ACM SIGSAC

proceedings

ACM SIGSAC

Athens, Greece November 1-4, 2000

ACM SIGSAC

1900-01-01

Symposium Committee...........viii Steering Committee..................viii Local Organizing Committee..................................viii Local Host and Co-Organizers............................viii Program Committee...................ix External Reviewers.....................ix Tutorial 1: Network Security and IPsec......................................xi Tutorial 2: Electronic Payment Technologies..............................xii Session 2-1: Certificate Management Evaluating Certificate Status Information Mechanisms........1 Accountable Certifcate Management using Undeniable Attestations..........9 Efficient Fault-Tolerant Certificate Revocation............19 Session 2-2: Privacy and Anonymity Timing Attacks on Web Privacy.......................................25 A Protocol for Anonymous Communication Over the Internet......................................33 A Secure Execution Framework for Java................43 User Privacy Issues Regarding Certificates and the TLS Protocol.....................53 Session 2-3: Electronic Commerce Distribution Chain Security...63 Threshold-Based Identity Recovery for Privacy Enhanced Applications.............................71 Reducing the Round Complexity oof a Sealed-Bid Auction Protocol with Off-Line TTP............................................80 XML Document Security Based on Provisional Authorization............................87 Invited Talk: Security: The State of the Practice.............................97 Panel: Which PKI (Public Key Infrastructure) is the Right One?............................................98 Session 3-1: Cryptology and Steganography Multi-round Passive Attacks on Server-Aided RSA Protocols................................102 Simple Forward-Secure Signatures From Any Signature Scheme...............108 Moire Cryptography..............116 Funkspiel Schemes: An Alternative to Conventional Tamper Resistance.............125 Session 3-2: Access Control Regulating Service Access and Information Release on the Web..................................134 An Authorization Model for Temporal Data......................144 An Access Control Model for Simplifying Constraint Expression............................154 A Modular Approach to Composing Access Control Policies..................................164 Session 4-1: System Security Operating System Enhancements to Prevents the Misuse of System Calls......174 Using Router Stampind to Identify the Source of IP Packets..................................184 Implementing a Distributed Firewall...................................190 Security Enhanced Mobile Agents....................................200 Session 4-2: Internet Security and Composition PRUNES: An Efficient and Complete Strategy for Automated Trust Negotiation over the Internet....................210 Cross Domain One-Shot Authorization using Smart Cards......................................220 New Constructions for Multicast Re-keying Schemes using Perfect Hash Families.................................228 Simple and Fault-Tolerant Key Agreement for Dynamic Collaborative Groups..........235 Composition and Integrity Preservation of Secure Reactive Systems................245 Author Index.............................255

2000, ACM

1-58113-203-4

privacy, systems security, electronic commerce

English

A hard-copy of this is in the CERIAS Library