%0 Conference Proceedings %A Akyildiz, Ian F. %A Benson, Glenn S. %D 1990 %T A Security Reclassifier for a Local Area Network %J First European Symposium On Research In Computer Security (ESORICS 90) %E Eizenberg, Gérard %I AFCET %C Toulouse, France %6 1 %P 85-95 %F Secure Systems II %K security, distributed systems, formal model, file server, concurrency, downgrader %L AB90 %X Organisations such as militaries, government agencies, and private companies require safeguards that ensure that sensitive information is not disclosed to unauthorized parties, yet ensure that information is disclosed to authorized parties. This paper presents the design of a secure downgrader that lowers the sensitivity level of files, and distributes the files over a local area network. A formal downgrader model is presented which formally demonstrates correctness of the downgrader design. The formal downgrader model is an instantiation of the D-Model -a formal abstract model of security in distributed and centralized systems. %0 Conference Proceedings %A Bailey, D. J. %D 1990 %T Managing Computer Security: How Can Research Help? %J First European Symposium On Research In Computer Security (ESORICS 90) %E Eizenberg, Gérard %I AFCET %C Toulouse, France %6 1 %P 235-241 %F Invited Lecture %L Bailey90 %X This paper points out significant problems in managing the security of large systems. Addressed to the research community, it suggests research questions whose solution would benefit the people charged with protecting actual systems, and hence, would create real improvements in system security. The problems of managing connection-rich distributed systems are discussed, and a research direction leading to a solution for the problems of distributed systems is suggested. %0 Conference Proceedings %A Bieber, Pierre %D 1990 %T Epistemic Verification of Cryptographic Protocols %J First European Symposium On Research In Computer Security (ESORICS 90) %E Eizenberg, Gérard %I AFCET %C Toulouse, France %6 1 %P 211-221 %F Security Verification and Evaluation %L Bieber90 %X We propose a new method in order to analyze cryptographic protocols. We use a logic of knowledge, time and communication in order to express security specifications and the behaviors of the agents of a protocol. Then we build a formula of the logic that represents security enforcement. The verification of the protocol is equivalent to finding a proof in the logic of the security formula. We apply this method to the verification of the Needham-Schroeder authentication protocol. %0 Conference Proceedings %A Biskup, Joachim %D 1990 %T A General Framework for Database Security %J First European Symposium On Research In Computer Security (ESORICS 90) %E Eizenberg, Gérard %I AFCET %C Toulouse, France %6 1 %P 35-41 %F Database II %K database security, communication, channel, military (multilevel) database security policy, commercial database security policy, personal knowledge, secrets, properties, informational self-determination %L Biskup90 %X Databases are interpreted as a channel for communicative actors. Then a database security policy aims at establishing subchannels between specific (groups of) users such that certain facilities of the subchannels, e.g. integrity and completion of transactions, are guaranteed while the subchannels remain suitably separated. The military (multilevel), commercial, and personal knowledge approach are assessed with respect to this view of database security. Their differences partly originate from emphasizing various values: secrets, properties and informational self-determination, respectively. %0 Conference Proceedings %A Blain, Laurent %A Deswarte, Yves %D 1990 %T An Intrusion-Tolerant Security Server for an Open Distributed System %J First European Symposium On Research In Computer Security (ESORICS 90) %E Eizenberg, Gérard %I AFCET %C Toulouse, France %6 1 %P 97-104 %F Secure Systems II %L BD90 %X This paper describes a new approach for security in distributed systems. This approach consists of gathering most of the security functions of the distributed system into a set of specialized sites, the security sites, responsible for user authentication, authorization and security auditing. These security sites constitute a distributed security server which can be globally trusted, even if no individual site is trusted: an intrusion into a minority of the security sites is tolerated because it has no consequence on the confidentiality or integrity of the security management data and no consequence on the availability of the overall security service. This technique is well adapted to open, heterogeneous distributed systems since no individual site has to be trusted. An extended discretionary access control policy is proposed which is consistent with this openness. An experimental distributed security server based on this technique is currently developed as part of the DELTA-4 project of the European ESPRIT programme. %0 Conference Proceedings %A Casey, P. %A Brouwer, A. %A Herson, D. %A Pacault, J.