptography, Computer security, computer.software_genre, Logical security, Upgrade, Software, Software system, business, computer, Booting

Abstract

Today's networked computer systems are very vulnerable to attack: terminal software, like that used by the X Window System, is frequently passed across a network, and a trojan horse can easily be inserted while it is in transit. Many other software products, including operating systems, load parts of themselves from a server across a network. Although users may be confident that their workstation is physically secure, some part of the network to which they are attached almost certainly is not secure. Most proposals that recommend cryptographic means to protect remotely loaded software also eliminate the advantages of remote loading-for example, ease of reconfiguration, upgrade distribution, and maintenance. For this reason, they have largely been abandoned before finding their way into commercial products. The article shows that, contrary to intuition, it is no more difficult to protect a workstation that loads its software across an insecure network than to protect a stand-alone workstation. In contrast to prevailing practice, the authors make essential use of a collision-rich hash function to ensure that an exhaustive off-line search by the opponent will produce not one, but many candidate pass words. This strategy forces the opponent into an open, on-line guessing attack and offers the user a defensive strategy unavailable in the case of an off-line attack. >

Published

1995

6. Taking steps to secure web services

Author

D. Geer

Subjects

General Computer Science, Web development, Computer science, Network security, Internet privacy, Services computing, Internet security, computer.software_genre, Asset (computer security), Computer security, Logical security, Security information and event management, Security association, Transport Layer Security, Cloud computing security, business.industry, Information security, Computer security model, Web application security, Security service, Network Access Control, Security through obscurity, Network security policy, The Internet, Web service, business, WS-Policy, computer

Abstract

Despite the promise, Web services present network administrators with a thorny problem: as network security becomes an increasing concern, Web services open up networks by letting outside users access databases, applications, and internal users. Traditional security techniques - such as virtual private networks or secure sockets layer (SSL) technology - cannot secure the large number of transactions that Web services can perform in a short time. Meanwhile, basic Web services transactions are unencrypted and unsecured, which creates the potential for disaster. It is thus important for Web services technology to have its own security mechanisms. In fact, industry observers have said the biggest obstacle to wider adoption of Web services has been security concerns. With this in mind, researchers are developing and implementing several Web services security approaches.

Published

2003

7. Wireless security is different

Author

William A. Arbaugh

Subjects

Cloud computing security, General Computer Science, Wireless network, Inter-Access Point Protocol, Computer science, business.industry, Covert channel, Enterprise information security architecture, Computer security model, Computer security, computer.software_genre, Communications security, Asset (computer security), Security information and event management, Logical security, Wireless security, Security service, Distributed System Security Architecture, Network Access Control, Wireless lan, Security through obscurity, The Internet, business, computer, Computer network

Abstract

Wireless security requires slightly different thinking from wired security because it gives potential attackers easy transport medium access. This access significantly increases the threat that any security architecture must address. Wireless networking broadcast nature makes traditional link-layer attacks readily available to anyone. Wireless network security based on the IEEE 802.11 standard has received a lot of negative attention, since it is coupled with several design errors and security problems. IEEE 802.11 uses spread-spectrum signaling technology, which the military depends on for secure communications. Newer architectures are becoming available to dramatically increase the security of 802.11-based networks.

Published

2003

8. Whos's liable for insecure networks?

Author

E. Kenneally

Subjects

General Computer Science, Computer science, Network security, Internet privacy, Data security, Covert channel, Computer security, computer.software_genre, Asset (computer security), Internet security, Security information and event management, Logical security, Security association, Cloud computing security, business.industry, Information security, Service provider, Computer security model, Web application security, Security service, Software security assurance, Network Access Control, Security through obscurity, Security convergence, Network security policy, The Internet, business, computer

Abstract

Given computers' integral role in modern life we can no longer tolerate negligent security. We must define standards of care and develop processes for recovering damages from those who fail to act reasonably in securing networked computers. Failure to secure networked computer systems could spawn litigation among software vendors, service providers, online businesses, and users. The paper discusses negligence claims and network security. It considers costs associated with insecure computers on the Internet.

Published

2002

9. The specification and modeling of computer security

Author

John McLean

Subjects

National security, General Computer Science, Computer science, Covert channel, Data security, Certified Information Systems Security Professional, Asset (computer security), Computer security, computer.software_genre, Security information and event management, Security testing, Logical security, Discretionary access control, Cloud computing security, business.industry, Information security, Computer security model, Mandatory access control, Security service, Software security assurance, Network Access Control, Security through obscurity, Security convergence, Network security policy, Software engineering, business, computer

Abstract

A description is given of computer security models in general and the model of D. Bell and L. LaPadula (Tech. Rep. MTR-2997, Mitre Corp., 1976) in particular. The Bell and LaPadula (BLP) model is the backbone of the National Computer Security Center's evaluation process for trusted computer systems. Although discretionary access control is briefly addressed, the focus is on mandatory access control (MAC) in national security. However, the issues addressed are relevant to any setting in which MAC-like restrictions arise. It is shown that security is a fruitful research area for those interested in software specification, since some of the most difficult issues in specifying security have analogs in other domains. The limitations of the BLP model are examined. For example, it has little relevance for systems in which users can change their own security levels or those of their files, and it is inadequate for expressing requirements that certain operations cannot be performed by a single individual working alone. It is shown how BLP's limitations can be remedied by a framework of models, making it more useful to those interested in industrial security. >

Published

1990

10. A patch in nine saves time?

Author

William A. Arbaugh

Subjects

General Computer Science, Network security, Computer science, Vulnerability, Covert channel, Computer security, computer.software_genre, Asset (computer security), Security information and event management, Logical security, Threat, Software, Trusted computing base, Information system, Software system, Cloud computing security, business.industry, Principal (computer security), Authorization, Vulnerability management, Information security, Computer security model, Security service, Software security assurance, Network Access Control, Network security policy, Attack, business, computer

Abstract

A fundamental fact in computer and network security is the impossibility of 100 percent assurance that a computer system is trusted. By trusted, we mean that the system always operates as expected by design and policy. For more than 25 years, the security community has focused on technology to solve these problems, yet information systems remain as vulnerable. Given the difficulties of developing software without potential vulnerabilities, we must develop best practices for "penetrate and patch" cycles and configuration management procedures.

Published

2004

11. Special Feature The Total Computer Security Problem: an Oveview

Author

K.S. Shankar

Subjects

medicine.medical_specialty, General Computer Science, Computer science, Computer security compromised by hardware failure, Covert channel, Data security, Access control, Certification, Asset (computer security), Computer security, computer.software_genre, Security testing, Logical security, Security information and event management, Distributed System Security Architecture, medicine, Authentication, Cloud computing security, business.industry, Information security, Computer security model, Security service, Software security assurance, Network Access Control, Security through obscurity, Security convergence, business, computer

Abstract

As society becomes more dependent on computers, computer crime is becoming not only more disastrous in its potential impact, but also more attractive to the criminal.1-3However, with adequate protection techniques, data theft can be prevented. This paper analyzes the total computer system security problem, using six major factors to sort out the issues involved. The entire problem is visualized in Figure 1, with the six factors listed along the left-hand side.

Published

1977

12. Computer Security Technology: Guest Editors' Introduction

Author

Ames and Neumann

Subjects

Cloud computing security, General Computer Science, Security service, Computer science, Security through obscurity, Covert channel, Computer security model, Computer security, computer.software_genre, Asset (computer security), computer, Logical security, Security information and event management

Published

1983