1
1.0
Nov 6, 2020
11/20
by
Cunningham, John Edward, 1923-
texts
eye 1
favorite 0
comment 0
192 p. : 22 cm
Topic: Electronic security systems
Contents: Installation of SNAP-PC Software on your Microcomputer; Getting Started; Working with The Facility Submodel; Working with the Control Submodel; Working with the Adversary Detection Submodel; Working with the Guard and Adversary Submodels; Giving user2 Control; Setting up the SNAP-PC Subdirectory; Testing Your Model; Preparing the Model for USER2.
Topics: DTIC Archive, Tobin,Carolyn D, SANDIA NATIONAL LABS ALBUQUERQUE NM, *ELECTRONIC SECURITY,...
The Infrastructure of modern society is controlled by software systems that are vulnerable to attack. Successful attacks on these systems can lead to catastrophic results; the survivability of such information systems in the face of attacks is therefore an area of extreme importance to society. This paper presents model-based techniques for the diagnosis of potentially compromised software systems; these techniques can be used to aid the self-diagnosis and recovery from failure of critical...
Topics: DTIC Archive, Shrobe, Howard, MASSACHUSETTS INST OF TECH CAMBRIDGE ARTIFICIAL INTELLIGENCE LAB,...
The purpose of the Engineering Principles for Information Technology (IT) Security (HP-ITS) is to present a list of system-level security principles to he considered in the design, development, and operation of an information system. Ideally, the principles presented here would he used from the onset of a program-at the beginning of, or during the design phase- and then employed throughout the system's life-cycle. However, these principles are also helpful in affirming and confirming the...
Topics: DTIC Archive, Stoneburner, Gary, BOOZ-ALLEN AND HAMILTON INC MCLEAN VA, *DATA PROCESSING SECURITY,...
CIAC maintains an archive of Computer security information for the DOE Community. You can obtain documents and software in this archive through several access severs. This guide describes how to connect to these systems and obtain files from them.
Topics: DTIC Archive, CALIFORNIA UNIV LIVERMORE RADIATION LAB, *ELECTRONIC SECURITY, COMPUTER PROGRAMS,...
The IEEE 802.11 MAC protocol is widely used for wireless local area networks. Consequently, it is important to examine the protocol performance in operational environments. This thesis presents a simulation study of the performance of the IEEE 802.11 MAC protocol in multihop, jamming, and mobile node environments. The effects of the request-to-send mechanism and fragmentation in these environments are also studied. The average throughput and delay are obtained from the simulation and these...
Topics: DTIC Archive, Jitpanya, Kacha, NAVAL POSTGRADUATE SCHOOL MONTEREY CA, *LOCAL AREA NETWORKS,...
This report describes an online information transfer tool called Gateway. This system allows users to access many different federal and commercial databases while only having to learn one set of search commands and strategies. Gateway translates the input commands and search strategy into an acceptable format for each of the databases accessed through it. The effect of this system will be that users will get more reliable information more conveniently due to the relative ease of accessing many...
Topics: DTIC Archive, Douglas, Richard D, DEFENSE TECHNICAL INFORMATION CENTER FORT BELVOIR VA,...
The paper is based on the results of an initial study to determine the feasibility of a reliable, reasonably inexpensive electrostatic intrusion detection system for field use. The results of preliminary experimental tests appear to verify analytical studies indicating that the characteristic signature of walking persons can be detected by sensors utilizing standard portable solid state electrometers equipped with simple 5 to 10 cm wire antennas. Field test data show detectability to ranges of...
Topics: DTIC Archive, Aronoff, Alan D, FRANKFORD ARSENAL PHILADELPHIA PA, *INTRUSION DETECTORS, *ELECTRONIC...
This document describes our SAFEMITS network constraints and key management approaches research for year 2. As a first step SUNYIT research team has researched mobile ad-hoc network technology and the unique communications environment in which it will be deployed. We have identified the requirements specific to our problem of providing key management for confidentially and group-level authentication. We have also identified constraints, particularly energy consumption that render this problem...
Topics: DTIC Archive, Fitzgibbons, Patrick W, STATE UNIV OF NEW YORK COLL OF TECHNOLOGY UTICA,...
