`
`1997 IEEE Symposium on
`Security and Privacy
`
`May 4-7, 1997
`Oakland, California
`
`Sponsored by
`IEEE Computer Society Technical Committee
`on Security and Privacy
`
`In cooperation with
`International Association of Cryptologic Research (IACR)
`
`IEEE Computer Society Press
`Los Alamitos, California
`Washington
`Brussels
`
`0
`
`Tokyo
`
`Apple Inc. Exhibit 1027 Page 1
`
`
`
`IEEE Computer Society Press
`10662 Los Vaqueros Circle
`P.O.Box 3014
`Los Alamitos, CA 90720-1 264
`
`Copyright 0 1997 by The Institute of Electrical and Electronics Engineers, Inc.
`All rights reserved.
`
`Copyright and Reprint Permissions: Abstracting is permitted with credit to the source. Libraries may
`photocopy beyond the limits of US copyright law, for private use of patrons, those articles in this volume
`that carry a code at the bottom of the first page, provided that the per-copy fee indicated in the code is paid
`through the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01 923.
`
`Other copying, reprint, or republication requests should be addressed to: IEEE Copyrights Manager, IEEE
`Service Center, 445 Hoes Lane, P.O. Box 1331, Piscataway, NJ 08855-1331.
`
`The papers in this book comprise the proceedings of the meeting mentioned on the cover and title page. They
`reflect the authors’ opinions and, in the interests of timely dissemination, are published as presented and
`without change. Their inclusion in this publication does not necessarily constitute endorsement by the
`editors, the IEEE Computer Society Press, or the Institute of Electrical and Electronics Engineers, Inc.
`
`I
`
`9 7CB3 6 0 9 7
`IEEE Catalog Number
`(softbound)
`ISBN 0-8186-7828-3
`(casebound)
`0-7803-4159-7
`ISBN
`(microfiche)
`0-8186-7830-5
`ISBN
`1081-6011
`ISSN:
`
`IEEE Computer Society Press
`Customer Service Center
`10662 Los Vaqueros Circle
`P.O. Box 3014
`Los Alamitos, CA 90720-1314
`Tel: +1-7 14-82 1-8380
`Fax: +1-714-821-4641
`Email: cs.books @ computer.org
`
`Additional copies may be ordered from:
`
`IEEE Service Center
`445 Hoes Lane
`P.O. Box 1331
`Piscataway, NJ 08855-1331
`Tel: +1-908-981-1393
`Fax: +1-908-981-9667
`misc.custserv@computer.org
`
`IEEE Computer Society
`13, Avenue de 1’Aquilon
`B-1200 Brussels
`BELGIUM
`Tel: +32-2-770-2198
`Fax: +32-2-770-8505
`euro.ofc@computr.org
`
`IEEE Computer Society
`Ooshima Building
`2-19-1 Minami-Aoyama
`Minato-ku, Tokyo 107
`JAPAN
`Tel: +81-3-3408-3118
`Fax: +81-3-3408-3553
`tokyo.ofc @computer.org
`
`Editorial production by Penny Storms
`Cover by Joseph Daigle / Studio Productions
`Printed in the United States of America by The Printing House
`
`The Institute of Electrical and Electronics Engineers, Inc.
`
`Apple Inc. Exhibit 1027 Page 2
`
`
`
`Table of Contents
`
`1997 IEEE SYMPOSIUM ON SECURITY AND PRIVACY
`Message from the Program Chairs ......................................................................................
`Conference Committee .............................................................................................................
`I Panemebate
`
`...
`vlii
`ix
`
`Opposed:
`
`Moderator:
`Arguing in favor:
`
`John D. McLean, Naval Research Laboratory
`Lead: Bob Blakley, IBM
`Second: Darrell Kienzle, University of Virginia
`Lead: William R. Shockley, Consultant
`Second: James P. Downey, Naval Postgraduate School
`Is the Trusted Computing Base Concept Fundamentally Flawed?. ...........................................
`J. McLean
`Some Weaknesses of the TCB Model .............................................................................................
`B. Blakley and D.M. Kienzle
`Is the Reference Monitor Concept Fatally Flawed? The Case for the Negative .........................
`W.R. Shockley and J.P. Downey
`
`.2
`
`3
`
`6
`
`Toward Acceptable Metrics of Authentication.. ..........................................................................
`M.K. Reiter and S.G. Stubblebine
`An Authorization Scheme for Distributed Object Systems ........................................................
`V. Nicomette and Y. Deswarte
`A Logical Language for Expressing Authorizations ...................................................................
