Sciweavers

ACSAC
2000
IEEE
14 years 4 months ago
ITS4: A Static Vulnerability Scanner for C and C++ Code
We describe ITS4, a tool for statically scanning security-critical C source code for vulnerabilities. Compared to other approaches, our scanning technique stakes out a new middle ...
John Viega, J. T. Bloch, Y. Kohno, Gary McGraw
ACSAC
2000
IEEE
14 years 4 months ago
A Policy-based Access Control Mechanism for the Corporate Web
Current Web technologies use access control lists (ACLs) for enforcing regulations and practices governing businesses today. Having the policy hard-coded into ACLs causes manageme...
Victoria Ungureanu, F. Vesuna, Naftaly H. Minsky
ACSAC
2000
IEEE
14 years 4 months ago
Calculating Costs for Quality of Security Service
This paper presents a Quality of Security Service (QoSS) costing framework and demonstration. A method for quantifying costs related to the security service and for storing and re...
E. Spyropoulou, Timothy E. Levin, Cynthia E. Irvin...
ACSAC
2000
IEEE
14 years 4 months ago
Efficient Commerce Protocols based on One-Time Pads
We present a new commerce protocol that allows customers and merchants to conduct face-to-face creditcard authorizations with a credit card company securely with the option of ano...
Michael A. Schneider, Edward W. Felten
ACSAC
2000
IEEE
14 years 4 months ago
Implementing Security Policies using the Safe Areas of Computation Approach
The World Wide Web is playing a major role in reducing business costs and in providing convenience to users. Digital Libraries capitalize on this technology to distribute document...
André L. M. dos Santos, Richard A. Kemmerer
ACSAC
2000
IEEE
14 years 4 months ago
History-based Distributed Filtering - A Tagging Approach to Network-Level Access Control
This contribution discusses a network-level access control technique that applies the non-discretionary access control model to individual data packets that are exchanged between ...
Reiner Sailer, M. Kabatnik
ACSAC
2000
IEEE
14 years 4 months ago
Two State-based Approaches to Program-based Anomaly Detection
This paper describes two recently developed intrusion detection algorithms, and gives experimental results on their performance. The algorithms detect anomalies in execution audit...
Christoph C. Michael, Anup K. Ghosh
ACSAC
2000
IEEE
14 years 4 months ago
Protection Profiles for Remailer Mixes -Do the New Evaluation Criteria Help?
Early IT security evaluation criteria like the TCSEC and the ITSEC suffered much criticism for their lack of coverage of privacy-related requirements. Recent evaluation criteria, ...
Kai Rannenberg, Giovanni Iachello
ACSAC
2000
IEEE
14 years 4 months ago
Scalable Policy Driven and General Purpose Public Key Infrastructure (PKI)
V. Prasad, S. Potakamuri, M. Ahern, I. Balabine, M...
ACSAC
2000
IEEE
14 years 4 months ago
Security Agility in Response to Intrusion Detection
Cooperative frameworks for intrusion detection and response exemplify a key area of today’s computer research: automating defenses against malicious attacks that increasingly ar...
M. Petkac, Lee Badger