The Operationally Critical Threat, Asset, and Vulnerability EvaluationSM (OCTAVE) approach defines a risk-based strategic assessment and planning technique for security. OCTAVE is a self-directed approach, meaning that people from an organization assume responsibility for setting the organization's security strategy. OCTAVE-S is a variation of the approach tailored to the limited means and unique constraints typically found in small organizations (less than 100 people). OCTAVE-S is led by a...
Topics: DTIC Archive, Alberts, Christopher, CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST,...
Security-Enhanced (SE) Linux is a modification of Linux initially released by NSA in January 2001 that provides a language for specifying Linux security policies and, as in the Flask architecture, a security server for enforcing policies defined in the language. To determine whether user requests to the operating system should be granted, the security server refers to an internal form of the policy compiled from the policy specification. Since the most convenient description of the policy for...
Topics: DTIC Archive, Archer, Myla, NAVAL RESEARCH LAB WASHINGTON DC CENTER FOR HIGH ASSURANCE COMPUTING...
The purpose of this document, Guidance to Validators of IT Security Evaluations, is to provide guidance and assistance to Validators in performing their assigned duties under the Validation Body. Additionally, the document provides information to the CCTLs and sponsors of evaluations about the activities and responsibilities of assigned Validators.
Topics: DTIC Archive, NATIONAL INST OF STANDARDS AND TECHNOLOGY GAITHERSBURG MD, *VALIDATION, *STANDARDS,...
In this paper we demonstrate how to reduce the overhead and delay of circuit establishment in the Tor anonymizing network by using predistributed Diffie-Hellman values. We eliminate the use of RSA encryption and decryption from circuit setup, and we reduce the number of DH exponentiations vs. the current Tor circuit setup protocol while maintaining immediate forward secrecy. We also describe savings that can be obtained by precomputing during idle cycles values that can be determined before the...
Topics: DTIC Archive, Oeverlier, Lasse, NORWEGIAN DEFENCE RESEARCH ESTABLISHMENT KJELLER, *NETWORK...
Although research has been going on in the formal analysis of cryptographic protocols for a number of years, they are only slowly being integrated into the protocol design process. In this paper we describe how we furthered the integration of analysis and design by working closely with the Multicast Security Working Group in the Internet Engineering Task Force on the analysis of a proposed Internet Standard, the Group Domain Of Interpretation (GDOI) Protocol. We describe the challenges that had...
Topics: DTIC Archive, Meadows, Catherine, NAVAL RESEARCH LAB WASHINGTON DC CENTER FOR HIGH ASSURANCE...
In many environments, users login to workstations and then leave them unattended. Rather than trying to stop users from doing what comes naturally, this paper suggests a simple, hardware-based system that can protect computers in such an environment from unauthorized use by those with physical access to the monitor and keyboard. Requirements for the system are described, some design issues are discussed, and a sketch of a design for an initial prototype is provided, together with an assurance...
Topics: DTIC Archive, Landwehr, Carl E, NAVAL RESEARCH LAB WASHINGTON DC, *COMPUTERS, *ELECTRONIC SECURITY,...
The field of information assurance (IA) is too complex for current modeling tools, While security analysts may understand individual mechanisms at a particular moment, the interactions among the mechanisms, combined with evolving nature of the components, make understanding the entire system nearly impossible. This dissertation introduces a computational model of IA called the Social-Technical Information Assurance Model (STIAM). STIAM models organizations, information infrastructures, and...
Topics: DTIC Archive, VanPutte, Michael, NAVAL POSTGRADUATE SCHOOL MONTEREY CA, *COMMUNICATIONS NETWORKS,...
A safe, secure and functional information network is vital in today's Air Force net centric environment. Information is more critical today than it has ever been. As more operational functions are placed in cyber space and greater computing power becomes available to everyone, keeping these networks safe and secure is an almost unattainable task. Network security entails Intrusion Detection Security, but another form of security or insecurity? is quickly gaining attention. Honeypots allow the...
Topics: DTIC Archive, Zeitz, Brian P, AIR FORCE INST OF TECH WRIGHT-PATTERSON AFB OH SCHOOL OF ENGINEERING,...