`S. Jajodia, P. Samarati, and V.S. Subrahmanian
`I Applications
`Anonymous Connections and Onion Routing .............................................................................
`P.F. Syverson, D.M. Goldschlag, and M.G. Reed
`The Design and Implementation of a Multilevel Secure Log Manager ....................................
`V.R. Pesati, T.F. Keefe, and S. Pal
`A Secure and Reliable Bootstrap Architecture ........................................................................... 65
`A. Arbaugh, D. J. Farber, and J.M. Smith
`An MBone Proxy for an Application Gateway Firewall .............................................................
`K. Djahandari and D. Sterne
`
`10
`
`21
`
`31
`
`I
`
`44
`
`55
`
`72
`
`Secure Software Architectures ....................................................................................................
`M. Moriconi, X. Qian, R.A. Riemenschneider, and L. Gong
`A General Theory of Security Properties ....................................................................................
`94
`A. Zakinthinos and E.S. Lee
`Analyzing Consistency of Security Policies ............................................................................... 103
`L. Cholvy and F. Cuppens
`
`84
`
`V
`
`Apple Inc. Exhibit 1027 Page 3
`
`
`
`I Panel: Ensuring Assurance in Mobile Computing
`
`Marvin Schaefer, Arca Systems
`Moderator:
`Panel Members: Sylvan Pinsky, National Security Agency
`Drew Dean, Princeton University
`Li Gong, JavaSoft
`J i m Roskind, Netscape
`Barbara Fox, Microsoft
`Ensuring Assurance in Mobile Computing ............................................................................... 114
`M. Schaefer, S. Pinsky, D. Dean, L. Gong, J. Roskind, and B. Fox
`I
`I Architectures
`Filtering Postures: Local Enforcement for Global Policies ......................................................
`J.D. Guttman
`Providing Flexibility in Information Flow Control for Object-Oriented Systems .................. 130
`E. Ferrari, P. Samarati, E. Bertino, and S. Jajodia
`Automated Analysis of Cryptographic Protocols Using Mur cp .................................................
`J.C. Mitchell, M. Mitchell, and U. Stern
`
`141
`
`120
`
`1
`
`[Intrusion Detection and Beyond
`How to Systematically Classify Computer Security Intrusions ..............................................
`U. Lindqvist and E. Jonsson
`Surviving Information Warfare Attacks on Databases ............................................................
`P. Ammann, S. Jajodia, C.D. McCollum, and B.T. Blaustein
`Execution Monitoring of Security-Critical Programs in a Distributed
`Systems: A Specification-Based Approach ................................................................................
`C. KO, M. Ruschitzka, and K. Levitt
`Catalytic Inference Analysis: Detecting Inference Threats due to Knowledge
`Discovery ..................................................................................................................................... 188
`J. Hale and S. Shenoi
`I Panel: Security in Innovative New Operating Systems
`
`154
`
`164
`
`175
`
`Cynthia E. Irvine, Naval Postgraduate School
`Moderator:
`Panel Members: Brian Bershad, University of Washington (Spin Project)
`Frans Kaashoek, MIT (Exokernel Project)
`Jay Lepreau, University of Utah (Flux Project)
`George Necula, Carnegie Mellon University (Fox Project)
`Larry Peterson, University of Arizona (Scout Project)
`Security in Innovative New Operating Systems ...................................................................... 202
`C.E. Irvine
`Research on Proof-Carrying Code for Untrusted-Code Security .............................................
`G. Necula and P. Lee
`Access Control for the SPIN Extensible Operating System .....................................................
`R. Grimm and B.N. Bershad
`Escort: Securing Scout Paths .....................................................................................................
`0. Spatscheck and L. Peterson
`
`204
`
`205
`
`206
`
`vi
`
`Apple Inc. Exhibit 1027 Page 4
`
`
`
`[System Vulnerabilities
`Analysis of a Denial of Service Attack on TCP .........................................................................
`C.L. Schuba, I.V. Krsul, M.G. Kuhn, E.H. Spafford,
`A. Sundaram, and D. Zamboni
`Deniable Password Snatching: On the Possibility of Evasive Electronic
`Espionage ....................................................................................................................................
`A. Young and M. Yung
`Number Theoretic Attacks on Secure Password Schemes .......................................................
`S. Pate1
`
`~
`
`I
`
`208
`
`224
`
`236
`
`Author Index ............................................................................................................................
`
`249
`
`vii
`
`Apple Inc. Exhibit 1027 Page 5