-F. %A Taal, F. %A Van Essen, U. %D 1990 %T Harmonised Criteria for the Security Evaluation of IT Systems and Products %J First European Symposium On Research In Computer Security (ESORICS 90) %E Eizenberg, Gérard %I AFCET %C Toulouse, France %6 1 %P 243-249 %F Invited Lecture %L CBHPTE90 %X Four Europeans countries have put their requirements and their expertise together and developed a single set of Information Technology Security Criteria (ITSEC), harmonizing the criteria they were previously using. The ITSEC take into account the integrity of data and the availability of data and processes as well as the confidentiality of data; they are intended to be applicable to both systems and products, to government as well as to commercial use. There is a mappability with the TCSEC of US government. The ITSEC make a very clear distinction between, on one hand, the security functions and mechanisms, and on the other hand, the assurance that first these functions are correctly implemented and operated and, second, that they are effective in order to achieve the security objectives. The ITSEC are currently being widely distributed for comments and consultations: such comments are indeed necessary for a new version to be prepared to receive broad acceptance by a wide range of potential users and market sectors. %0 Conference Proceedings %A Cuppens, F. %D 1990 %T An Epistemic and Deontic Logic for Reasoning about Computer Security %J First European Symposium On Research In Computer Security (ESORICS 90) %E Eizenberg, Gérard %I AFCET %C Toulouse, France %6 1 %P 135-145 %F Models II %K security model, formal logic, modal logic %L Cuppens90 %X We suggest in this paper a logical approach to security using several modal logics: - an epistemic logic to allow representation of user's knowledge. - a deontic logic to represent what each user is permitted to know. - a temporal logic to represent how knowledge and permission to know change over time. We use then these logics to define formally the security in a computer. This logical formalism provide equally a formal method to express several security policies, especially, multilevel and discretionary security policies. We can then bring out sufficient conditions for such security policies and, we can prove that these conditions really ensure the security. Finally, the approach we propose should enable to represent particular systems and to verify some implementation aspects. %0 Conference Proceedings %A de Waleffe, D. %A Quisquater, J.-J. %D 1990 %T Better Login Protocols for Computer Networks %J First European Symposium On Research In Computer Security (ESORICS 90) %E Eizenberg, Gérard %I AFCET %C Toulouse, France %6 1 %P 163-172 %F Cryptography %L WQ90 %X Authenticating computer users is a fairly old problem. Password based solutions were acceptable until the growth of computer networks based on insecure communication. Today many systems still use fixed passwords as a mean of authentication. We show in this paper how an old scheme by Lamport can be used to provide more security. Relying on that scheme and zero-knowledge techniques, we show extensions providing much more general access control mechanisms. Those extensions can be exploited in several ways: to authenticate users in computer networks, to provide users with access tickets or provide servers with proofs of usage. We also show how, in a single transaction, a user can prove his authenticity as well as prove his possession of a ticket. Finally, we explain how new smart cards make those protocols very practical. %0 Conference Proceedings %A Deberdt, Eric %A Martin, Sylvain %D 1990 %T Methodology "Minerve Security" - Evaluation Process of Software Security %J First European Symposium On Research In Computer Security (ESORICS 90) %E Eizenberg, Gérard %I AFCET %C Toulouse, France %6 1 %P 223-231 %F Security Verification and Evaluation %K Security, Evaluation, Method, Criteria, Metrics %L DM90 %X The proposed evaluation process fits into a secure software development methodology. This methodology is built on a Top-Down systemic approach that begins with the global system definition (hardware, software and organizational) and that ends with the software development and certification. This approach is compatible with Mac CALL's "factors, criteria and metrics" approach, which gives the advantage of being compatible with a reference software quality assurance practice. %0 Conference Proceedings %A Girault, Marc %A Pailles, Jean-Claude %D 1990 %T An Identity-Based Scheme Providing Zero-Knowledge Authentication and Authenticated Key Exchange %J First European Symposium On Research In Computer Security (ESORICS 90) %E Eizenberg, Gérard %I AFCET %C Toulouse, France %6 1 %P 173-184 %F Cryptography %L GP90 %X We present a public-key scheme for key exchange, which conciliates two features, believed