We present the design of a framework for secure communication.  This framework incorporates authentication and secret message passing without the restructuring of applications: through the use of inheritance, communication classes preserve interfaces while adding security.  Each service determines the security measures it will use and the system ensures clients communicate using the correct protocol.  We demonstrate extensibility by implementing delegation of authority without modifying the underlying framework.  Our delegation protocol permits a disconnected delegator and efficiently supports very frequent delegation and revocation. We describe our implementation of this framework for Choices, an object oriented operating system.

Most of the current audio media intellectual property rights protection schemes suffer from one essential drawback: the high quality of any lineout-linein connection, i.e. the ability to record directly from the “speaker” so to speak, with a surprisingly minimal distorsion.

[...]

We propose a solution in which content is distributed on regular media (e.g. CD), but is ``play-able\” only on DMAT-enabled devices. Once this link is satisfied the next step invloves modifying the devices to include device-identifying fingerprinting technology in the analog stream domain (see figure).

Datagram services provide a simple, flexible, robust, and scalable communication abstraction; their usefulness has been well demonstrated by the success of IP, UDP, and RPC.  Yet, the overwhelming majority of network security protocols that have been proposed are geared towards connection-oriented communications.  The few that do cater to datagram communications tend to either rely on long term host-pair keying or impose a session-oriented (i.e., relying connection setup) semantics. Separately, the concept of flows has received a great deal of attention recently, especially in the context of routing and QoS.  A flow characterizes a sequence of datagrams sharing some pre-defined attributes.  In this paper, we advocate the use of flows as a basis for structuring secure datagram communications.  We support this by proposing a novel protocol for datagram security based on flows.  Our protocol achieves zero-message keying, thus preserving the connectionless nature of datagram, and makes use of soft state, thus providing the per-packet processing efficiency of session-oriented schemes.  We have implemented an instantiation for IP in the 4.4BSD kernel, and we provide a description for our implementation along with performance results.

The general secure multi-party computation problem is when multiple parties (say, Alice and Bob) each have private data (respectively, a and b) and seek to compute some function f(a,b) without revealing to each other anything unintended (i.e., anything other than what can be inferred from knowing f(a,b)).  It is well known that, in theory, the general secure multi-party computation problem is solvable using circuit evaluation protocols.  While this approach is appealing in its generality, the communication complexity of the resulting protocols depend on the size of the circuit that expresses the functionality to be computed.  As Goldreich has recently pointed out [6], using the solutions derived from these general results to solve specific problems can be impractical; problem-specific solutions should be developed, for efficiency reasons.  This paper is a first step in this direction for the area of computational geometry.  We give simple solutions to some specific geometric problems, and in doing so we develop some building blocks that we believe will be useful in the solution of other geometric and combinatorial problems as well.

In this paper, we present a general-purpose mobile agent framework, called Discovery developed at the Maryland Center for Telecommunications Research (MCTR) using the Java language.  Mobile agents are small objects containing intelligent code, capable of moving around the network, reasoning, learning, and communcating with their peers and the environment.  The popularity of mobile agents is a result of several application domains where the use of mobile based solutions promise to generate a robust, and flexible solution.  Discovery defines an Agent Transfer Protocol (ATP) that implements agent serialization, transmission, authentication, error detection, and recovery.  The agent runtime system provides a platform-independent execution environment for mobile agents, and defines an interface to create, clone, transport, suspend, resume, and termintae agents.  This paper describes the key components of the Discovery framework, which includes an agent registry module, agent ocation tracking services, and the server\‘s knowledge base.  The Discovery architecture has been used to implement mobile agent based applications for network monitoring, intrusion detection, and ATM network management.

SASI enforces security policies by modifying object code for a target system before that system is executed.  The approach has been prototyped for two rather different machine architectures: Intel x86 and Java JVML.  Details of these prototypes and some generalizations aboutthe SASI approach are discussed.

This paper outlines a graduate course in computing security technology that has evolved during the past three years in the Computer Science Department at the Stevens Institute and the SOftware Engineering Department of Monmouth College.  This paper includes descriptions of the primary themes emphasized in the course, the technical material covered in each lecture, several issues and enhancements currently being examined with respects to the course, and annotated references to the papers and materials used to create the course lectures.

The recent development of gigabit networking technology, combined with the proliferation of low-cost, high-performance microprocessors, has given rise to metacomputing environments. These environments can combine many thousands of hosts, from hundreds of administrative domains, connected by transnational and worldwide networks. Managing the resources in such a system is a complex task, but is necessary to efficiently and economically execute user programs. In this paper, we describe the resource managment portions of the Legion metacomputing system, including the basic model and its implementation. These mechanisms are flexible both in their support for system-level resource management but also in their adaptability for user-level scheduling policies. We show this by implementing a simple scheduling policy and demonstrating how it can be adapted to more complex algorithms.

Intrusion detection has traditionally been performed at th operation system (OS) level by comparing expected and observed system resource usage.  OS intrusion detection systems (OSIDS) can only detect intruders, internal or external, who perform specific system actions in a specific sequence or those intruders whose behavior pattern statistically varies from a norm.  Internal intruders are said to comprise at least fifty percent of intruders {ODS99}, but OS intrusion detection systems are frequently not sufficient to catch such intruders since they neither significantly deviate from expected behavior, nor perform the specific intrusive actions becase tehy are already legitimate users of the system. We hypothesize that application specific intrusion detection systems can use the semantics of the application to detect more subtle, stealth-like attacks such as those carried out by internal intruders who possess legitimate access to the system and its data and act within thier bound of normal behavior, but who are actually abusing the system.  to test this hypothesis, we developed two extensive case studies to explore what opportunities exist for detecting intrusions at the application level, how effectively an application intrusion detection system (AppIDS) can detect the intrusion, and the possibility of cooperation between an AppIDS an OS IDS to detect between the OS IDS and AppIDS.  In particular, an AppIDS can observe the monitored system with a higher resolution of observable entities than an OS IDS allowing tighter thresholds to be st for the AppIDS\’ relations that differentiate normal and anomalous behavior therby improbing the overall effectiveness of the IDS. We also investigated the possibility of cooperation between and OS IDS and an AppIDS.  From this exploration, we developed a high-level bi-diretional communication interface in whichone IDS could request information from the other IDS, which could respond accordingly.  Finally, we explored a possible structure of an AppIDS to determine which components were generic enough ouse for multiple AppIDS.  Along with these generic components, we also explored possible tools to assist inthe creation of an AppIDS.

The design of authentication protocols has proven to be surprisingly error prone.  We suggest that this is partly due to a language problem.  The objectives of entity authentication are usually given in terms of human encounters while we actualy implement message passing prtotocols.  We propose various translations of the high level objectives into a language appropriate for communication protocols.  In addition, protocols are often specified at too low a level of abstraction.  We will argue that encryption should not be used as a general primitive as it does not capture the specific purpose for using a cryptographic function in a particular protocol.

Suppose that Bob has a database D and that Alice wants to perform a search query q on D (e.g.,