scispace - formally typeset
Search or ask a question
Author

Fraim

Bio: Fraim is an academic researcher from Honeywell. The author has contributed to research in topics: Multilevel security. The author has an hindex of 1, co-authored 1 publications receiving 113 citations.

Papers
More filters
Journal ArticleDOI
Fraim1
TL;DR: The Scomp trusted operating program, or STOP, is a security kernel based, general-purpose operating system that provides a multilevel hierarchical file system, inter-process communication, security administrator functions, and operator commands.
Abstract: The Honeywell Secure Communications Processor supports a variety of specialized applications that require the processing of information with multilevel security attributes. A commercial hardware product, the Scomp system is a unique implementation of a hardware/soft-ware general-purpose operating system based on the security kernel concept. Scomp hardware supports a Multics-like, hardware-enforced ring mechanism, virtual memory, virtual I/O processing, page-fault recovery support, and performance mechanisms to aid in the implementation of an efficient operating system. The Scomp trusted operating program, or STOP, is a security kernel based , general-purpose operating system that provides a multilevel hierarchical file system, inter-process communication, security administrator functions , and operator commands. The idea for the Scomp system originated in a joint Honeywell-Air Force program called Project Guardian, which was an attempt to further enhance the security of Honeywell's Multics system.' A secure front-end processor was needed that would use the security kernel approach to control communications access to Multics. Multics was designed to provide program and data sharing while simultaneously protecting against both program and data misuse. The system emphasizes information availability, applications implementation, database facilities, decentralized administrative control, simplified system operation, productivity, and growth. The Multics system uses the combination of hardware and software mechanisms to provide a dynamic multiuser environment. The Multics security mechanisms, considered far more advanced than those available in most large commercial systems, use access control lists, a hardware-enforced ring structure supporting eight rings, and the Access Isolation Mechanism that allows the definition of privilege independent of other controls. Access control provided by these mechanisms is interpreted by software but enforced by hardware on each reference to information. The hardware implementation includes a demand-paged virtual memory capability that is invisible to the user programs. Although Project Guardian was never completed, the use of Multics features to provide multilevel security was pursued in a revised Scomp effort, a joint project of Honeywell Information Systems and the Department of Defense (specifically, the Naval Electronics Systems Command, or Navelex). In this implementation, the Scomp is a trusted minicomputer operating system using software verification techniques.* Originally the plan was to use the traditional approach to building a trusted operating system: Namely, to build a security kernel and an emulator ofan existing operating system to run on top of the kernel. This approach was taken by UCLA2 and Mitre in their early development programs and by Ford for KSOS-11.3 One conclusion drawn from these efforts was …

113 citations


Cited by
More filters
Book
01 Jan 2001
TL;DR: In almost 600 pages of riveting detail, Ross Anderson warns us not to be seduced by the latest defensive technologies, never to underestimate human ingenuity, and always use common sense in defending valuables.
Abstract: Gigantically comprehensive and carefully researched, Security Engineering makes it clear just how difficult it is to protect information systems from corruption, eavesdropping, unauthorized use, and general malice. Better, Ross Anderson offers a lot of thoughts on how information can be made more secure (though probably not absolutely secure, at least not forever) with the help of both technologies and management strategies. His work makes fascinating reading and will no doubt inspire considerable doubt--fear is probably a better choice of words--in anyone with information to gather, protect, or make decisions about. Be aware: This is absolutely not a book solely about computers, with yet another explanation of Alice and Bob and how they exchange public keys in order to exchange messages in secret. Anderson explores, for example, the ingenious ways in which European truck drivers defeat their vehicles' speed-logging equipment. In another section, he shows how the end of the cold war brought on a decline in defenses against radio-frequency monitoring (radio frequencies can be used to determine, at a distance, what's going on in systems--bank teller machines, say), and how similar technology can be used to reverse-engineer the calculations that go on inside smart cards. In almost 600 pages of riveting detail, Anderson warns us not to be seduced by the latest defensive technologies, never to underestimate human ingenuity, and always use common sense in defending valuables. A terrific read for security professionals and general readers alike. --David Wall Topics covered: How some people go about protecting valuable things (particularly, but not exclusively, information) and how other people go about getting it anyway. Mostly, this takes the form of essays (about, for example, how the U.S. Air Force keeps its nukes out of the wrong hands) and stories (one of which tells of an art thief who defeated the latest technology by hiding in a closet). Sections deal with technologies, policies, psychology, and legal matters.