contradictory until now: first, as in usual identity-based schemes, public keys need not be certified by an authority; second, contrary to usual identity-based schemes, each user can choose himself his secret key and the authority is unable to infer it from his public key. Moreover, the scheme can be adapted for also providing authentication services. The security of this scheme is based on the intractability of both factorization and discrete logarithm problems. A preliminary version was presented at SECURICOM'89 conference. The new version contains a lot of improvements and new protocols. %0 Conference Proceedings %A Hocking, E.S. %A McDermid, J.A. %D 1990 %T Towards an Object Oriented Development Environment for Secure Applications %J First European Symposium On Research In Computer Security (ESORICS 90) %E Eizenberg, Gérard %I AFCET %C Toulouse, France %6 1 %P 191-200 %F Software Engineering for Security %K Object oriented systems, IPSES, Z, Security models, assurance %L HM90 %X The need for secure applications has long been understood by the security community. It is however becoming increasingly clear that the environment within which secure applications are developed can itself have a large impact on the overall assurance attributable to the deliverable product. For example, an otherwise secure application can be corrupted by the inclusion of a non-verified component during a particular phase in the software life cucle unless close control is maintained over the activities involved. It is just this sort of issue which a support environment in meant to address. This paper examines these issues within the context of an Object Oriented development environment. This will be done by first reviewing a flexible security policy such as might be required in a typical development environment. This abstract policy will then be configured to a particular set of control objectives to demonstrate the utility of the approach. This abstract model will then be refined into a particular architecture in order to demonstrate a possible approach to enforcing security. Finally some observations based on an attempt at building a prototype environment based on this architecture will be discussed. %0 Conference Proceedings %A Hoffmann, G. %A Lechner, S. %A Leclerc, M. %A Steiner, F. %D 1990 %T Authentication and Access Control in a Distributed System %J First European Symposium On Research In Computer Security (ESORICS 90) %E Eizenberg, Gérard %I AFCET %C Toulouse, France %6 1 %P 71-84 %F Secure Systems II %L HLLS90 %X The paper describes a security architecture for authentication and access control in a distributed system. It is based on the work of ECMA described in ECMA TR/46 and ECMA-138. Its main components are a centralized authentication service and access control via a protected data structure, called PAC. %0 Conference Proceedings %A Jones, R. W. %D 1990 %T A General Mechanism for Access Control: Its Relationship to Secure System Concepts %J First European Symposium On Research In Computer Security (ESORICS 90) %E Eizenberg, Gérard %I AFCET %C Toulouse, France %6 1 %P 45-50 %F Secure Systems I %L Jones90 %X The paper contributes to the clarification of what is meant by security in data processing systems. It is based on a general access control mechanism, which has been described in previous papers and is here modified to become more general. The mechanism is justified informally and is then used in discussing security. The paper describes the use of the mechanism to help define security requirements form the users' point of view and to help describe the correspondence of that definition to a more detailed view. Finally, it offers the basic assumptions of the mechanism as a contribution to the meaning of "security". %0 Conference Proceedings %A Kaiser, Jörg %D 1990 %T An Object-Oriented Architecture to Support System Reliability and Security %J First European Symposium On Research In Computer Security (ESORICS 90) %E Eizenberg, Gérard %I AFCET %C Toulouse, France %6 1 %P 51-60 %F Secure Systems I %L Kaiser90 %X MUTABOR (Mapping Unit for The Access By Object References) is an object-oriented architecture which provides a set of mechanisms for secure and reliable computing. Modular system structuring, data abstraction, and fine grain protection are supported at the hardware/firmware-level of the system. This is in compliance with the demands for operational assurance definded by security standards. The paper sketches these security requirements. It describes the architecture of MUTABOR and discusses the advantages in relation to conventional systems which do not assume architectural support. Finally, the hardware realisation and performance considerations are presented. %0 Conference Proceedings %A Kelter, Udo %D 1990 %T Group-Oriented Discretionary Access Controls for Distributed Structurally Object-Oriented Database Systems %J First European Symposium On Research In Computer