An integrity policy defines formal access constraints which, if effectively enforced, protect data from improper modification.  We indentify the integrity problems posed by a secure military computer utility.  Integrity policies addressing these problems are developed and their effectiveness evaluated.  A prototype secure computer utility, Multics, is then used as a testbed for the application of the developed access controls.

This article focuses on the most important facets of ontological semantics, and more specifically, on the process of ontological semantic acquisition for linguistic students and researchers inexperienced in this emerging field, regardless of their prior work in computational linguistics, NLP, or lexical semantics. The overarching goal of this text is to provide interested parties with a synthesis

The The American National Standard Institute (ANSI) Standard on Role-Based Access Control (RBAC)was approved in 2004 to fulfil

Cryptology presents ethical dilemmas not yet with satisfactory answers.  There is a coming advance in cryptology systems based on quantum physics that has the potential to defeat all known methods of cryptography and cryptanalysis to date.  It is important that answers to the ethical problems of cryptology are answered now before quantum cryptology is a pervasive part of everyday life.  This paper suggests answers to cryptology

The digital music device has become a common household item. The newest models have become more PDA like than ever before. With this new functionality the digital music device has recently found its way into the criminal world. With the continued growth of the digital music device market, it is possible that their use in criminal activity will only continue to increase. This research analyzed some of the frameworks that offer guidelines of best practice for cyber forensics for their use with the digital music device. Literature review found little or no documentation or discussion on the forensic analysis of these devices. The frameworks were evaluated using a hypothetical scenario involving a digital music device. The guidelines of Reith, Carr and Gunsch (2002) and Carrier and Spafford (2003) were most effective. In the future, a scientific test involving a physical scene and participants separately following each set guidelines would be useful in gaining a better understanding of how each works with the digital music device.

Given the dramatic increase in evidence of a digital or electronic nature in cases brought before the U.S. Court System, there is a growing concern over its admissibility.  The question becomes whether the tools used and actors involved to extract and analyze the digital evidence meet the requirements for scientific evidence.  This thesis explores how it may be possible to meet the scientific evidence requirements in the U.S. Court Systems by analyzing the legal issues and how other relevant communities such as accounting, auditing, Internet transaction security, and Underwriters Laboratories.  The thesis concludes with a proposed certification and standardization system for testing of tools and actors involved in the computer forensics investigation process to mitigate the risks to the computer forensics community.  The goal of this process is to bring credibility and reliability to the computer forensics field while at the same time meeting the requirements of the U.S. Court Systems for scientific evidence.

We propose Oblivious Attribute Certificates (OACerts), an attribute certificate scheme in which a certificate holder can select which attributes to use and how to use them.  In particular, a user can use attribute values stored in an OACert obliviously, \ie, the user obtains a service if and only if the attribute values satisfy the policy of the service provider, yet the service provider learns nothing about these attribute values.  This way, the service provider’s access control policy is enforced in an oblivious fashion.

To enable the oblivious access control using OACerts, we propose a new cryptographic primitive called Oblivious Commitment-Based Envelope (OCBE).  In an OCBE scheme, Bob has an attribute value committed to Alice and Alice runs a protocol with Bob to send an envelope (encrypted message) to Bob such that: (1) Bob can open the envelope if and only if his committed attribute value satisfies a predicate chosen by Alice, (2) Alice learns nothing about Bob’s attribute value. We develop provably secure and efficient OCBE protocols for the Pedersen commitment scheme and predicates such as $=,\ge,\le,>,<,\ne$ as well as logical combinations of them.

The large availability of repositories storing various types of information about individuals has raised serious privacy concerns over the last ten years. Yet database technology is far from providing adequate solutions to this problem that requires a delicate balance between individual

This research endeavor explores five biometric technologies and their potential usage in the tourism and hospitality industry.  This paper begins with a review of viable biometric technologies and continues with a discussion of their potential applications to tourism and hospitality businesses.  Various tourism and hospitality scenarios in which biometrics can be used are explored.  The article concludes with a discussion on the need for additional research on consumer perceptions to assist in answering questions regarding the social and business impact of biometric technologies in tourism and hospitality.

In the past, there have been several denial-of-service (DOS) attacks which exhaust some shared resource (e.g., physical memory, process table, file descriptors, TCP connections) of the targeted machine. Though these attacks have been addressed, it is important to continue to identify and address new attacks because DOS is one of most prominent methods used to cause significant financial loss. A recent paper shows how to prevent attacks that exploit the sharing of pipeline resources (e.g., shared trace cache) in SMT to degrade the performance of normal threads. In this paper, we show that power density can be exploited in SMT to launch a novel DOS attack, called heat stroke. Heat stroke repeatedly accesses a shared resource to create a hot spot at the resource. Current solutions to hot spots inevitably involve slowing down the pipeline to let the hot spot cool down. Consequently, heat stroke slows down the entire SMT pipeline and severely degrades normal threads. We present a solution to heat stroke by identifying the thread that causes the hot spot and selectively slowing down the malicious thread while minimally affecting normal threads.

Securing data is becoming a crucial need for most internet-based applications. Whereas the problem of data confidentiality has been widely investigated, the problem of how to ensure that data, when moving among different parties, are modified only according to the stated policies has been so far not deeply investigated. In this paper, we propose an approach supporting parallel and distributed secure updates to XML documents. The approach, based on the use of a security region-object parallel flow (S-RPF) graph protocol, is particularly suited for all environments requiring cooperative updates to XML documents. It allows different users to simultaneously update different portions of the same document, according to the specified access control policies. Additionally, it supports a decentralized management of update operations in that a subject can exercise its privileges and verify the correctness of the operations performed so far on the document without interacting, in most of the cases, with the document server.

An apparently prevailing myth is that safety is undecidable in Discretionary Access Control (DAC); therefore, one needs to invent new DAC schemes in which safety analysis is decidable.  In this paper, we dispel this myth. We argue that DAC should not be equated with the Harrison-Ruzzo-Ullman scheme, in which safety is undecidable.  We present an efficient (running time cubic in its input size) algorithm for deciding safety in the Graham-Denning DAC scheme, which subsumes the DAC schemes used in the literature on comparing DAC with other access control models. We also refute several claims made in recent work by Solworth and Sloan, in which the authors present a new access control scheme based on labels and relabelling and claim that it can ``implement the full range of DAC models’‘. We present a precise characterization of their access control scheme and show that it does not adequately capture a simple DAC scheme.