1,852 citations

Journal ArticleDOI
TL;DR: The security of the scheme is based on pseudorandom functions, without reliance on the Random Oracle Model, and it is shown how to handle extensions proposed by Crampton [2003] of the standard hierarchies to “limited depth” and reverse inheritance.
Abstract: Hierarchies arise in the context of access control whenever the user population can be modeled as a set of partially ordered classes (represented as a directed graph). A user with access privileges for a class obtains access to objects stored at that class and all descendant classes in the hierarchy. The problem of key management for such hierarchies then consists of assigning a key to each class in the hierarchy so that keys for descendant classes can be obtained via efficient key derivation.We propose a solution to this problem with the following properties: (1) the space complexity of the public information is the same as that of storing the hierarchy; (2) the private information at a class consists of a single key associated with that class; (3) updates (i.e., revocations and additions) are handled locally in the hierarchy; (4) the scheme is provably secure against collusion; and (5) each node can derive the key of any of its descendant with a number of symmetric-key operations bounded by the length of the path between the nodes. Whereas many previous schemes had some of these properties, ours is the first that satisfies all of them. The security of our scheme is based on pseudorandom functions, without reliance on the Random Oracle Model.Another substantial contribution of this work is that we are able to lower the key derivation time at the expense of modestly increasing the public storage associated with the hierarchy. Insertion of additional, so-called shortcut, edges, allows to lower the key derivation to a small constant number of steps for graphs that are total orders and trees by increasing the total number of edges by a small asymptotic factor such as O(log*n) for an n-node hierarchy. For more general access hierarchies of dimension d, we use a technique that consists of adding dummy nodes and dimension reduction. The key derivation work for such graphs is then linear in d and the increase in the number of edges is by the factor O(logd − 1n) compared to the one-dimensional case.Finally, by making simple modifications to our scheme, we show how to handle extensions proposed by Crampton [2003] of the standard hierarchies to “limited depth” and reverse inheritance.

418 citations

Book
01 Jan 2005
TL;DR: This Second Edition of Information Security remains the premier text for students and instructors in information technology, computer science, and engineering, as well as for professionals working in these fields.
Abstract: Now updatedyour expert guide to twenty-first century information securityInformation security is a rapidly evolving field As businesses and consumers become increasingly dependent on complex multinational information systems, it is more imperative than ever to protect the confidentiality and integrity of data Featuring a wide array of new information on the most current security issues, this fully updated and revised edition of Information Security: Principles and Practice provides the skills and knowledge readers need to tackle any information security challenge Taking a practical approach to information security by focusing on real-world examples, this book is organized around four major themes: Cryptography: classic cryptosystems, symmetric key cryptography, public key cryptography, hash functions, random numbers, information hiding, and cryptanalysisAccess control: authentication and authorization, password-based security, ACLs and capabilities, multilevel security and compartments, covert channels and inference control, security models such as BLP and Biba's model, firewalls, and intrusion detection systemsProtocols: simple authentication protocols, session keys, perfect forward secrecy, timestamps, SSH, SSL, IPSec, Kerberos, WEP, and GSMSoftware: flaws and malware, buffer overflows, viruses and worms, malware detection, software reverse engineering, digital rights management, secure software development, and operating systems securityThis Second Edition features new discussions of relevant security topics such as the SSH and WEP protocols, practical RSA timing attacks, botnets, and security certification New background material has been added, including a section on the Enigma cipher and coverage of the classic "orange book" view of security Also featured are a greatly expanded and upgraded set of homework problems and many new figures, tables, and graphs to illustrate and clarify complex topics and problems A comprehensive set of classroom-tested PowerPoint slides and a solutions manual are available to assist in course developmentMinimizing theory while providing clear, accessible content, Information Security remains the premier text for students and instructors in information technology, computer science, and engineering, as well as for professionals working in these fields

387 citations

Book
01 May 1988
TL;DR: This paper aims to clarify the role of encryption in the development of knowledge representation and provides some examples of how the model has changed over time from simple to complex to understandable.
Abstract: machines, 178, 179 Abstract model, 30, 31–32, 105–30. See also Security models Access class, 52, 112 dominates relationship between, 53, 122, 183-84 partial ordering of, 53, 122 SYSTEM HIGH/SYSTEM LOW, 123, 148 Access control, 22–23, 45–46. See also Multilevel security discretionary, 45, 47–50 input/output, 96–102 limiting Trojan horses with, 63–64 mandatory, 45, 50–51 with memory management, 83–86 network, 213–15 Access control list (ACL), 49–50 Access list, 48 Access matrix model, 109, 110 Bell and La Padula model, 123 ACF2 (software), 9 ACL. See Access control list (ACL) Address. See Virtual address space Adleman, L., 202 AFFIRM, 167, 168 Akers, R. L., 167 Algebraic specifications, 168 Algorithmic refinement, 178–81 Ames, S. R., Jr., 28, 131 Anderson, J. P., 131 Application mode, 27 Applications programs, 25, 26 Argument validation, 153 Arpanet Reference Model, 196 Ashland, R. E., 9, 51 Assertions, entry and exit, 190–92 Assurance, security control, 31 Asynchronous attack, 153–54 Atomic functions, 115 Authentication. See also Password(s) vs. identification, 18–19, 45–46 provided by encryption, 208 Authentication server, 221 Authorization, 22 Authorization server, 221

274 citations

Proceedings ArticleDOI
20 May 1991
TL;DR: Fuzzy time has proven to be highly effective against the timing channels in the VAX security kernel, and does so at a much lower-than-anticipated performance cost.
Abstract: Fuzzy time is a collection of techniques that reduces the bandwidths of covert timing channels by making all clocks available to a process noisy. Developed in response to the problems posed by high-speed hardware timing channels, fuzzy time has been implemented in the VAX security kernel. Fuzzy time has proven to be highly effective against the timing channels in the VAX security kernel. Not only does fuzzy time close the high-speed channels, it does so at a much lower-than-anticipated performance cost. It is believed that the VAX security kernal managed to meet the covert channel guidelines while maintaining a good balance between security and performance. >

237 citations