The Center for Education and Research in Information Assurance and Security, or CERIAS, is the world's foremost University center for multidisciplinary research and education in areas of information security. Our areas of research include computer, network, and communications security as well as information assurance.

This site's design is only visible in a graphical browser that supports web standards, but its content is accessible to any browser or Internet device. (Why?)

Center for Education and Research in Information Assurance and Security

COAST Security Archive Logo Category Index: /pub/doc/access_control


No Pointing!

This WWW page was generated automatically. Link makers should not point their links to this page. If you must, please make a link to the search entry point.

National Computer Security Center, A Guide To Understanding Discretionary Access Control In Trusted Systems
Abstract: This publication, "A Guide to Understanding Discretionary Access Control In Trusted Systems," is issued by the National Computer Security Center (NCSC) under the authority of and in accordance with Department of Defense (DoD) Directive 5215.1, "Computer Security Evaluation Center." The guidelines defined in this document are intended to be used by computer hardware and software designers who are building systems with the intent of meeting the requirements of the Department of Defense Trusted Computer System Evaluation Criteria, DoD 5200.28-STD.

B. Clifford Neuman, Proxy-Based Authorization and Accounting for Distributed Systems
Abstract: Despite recent widespread interest in the secure authentication of principals across computer networks there has been considerably less discussion of distributed mechanisms to support authorization and accounting. By generalizing the authentication model to support restricted proxies, both authorization and accounting can be easily supported. This paper presents the proxy model for authorization and shows how the model can be used to support a wide range of authorization and accounting mechanisms. The proxy model strikes a balance between access-control-list and capability-based mechanisms allowing each to be used where appropriate and allowing their use in combination. The paper describes how restricted proxies can be supported using existing authentication methods.

Peiter Z, Secure Networks Inc., Weaknesses in SecurID
Keywords: SecurID, token cards, race attacks, denial of service attacks, server - slave separation, replay attacks, ACE Server, out-of-band authentication
Abstract: Due to increased recent interest that has been witnessed on the net about the SecurID token cards and potential vulnerabilities with their use, we offer a white paper on some of the vulnerabilities that we believe have been witnessed and/or speculated upon. Topics dealt with in the paper include: Race attacks based upon fixed length responses Denial of Service attacks based upon server patches. Server - Slave separation and replay attacks. Vulnerabilities in the communications with the ACE Server. A quick analysis of the communications with the ACE Server. Problems with out-of-band authentication.

_____

O Built by Mark Crosbie and Ivan Krsul.

Security Archive Page Security Archive Homepage.

COAST Homepage COAST Project (CERIAS)Page.

Purdue CS Homepage Purdue CS Dept page.


security-archive@cerias.purdue.edu (COAST Security Archive)