Internet routing is based on a distributed system composed of many routers grouped into management domains called Autonomous Systems (ASes). Routing information is exchanged between ASes in Border Gateway Protocol (BGP) UPDATE messages. BGP is a critical component of the Internet's routing infrastructure. However, it is highly vulnerable to a variety of attacks due to the lack of a scalable means of verifying the authenticity and authorization of BGP control traffic. Secure BGP (S-BGP)...
Topics: DTIC Archive, Kent, Stephen T, BBN TECHNOLOGIES CAMBRIDGE MA, *COMPUTER GATEWAYS, *INTERNET,...
Perhaps as a result of the increasing complexity of computing systems, we see too many security mechanisms (for embedded systems or any other system) focus on only one level. An example of his limitation is that the use of typesafe languages may eliminate certain classes of vulnerabilities but may come at a performance and usability cost and have been successfully compromised via light-bulb-induced memory errors. (Looking only at the language level also neglects how much of the underlying...
Topics: DTIC Archive, Smith, Sean W., DARTMOUTH COLL HANOVER NH DEPT OF COMPUTER SCIENCE, *CENTRAL...
This document provides guidelines for federal organizations' acquisition and use of security-related information technology (IT) products and services. NIST's advice is provided in the context of larger recommendations regarding security assurance.
Topics: DTIC Archive, Mell, Peter, NATIONAL INST OF STANDARDS AND TECHNOLOGY GAITHERSBURG MD COMPUTER...
One protocol (called the primary protocol) is independent of other protocols (jointly called the secondary protocol) if the question whether the primary protocol achieves a security goal never depends on whether the secondary protocol is in use. In this paper, we use multiprotocol strand spaces to prove that two cryptographic protocols are independent if they use encryption in non-overlapping ways. This theorem (Proposition 7.2) applies even if the protocols share public key certificates and...
Topics: DTIC Archive, Guttman, Joshua D, MITRE CORP BEDFORD MA, *COMMUNICATIONS PROTOCOLS, ELECTRONIC...
The Operationally Critical Threat, Asset, and Vulnerability EvaluationSM (OCTAVE ) approach defines a risk-based strategic assessment and planning technique for security. OCTAVE is a self-directed approach, meaning that people from an organization assume responsibility for setting the organization's security strategy. OCTAVE-S is a variation of the approach tailored to the limited means and unique constraints typically found in small organizations (less than 100 people). OCTAVE-S is led by a...
Topics: DTIC Archive, Alberts, Christopher, CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST,...
This paper gives an outline of the ideas underlying the Modular Compilation System to be used in the SMITE secure computer. This system prevents users loosing track of which generation of source text gave rise to which object code, by binding both together into an abstract data object, called a module. Operations give access to the latest versions and require both to be updated together. Linking modules together to form an executable object is performed automatically, so it becomes impossible...
Topics: DTIC Archive, Harrold, C L, ROYAL SIGNALS AND RADAR ESTABLISHMENT MALVERN (UNITED KINGDOM),...
This standard describes a keyed-hash message authentication code (HMAC), a mechanism for message authentication using cryptographic hash functions. HMAC can be used with any iterative Approved cryptographic hash function, in combination with a shared secret key. The cryptographic strength of HMAC depends on the properties of the underlying hash function. The HMAC specification in this standard is a generalization of Internet RFC 2104, HMAC, Keyed-Hashing for Message Authentication, and ANSI...
Topics: DTIC Archive, NATIONAL INST OF STANDARDS AND TECHNOLOGY GAITHERSBURG MD, *CRYPTOGRAPHY,...
Electronic commerce (EC) is the use of documents in electronic form, rather than paper, for carrying out functions of business or government that require interchange of information, obligations, or monetary value between organizations. Electronic data interchange (EDI) is the computer-to-computer transmission of strictly formatted messages that represent documents; EDI is an essential component of EC. With EC, human participation in routine transaction and decisions are made more rapidly,...
Topics: DTIC Archive, Saltman, Roy G, NATIONAL INST OF STANDARDS AND TECHNOLOGY GAITHERSBURG MD,...
This report expands upon the themes and issues raised at a forum on Security and Critical Infrastructure Protection sponsored by the National Association of State Chief Information Officers (NASCIO) with the support of the IBM Endowment, Forum participants included state chief information officers, government information technology managers, and other key state government staff, At the forum, held in November 2001, conference participants identified a series of actions designed to combat...
