A Generalized Temporal Role Based Access Control (GTRBAC) model that captures an exhaustive set of temporal constraint needs for access control has recently been proposed. GTRBAC

A TCP forwarder is a network node that establishes and forwards data between a pair of TCP connections.  For example, a firewall that places a proxy between a TCP connection to an external host and a TCP connection to an internal host - for the purpose of implementing access control to a resource on the internal host - is an example of a TCP forwarder.

Contemporary computer networks are heterogeneous; even a single network consists of many kinds of processors and communications channels.  But few programming tools embrace, or even acknowledge, this complexity.  New methods and approaches are required if next-generation networks are to be configured, administered and utilized to their full potentials…

This paper discusses the Address Resolution Protocol (ARP) and the problem of cache poisoning.  ARP cache poisoning is the malicious act, by a host in a LAN, of introducing a spurious IP address to MAC (Ethernet) address mapping in another host\‘s ARP cache…

Onion Routing provides anonymous connections that are strongly resistant to both eavesdropping and traffic analysis.  Unmodified Internet applications can use these anonymous connections by means of proxies…

Protection of software code against illegitimate modifications by its users is a pressing issue to many software developers. Many software-based mechanisms for protecting program code are too weak (e.g., they have single points of failure) or too expensive to apply (e.g., they in-  cur heavy runtime performance penalty to the protected programs). In this paper, we present and explore a methodology that we believe can protect program integrity in a more tamper-resilient and manner. Our approach is based on a distributed scheme, in which protection and tamper-resistance of program code is achieved, not by a single security module, but by a network of (smaller) security units that work together in the program. These security units, or guards, can be programmed to do certain tasks (checksumming the program code is one example) and a network of them can reinforce the protection of each other by creating mutual-protection. We have implemented a system for automating the process of installing guards into Win32 executables. 1 Experimental results show that memory space and run-time performance impacts incurred by guards can be kept very low (as explained later in the paper).

This work introduces a new approach to code safety.  We present Naccio, a system architecture that allows a large class of safety policies to be expressed in a general and platform-independent way…

This paper describes a specfication-based approach to detect exploitations of vulnerabilities in security-critical programs.  The approach utilizes security specifications that describe the intended behavior of programs and scans audit trails for operations that are in violation of the specifications…

Intrusion detection systems rely on a wide variety of observable data to distinguish between legitimate and illegitimate activities.  In this paper we study one such observable - sequences of system calls into the kernel of an operating system…

An attractive target for a computer system attacker is the router.  An attacker in control of a router can disrupt communication by dropping or misrouting packets passing through the router.  We present a protocol called Watchers that detects and reacts to routers that drop or misroute packets…