A Guide To Understanding Discretionary Access Control In Trusted
Abstract: This publication, "A Guide to Understanding Discretionary Access Control In Trusted Systems," is issued by the National Computer Security Center (NCSC) under the authority of and in accordance with Department of Defense (DoD) Directive 5215.1, "Computer Security Evaluation Center." The guidelines defined in this document are intended to be used by computer hardware and software designers who are building systems with the intent of meeting the requirements of the Department of Defense Trusted Computer System Evaluation Criteria, DoD 5200.28-STD.
B. Clifford Neuman,
Proxy-Based Authorization and Accounting for Distributed
Abstract: Despite recent widespread interest in the secure authentication of principals across computer networks there has been considerably less discussion of distributed mechanisms to support authorization and accounting. By generalizing the authentication model to support restricted proxies, both authorization and accounting can be easily supported. This paper presents the proxy model for authorization and shows how the model can be used to support a wide range of authorization and accounting mechanisms. The proxy model strikes a balance between access-control-list and capability-based mechanisms allowing each to be used where appropriate and allowing their use in combination. The paper describes how restricted proxies can be supported using existing authentication methods.
Peiter Z, Secure Networks Inc.,
Weaknesses in SecurID
Keywords: SecurID, token cards, race attacks, denial of service attacks, server - slave separation, replay attacks, ACE Server, out-of-band authentication
Abstract: Due to increased recent interest that has been witnessed on the net about the SecurID token cards and potential vulnerabilities with their use, we offer a white paper on some of the vulnerabilities that we believe have been witnessed and/or speculated upon. Topics dealt with in the paper include: Race attacks based upon fixed length responses Denial of Service attacks based upon server patches. Server - Slave separation and replay attacks. Vulnerabilities in the communications with the ACE Server. A quick analysis of the communications with the ACE Server. Problems with out-of-band authentication.
Built by Mark Crosbie and Ivan Krsul.
Security Archive Homepage.
COAST Project (CERIAS)Page.
Purdue CS Dept page.