Topics: DTIC Archive, Heiman, Don, NATIONAL ASSOCIATION OF STATE CHIEF INFORMATION OFFICERS LEXINGTON KY,...
An important concept in network security is trust, interpreted as a relation among entities that participate in various protocols. Trust relations are based on evidence related to the previous interactions of entities within a protocol. In this work, we are focusing on the evaluation process of trust evidence in Ad Hoc Networks. Because of the dynamic nature of Ad Hoc Networks, trust evidence may be uncertain and incomplete. Also, no pre-established infrastructure can be assumed. The process is...
Topics: DTIC Archive, Theodorakopoulos, Georgios, MARYLAND UNIV COLLEGE PARK INST FOR SYSTEMS RESEARCH,...
The Access Control Encryption (ACE) system has been evaluated by the National Computer Security Center (NCSC). ACE is considered to be a security sub-system rather than a complete trusted computer system, therefore it was evaluated against a relevant subset of the requirements from the DEPARTMENT OF DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (Criteria). This subset includes identification & authentication (I & A) and audit. Additionally, ACE implements a technology to reliably...
Topics: DTIC Archive, Arnold, James L, NATIONAL COMPUTER SECURITY CENTER FORT GEORGE G MEADE MD,...
Security engineering requires a combination of features and assurance to provide confidence that security policy is correctly enforced. Rigorous engineering principles are applicable across a broad range of systems. The purpose of this study is to analyze and compare three operating systems, including two general-purpose operating systems (Linux and OpenBSD) and a commercially available, embedded operating system (Talisker). The basis for the comparison considers secure software design...
Topics: DTIC Archive, Smith, Kevin R, NAVAL POSTGRADUATE SCHOOL MONTEREY CA, *COMPUTER PROGRAMS, *OPERATING...
This report describes the work performed under the Assured Service Concepts and Models (ASCM) contract. The report is organized as follows. Volume I is a summary of all of the work done in the ASCM project. Volume II describes the various security policies that were developed on the contract. Volume III describes the availability policies that were developed on the contract and the approaches that were developed for identifying trade-offs between secrecy and availability. Volume III also...
Topics: DTIC Archive, Haigh, J T, SECURE COMPUTING TECHNOLOGY CORP ARDEN HILLS MN, *COMPUTER...
This report describes the work performed under the Assured Service Concepts and Models (ASCM) contract. The report is organized as follows. Volume I is a summary of all of the work done in the ASCM project. Volume 11 describes the various security policies that were developed on the contract. Volume III describes the availability policies that were developed on the contract and the approaches that were developed for identifying trade-offs between secrecy and availability. Volume III also...
Topics: DTIC Archive, Haigh, J T, SECURE COMPUTING TECHNOLOGY CORP ARDEN HILLS MN, *COMMAND CONTROL...
This is the tenth annual report reviewing the threat to the United States from foreign economic collection and industrial espionage. The report seeks to characterize and assess efforts by foreign entities -- government and private -- to unlawfully target or acquire critical US technologies, trade secrets, and sensitive financial or proprietary economic information. The paper focuses on technologies, the loss of which could undermine US military capability, impede the ability of US firms to...
Topics: DTIC Archive, NATIONAL COUNTERINTELLIGENCE CENTER WASHINGTON DC, *MILITARY INTELLIGENCE,...
In Phase I the Prediction Systems. Inc. /New Jersey Institute of Technology (PSI/NJIT) team successfully demonstrated the applicability of Artificial Intelligence techniques. including Neural Networks (NN) and other techniques to intrusion detection problems. Sufficient components of the Hierarchical Intrusion Detection Engine (HIDE) were built to demonstrate that our adaptive approach could effectively detect a flooding attack in computer networks. In Phase II. Network Security Solution joined...
Topics: DTIC Archive, Wassmer, Robert E, PREDICTION SYSTEMS INC SPRING LAKE NJ, *SOFTWARE ENGINEERING,...
