Showing papers in "Computers & Security in 1987"
••
[...]
TL;DR: This paper introduces ''computer viruses'' and examines their potential for causing widespread damage to computer systems and the infeasibility of viral defense in large classes of systems.
916 citations
••
TL;DR: In this article, the authors summarize basic concepts to keep the recipient and sender or at least their relationship unobservable, consider some possible implementations and necessary hierarchical extensions, and propose some suitable performance and reliability enhancements.
197 citations
••
TL;DR: The notion of multilevel security and the difficulties encountered in designing an implementation scheme for a security policy for a multileVEL secure database management system (MLS/DBMS) are discussed and difficulties may be overcome in augmenting a database with an inference engine so that it functions like a knowledge based system.
88 citations
••
TL;DR: This paper describes a cryptographic checksum technique for verifying the integrity of information in computer systems with no built-in protection based on the use of repeated encryption using an RSA cryptosystem as a pseudo-random number generator.
82 citations
••
TL;DR: Testing word associations, as an extension of simple password entry, may be a practical means of verifying the identity of individual computer users if each user specifies his/her own cue-response associations, then responses will be easy to remember.
62 citations
••
TL;DR: A scheme is presented that shows the usefulness of the encryption approach when this is not the case and is also better suited for use in untrusted computer systems.
54 citations
••
TL;DR: The Livermore Risk Analysis Methodology (LRAM) was developed in accord with principles and can be used to determine which specific security controls and counter measures can be effective and justifiable by management-set criteria.
46 citations
••
TL;DR: An informal security policy for a multi-level secure database management system is outlined, and mechanisms are introduced that support the policy.
46 citations
••
TL;DR: This paper will critically review the gap between theory and practice, and will justify some bold statements by quoting examples from the author's practice.
25 citations
••
TL;DR: A quantitative measure for password robustness and 'lasting' power is provided, which discusses encryption possibilities and provides a comparative evaluation of various password methods.
25 citations
••
TL;DR: This paper introduces the reader to hand-held devices for identifying users to computer systems and discusses alternative key/system interfacing technologies, the problems of managing and supporting populations of key devices, and the administration of the lock software.
••
TL;DR: This paper proposes the use of Key Updating Flags as an extension to the two most common types of key management system used for EFT-POS, which allow the host to control the security level at each terminal and to assist in smoothing out its own processing load.
••
TL;DR: This article discusses the managerial perspectives with which an appropriate balance between the managerial and the technical may be struck and illuminates some tried-and-true methods associated with organizational design, raising the level of management awareness, and obtaining needed resources.
••
TL;DR: This paper proposes the use of rule based systems, as an aid to system designers, for a study of potential attacks on key management schemes and investigates the effect of special circumstances, e.g. appearance of DES semiweak keys or modifications to the system.
••
TL;DR: A new recovery method with two features: it is fast because as much as possible it uses data already stored by an application in virtual memory for recovery, and it is novel because it allows data invirtual memory to be organized in a heap with automatic garbage collection.
••
TL;DR: This paper combines and generalizes integrity and security lattices to a simpler flow model, and shows that the most general structure required for representing information flow in a general purpose transitive information network is a partial ordering.
••
TL;DR: Performance results of several implementations are given, which show that the RSA algorithm is acceptably fast for a large number of applications.
••
TL;DR: A European and an American outlook from the Scandinavian point of view is given and a critical approach to computer crime and loss statistics that usually are deceptive are suggested.
••
TL;DR: The Belgian banking community has designed a standard security system TRASEC (TRAnsmission SECurity) for EFT (Electronic Funds Transfer) between corporate customers and all financial institutions, which will become operational by the end of 1987.
••
[...]
TL;DR: This paper examines some of the more interesting social values of a group of self-proclaimed crackers, or elite hackers, compared to those of non-cracker, computer professionals for moral and ethical balance.
••
TL;DR: The CEM-DSS is geared to help the EDP manager identify alternative sets of control activities, evaluate and choose the most preferred set, and monitor and upgrade the security of EDP systems frequently.
••
[...]
TL;DR: A survey of present-day installations reveals that users perceive their comfort to coincide with the absence of security, which is in the conflict between user friendliness as advertised and perceived by the user on the one hand, and security requirements on the other hand.
••
TL;DR: Some formal requirements for a key distribution scheme are listed and it is shown that one of the proposed schemes fails to satisfy them.
••
TL;DR: The answer given is: Let a hierarchically structured, offline trusted third party issue to the subscribers computer active tokens, which can authenticate their owners and can communicate with each other securely by applying certified signatures, that can be authenticated to access control information, messages and money orders.
••
TL;DR: The results of an empirical study on computer related embezzlements as well as the difficulties in collecting the research material are presented.
••
TL;DR: It is shown means by which trusted and untrusted computing bases may be connected to form provably secure distributed information networks under partial orderings, and a risk analysis technique which takes advantage of the POset structure to reduce the complexity of analysis for these networks.
••
TL;DR: This report explains how quality information concepts were used as a basis for a presentation to the senior management people of a large business.
••
TL;DR: This article defines both a new reference model with which people can view information systems security and several reasons why this newreference model should be adopted.