Security (ESORICS 90) %E Eizenberg, Gérard %I AFCET %C Toulouse, France %6 1 %P 23-33 %F Database II %K discretionary access controls, object-oriented databases, distributed databases, complex objects, shared objects, hierarchical groups, group paradigms, denial of access %L Kelter90 %X Structurally object-oriented database systems are a new class of dedicated data storage systems which are intended to be a basis of CAD, CASE, and other design environments which shall support large development teams. This paper presents a concept for discretionary access controls for structurally object-oriented database systems. It addresses two particular problems: Structurally object-oriented database systems contain complex objects. Complex objects are nested and can overlap. Arbitrary complex objects should be units of access control. Overlapping objects cause particular problems because they might have contradicting access rights. This problem is solved by introducing certain constraints on the way in which access rights of components of an object can be granted or denied. Development projects which use design environments are typically organized as a hierarchy of nested groups. Our concept is group-oriented in the sense that it supports such subgroup hierarchies. Two different interpretations of a subgroup structure, termed group paradigms, are supported. Under one paradigm, a group is used to give several users the same rights, whereas under the other paradigm a group has the set of rights which corresponds to the task of the group. Two final noteworthy features of our concept are that it employs a 4-valued logic which supports explicit denials of access and that if makes provision for distribution of the database. %0 Conference Proceedings %A Lunt, Teresa F. %A Hsieh, Donovan %D 1990 %T The SeaView Secure Database System: A Progress Report %J First European Symposium On Research In Computer Security (ESORICS 90) %E Eizenberg, Gérard %I AFCET %C Toulouse, France %6 1 %P 3-13 %F Database I %L LH90 %X The SeaView project was a three-year project to design a multilevel database system to meet the requirements for Class A1 of the U.S. DoD Trusted Computer System Evaluation Criteria. We are currently in the middle of a new two-year project to build a prototype multilevel database system based on the SeaView design. The design utilizes existing database technology as well as a general-purpose trusted computing base (TCB). On this base we are building a layer of software to implement multilevel relations and to support user interaction through the MSQL language, which we have designed as an extension of the standard Structured Query Language (SQL). %0 Conference Proceedings %A O'Halloran, C. %D 1990 %T A Calculus of Information Flow %J First European Symposium On Research In Computer Security (ESORICS 90) %E Eizenberg, Gérard %I AFCET %C Toulouse, France %6 1 %P 147-159 %F Models II %L OHalloran90 %X In this paper a category theoretic treatment of information flow is presented. Information flow relations within a category of safety specifications are introduced and their properties under conjunction from the calculus and parallel composition within CSP are examined. %0 Conference Proceedings %A Patarin, Jacques %D 1990 %T Pseudorandom Permutations Based on the D.E.S. Scheme %J First European Symposium On Research In Computer Security (ESORICS 90) %E Eizenberg, Gérard %I AFCET %C Toulouse, France %6 1 %P 185-187 %F Cryptography %K Cryptology, D.E.S., Psudorandom generators %L Patarin90 %X We will mainly present the results exposed by Michel Luby and Charles Rackoff in "How to construct pseudorandom permutations from pseudorandom functions", SIAM J. Comput., 1988, and the new results on that subject. No demonstrations will be given here but in an article for Eurocode 90, I will give a complete proof of the main results. (This proof will be sensibly simpler and more complete than the one given by Luby and Rackoff). The two main results are: 1. A three iteration DES scheme where the S-boxes are replaced by random functions (or by a pseudo-random function generator) will give us an invertible pseudorandom function generator. That is to say a cryptosystem which is secure against chose plaintext attacks. 