NMCI is a mechanism to transform the Navy and Marine Corps information systems and prepare 21st century warfare. Just as the Internet has transformed business and commerce around the globe, NMCI may transform the U.S. Navy and Marine Corps by harnessing the power of an integrated network. The Navy and Marine Corps Intranet constitutes the first major step into a truly network-centric warfare environment and makes them full participants in the cyber world. This network will handle the data on...
Topics: DTIC Archive, Fahrenthold, Alex B, NAVAL POSTGRADUATE SCHOOL MONTEREY CA, *ELECTRONIC SECURITY,...
Complex multilevel secure (MLS) architectures are emerging that require user identification and authentication services not only from multilevel connections, but from pre-existing single level networks. The XTS-400 can be used as a server in such environments. Trusted devices are required for user login via multilevel connections; however, single level remote login facilities do not require such client-side devices. Instead, a more lightweight mechanism is possible. Remote login capabilities do...
Topics: DTIC Archive, Herbig, Christopher F, NAVAL POSTGRADUATE SCHOOL MONTEREY CA, *SOFTWARE ENGINEERING,...
The performance aspect and security capabilities of the Embedded Firewall (EFW) system are studied in this thesis. EFW is a host-based, centrally controlled firewall system consisting of network interface cards and the Policy Server software. A network consisting of EFW clients and a Policy Server is set up in the Advanced Network Laboratory at the Naval Postgraduate School. The Smartbits packet generator is used to simulate realistic data transfer environment. The evaluation is performed...
Topics: DTIC Archive, Rumelioglu, Sertac, NAVAL POSTGRADUATE SCHOOL MONTEREY CA, *COMPUTER NETWORKS,...
Discussion Topics include: Motivations; Project Background-Draft Multilevel Print Server (MPS) PP; CC Version 2.2 - CC Version 3.0- Objectives and Approach, Before and After; Observations and Conclusion.
Topics: DTIC Archive, Nguyen, Thuy D, NAVAL POSTGRADUATE SCHOOL MONTEREY CA CENTER FOR INFORMATION SYSTEMS...
We present an integrated security model for a low-cost laptop that will be widely deployed throughout the developing world. Implemented on top of Linux operating system, the model is designed to restrict the laptop's software without restricting the laptop's user.
Topics: DTIC Archive, Krstic, Ivan, ONE LAPTOP PER CHILD CAMBRIDGE MA, *ELECTRONIC SECURITY, SYMPOSIA,...
This research presents an original emulation-based software protection scheme providing protection from reverse code engineering (RCE) and software exploitation using encrypted code execution and page-granularity code signing, respectively. Protection mechanisms execute in trusted emulators while remaining out-of-band of untrusted systems being emulated. This protection scheme is called SecureQEMU and is based on a modified version of Quick Emulator (QEMU). RCE is a process that uncovers the...
Topics: DTIC Archive, Kimball, William B, AIR FORCE INST OF TECH WRIGHT-PATTERSON AFB OH DEPT OF ELECTRICAL...
This report provides an overview of federal law governing wiretapping and electronic eavesdropping. It also surveys state law in the area and contains a bibliography of legal commentary. It is a federal crime to wiretap or to use a machine to capture the communications of others without court approval, unless one of the parties has given their prior consent. It is likewise a federal crime to use or disclose any information acquired by illegal wiretapping or electronic eavesdropping. Violations...
Topics: DTIC Archive, LIBRARY OF CONGRESS WASHINGTON DC CONGRESSIONAL RESEARCH SERVICE, *ELECTRONIC...
Hardware resources are abundant; state-of-the-art processors have over one billion transistors. Yet for a variety of reasons, specialized hardware functions for high assurance processing are seldom (i.e., a couple of features per vendor over twenty years) integrated into these commodity processors despite a small flurry of late (e.g., ARM TrustZone, Intel VT-x/VT-d and AMD-V/AMD-Vi, Intel TXT and AMD SVM, and Intel AES-NI). Furthermore, as chips increase in complexity, trustworthy processing of...
Topics: DTIC Archive, NAVAL POSTGRADUATE SCHOOL MONTEREY CA DEPT OF COMPUTER SCIENCE, *INTEGRATED SYSTEMS,...