2. A four (or more) iterations DES Scheme where the S-boxes are replaced by random functions (or by a pseudorandom function generator) will give us an invertible super pseudorandom permutation generator. That is to say a cryptosystem which is secure againts chose plaintext and chosen ciphertext attacks. %0 Conference Proceedings %A Randell, Gill %D 1990 %T A Case Study in the Formal Refinement of a Distributed Secure System %J First European Symposium On Research In Computer Security (ESORICS 90) %E Eizenberg, Gérard %I AFCET %C Toulouse, France %6 1 %P 201-208 %F Software Engineering for Security %L Randell90 %X This paper presents a case study in the use of formal refinement as a development method for high-integrity software. The particular refinement demonstrated is a parallel refinement, in which the state data of the system is physically distributed across different components of the system. The case study uses the Distributed Secure System under development at the Royal Signals and Radar Establishment as its subject. The experiences gained and areas for future work are presented. %0 Conference Proceedings %A Savic, Zoran %A Komocar, Mihajlo %D 1990 %T Security Kernel Design and Implementation in the IBM PC Environment %J First European Symposium On Research In Computer Security (ESORICS 90) %E Eizenberg, Gérard %I AFCET %C Toulouse, France %6 1 %P 61-68 %F Secure Systems I %L SK90 %X The increased prominence of Personal Computer systems has led to attempt to implement a Security Kernel in the IBM PC environment. A Hardware Security Module has been proposed and the way to implement it in this environment described. Its key element is the Secure Memory Area, which provides protection for the software executed in the area, and enables the creation of a privileged execution mode to restrict access to I/O devices. The combination of an add-on PC board and security software results in a sound basis for a wide range of security policies. The number of registered users, security levels and discretionary groups can all be separately defined when the security system is installed, while the installation has no noticeable affect on PC performance. %0 Conference Proceedings %A Stewart Lee, E. %A Thomson, Brian %A Boulton, Peter I. P. %A Stumm, Michael %D 1990 %T An Architecture for a Trusted Network %J First European Symposium On Research In Computer Security (ESORICS 90) %E Eizenberg, Gérard %I AFCET %C Toulouse, France %6 1 %P 105-113 %F Secure Systems II %L STBS90 %X The thesis of this research is that the network is the logical entity to enforce a network security policy. The alternative is to attempt to enforce a network security policy in the trusted computing bases (TCBs) of the attached hosts. The latter requires the adoption of a single-system approach, for which it is argued that there are several disadvantages. A Trusted Network Architecture (TNA) that enforces a network security policy within the network to ensure confidential communications is described. It is claimed that TNA is resistant to all known confidentiality attacks except those based on denial of service. An architecture for the network is described, with considerable detail being devoted to the handling of encryption keys. %0 Conference Proceedings %A Tarah, Anas %A Huitema, Christian %D 1990 %T CHIMĆRA: A Network Security Model %J First European Symposium On Research In Computer Security (ESORICS 90) %E Eizenberg, Gérard %I AFCET %C Toulouse, France %6 1 %P 127-132 %F Models I %L TH90 %X This proposed paper is a prime description for a contribution to the advance of the security of interconnected open systems. The first part of the article is a panorama over the different network security architectures. The second one is a description of the CHIĆRA model and an implementation of the adopted architecture measures on a network. We propose a general facility for the distribution and handling of assymetric "public" key, and integrate it in applications like MHS, FTAM, RPC and Directory service. The third part is a conclusion on some hanged problems and open questions on the reliability of the adopted model and some future intended works on this trend. %0 Conference Proceedings %A Thomson, Brian %D 1990 %T Using Deducibility in Secure Network Modelling %J First European Symposium On Research In Computer Security (ESORICS 90) %E Eizenberg, Gérard %I AFCET %C Toulouse, France %6 1 %P 117-123 %F Models I %K security models, deducibility, information flow %L Thomson90 %X Information flow promises to provide definitions of confidentiality that are at once intuitive, goal-oriented, and suited to formal analysis, but there remain some problems when these are applied to non-deterministic systems. In this paper, an information flow definition of confidentiality is derived that addresses some of these problems. A low-level security model is then described that is derived from that definition. %0 Conference Proceedings %A Yazdanian, K. %D 1990 %T Relational Database Granularity %J First European Symposium On Research In Computer Security (ESORICS 90) %E Eizenberg, Gérard %I AFCET %C Toulouse, France %6 1 %P 15-21 %F Database I %L Yazdanian90 %K Relational database, relational model security, grain of data, granularity %X This paper proposes a definition of data "grain" for data protection in a relational model representation. The definition is based on previous research on data representation in a relational database using first order logic. The "grain" is the t-uple which is bind to a protection attribute, while other choices need to bind a protection level to each relation attribute value.