The development of computer networks has resulted in an important class of computers: network servers. The primary purpose of these machines is to provide services, including both computational and data services, to other computers on the network. Because of their service role, it is common for servers to store many of an organization's most valuable and confidential information resources. They also are often deployed to provide a centralized capability for an entire organization, such as...
Topics: DTIC Archive, Allen, Julia, CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST,...
Computer security risks have increased dramatically over the last decade as our government and our nation have become ever more reliant on interconnected computer systems to support critical operations and infrastructures, including telecommunications, finance, power distribution, emergency services, law enforcement, national defense, and other government services. These interconnected systems are part of a global Information infrastructure that is not defined by geographic boundaries or by...
Topics: DTIC Archive, Brock, Jack L , Jr, GENERAL ACCOUNTING OFFICE WASHINGTON DC ACCOUNTING AND...
Biometrics have the potential to solidify person authentication by examining unforgeable features of individuals. This paper explores issues involved with effective integration of biometric-enhanced authentication into computer systems and design options for addressing them. Because biometrics are not secrets, systems must not use them like passwords; otherwise, biometric-based authentication will reduce security rather than increase it. A novel biometric-enhanced authentication system, based...
Topics: DTIC Archive, Klosterman, Andrew J, CARNEGIE-MELLON UNIV PITTSBURGH PA DEPT OF COMPUTER SCIENCE,...
This security improvement module, Detecting Signs of Intrusion, describes practices involved in preparing to detect and detecting intrusions into networked computer systems. The practices are designed to help network and system administrators prepare for and detect intrusions by looking for unexpected or suspicious behavior and then recognizing fingerprints of known intrusion methods.
Topics: DTIC Archive, Allen, Julia, CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST,...
Survivability is the ability of a system to continue operating despite the presence of abnormal events such as failures and intrusions. Ensuring system survivability has increased in importance as critical infrastructures have become heavily dependent on computers. In this paper we present a systematic method for performing survivability analysis of networked systems. An architect injects failure and intrusion events into a system model and then visualizes the effects of the injected events in...
Topics: DTIC Archive, Jha, S, CARNEGIE-MELLON UNIV PITTSBURGH PA SCHOOL OF COMPUTER SCIENCE, *COMPUTER...
Traditional intrusion detection systems (IDSs) focus on low-level attacks or anomalies, and raise alerts independently, though there may be logical connections between them. In situations where there are intensive attacks, not only will actual alerts be mixed with false alerts, but the amount of alerts will also become unmanageable. As a result, it is difficult for human users or intrusion response systems to understand the alerts and take appropriate actions. The objective of this project is...
Topics: DTIC Archive, Ning, Peng, NORTH CAROLINA STATE UNIV AT RALEIGH ANALYTICAL INSTRUMENTATION FACILITY,...
The National Computer Security Center (NCSC) and the National Institute of Standards and Technology are pleased to welcome you to the Nineteenth National Information Systems Security Conference. We believe the conference will stimulate a productive information exchange and promote a greater understanding of today's information security issues and protection strategies. The conference program addresses a wide range of interests from technical research and development projects to user-oriented...
Topics: DTIC Archive, NATIONAL COMPUTER SECURITY CENTER FORT GEORGE G MEADE MD, *SYMPOSIA, *INFORMATION...
GHOSTNet is a secure and anonymous Virtual Private Network (VPN) service. Coupling Ethernet tunneling and proxy services to provide users safe and anonymous Internet access, GHOSTNet utilizes TLS (SSL) protocol with AES-256 encryption to secure the network along with PKI certificates and HMAC protection from replay attacks and UDP flooding. This thesis will be a system level test and evaluation of the GHOSTNet infrastructure. The primary objective is to determine the functional performance of...
Topics: DTIC Archive, NAVAL POSTGRADUATE SCHOOL MONTEREY CA DEPT OF INFORMATION SCIENCES, *COMPUTER...
Two far-reaching trends in computing have grown in significance in recent years. First, statistical machine learning has entered the mainstream as a broadly useful tool set for building applications. Second, the need to protect systems against malicious adversaries continues to increase across computing applications. The growing intersection of these trends compels us to investigate how well machine learning performs under adversarial conditions. When a learning algorithm succeeds in...
Topics: DTIC Archive, CALIFORNIA UNIV BERKELEY DEPT OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCE,...
