- Email: [email protected]
Authentication in a heterogeneous environment
16-l
IFIP/Sec’85
Abstracts
IFIP/Sec’85, sponsored by IFIP TC 11 and the Irish Computer Society, was held 12-15 August 1985 in Dublin, Ireland. The following are abstracts of the papers presented at this third international conference. The Proceedings will be available in hard cover from (North-Holland)
Elsevier Science Publishers BV Information and Business Division
later this year.
WILLIS H. WARE: Emerging Privacy Issues. Because of the essential nature of information in the affairs of society, governments, and institutions, computerand communications-based systems are creating new aspects of personal privacy threats. This paper examines emergent privacy issues (e.g. those related to electronic mail and internetting of systems) and relates them to security requirements and to difficulties of designing laws. It suggests a possible legal environment to accommodate problems to be faced. JOHN M. CARROLL AND HELMUT JORGENSEN: Design of a Secure Relational Data Base. A relational data base structure in which access is controlled by cryptography can provide a model for information systems that are attractive, since control can be enforced by hardware as it is in traditional military communications systems, thereby avoiding the uncertainties that surround the security of computer operating systems. Simulation of the system suggests that deficiencies exist not in the enforcement but rather in the formal security models that these mechanisms are trying to enforce. VIIVEKE FAK: Software Versus Hardware Encryption - Is There any Difference Today? Data encryption has traditionally been firmly divided into hardware and software solutions. These two categories differ very much in their characteristics.
North-Holland Computers & Security 0167-4048/86/$3.50
5 (1986) 167-169 0 1986, Elsevier Science Publishers
FREDERICK G. TOMPKINS AND RUSSEL RICE: Integrating Security Activities into the Software Development Life Cycle and the Software Quality Assurance Process. Security concerns should be an integral part of the entire planning, development, and operation of a computer application. Inadequacies in the design and operation of computer applications are a very frequent source of security vulnerabilities associated with computers. In most cases, the effort to improve security should concentrate on the application software. The system development life cycle (SDLC) technique provides the structure to assure that security safeguards are planned, designed, developed and tested in a manner that is consistent with the sensitivity of the data and/or the application. The software quality assurance process provides the reviews and audits to assure that the activities accomplished during the SDLC produce operationally effective safeguards.
JUNE M. POWER AND STEVE R. WILBUR: Authentication in a Heterogeneous Environment. This paper considers how a mechanism might be set up to provide authentication of users and servers. The scheme proposed aims to deal with simple processors which are unmanaged, as well as managed timesharing systems. It would provide authentication tokens which can be included in the applications protocols. Much of the difficulty of the scheme is concerned with building a distributed secure database for private keys. T.K. WORTHINGTON, J.J. CHAINER, J.D. WILLFORD AND S.C. GUNDERSON: IBM Dynamic Signature Verification. The IBM signature verification technology uses a pen with transducers to convert the motions made while signing into electronic signals. A mathematical algorithm has been developed which measures the degree of similarity between two sets of these signals. A user enrolls in the system by signing a number of times to establish a reference. At a later time, when verification of the identity of this individual is required, a signature is acquired and compared against the reference. If the required degree of similarity is achieved the individual is
B.V. (North-Holland)
IFIP/Sec’85
Abstracts
IFIP/Sec’85, sponsored by IFIP TC 11 and the Irish Computer Society, was held 12-15 August 1985 in Dublin, Ireland. The following are abstracts of the papers presented at this third international conference. The Proceedings will be available in hard cover from (North-Holland)
Elsevier Science Publishers BV Information and Business Division
later this year.
WILLIS H. WARE: Emerging Privacy Issues. Because of the essential nature of information in the affairs of society, governments, and institutions, computerand communications-based systems are creating new aspects of personal privacy threats. This paper examines emergent privacy issues (e.g. those related to electronic mail and internetting of systems) and relates them to security requirements and to difficulties of designing laws. It suggests a possible legal environment to accommodate problems to be faced. JOHN M. CARROLL AND HELMUT JORGENSEN: Design of a Secure Relational Data Base. A relational data base structure in which access is controlled by cryptography can provide a model for information systems that are attractive, since control can be enforced by hardware as it is in traditional military communications systems, thereby avoiding the uncertainties that surround the security of computer operating systems. Simulation of the system suggests that deficiencies exist not in the enforcement but rather in the formal security models that these mechanisms are trying to enforce. VIIVEKE FAK: Software Versus Hardware Encryption - Is There any Difference Today? Data encryption has traditionally been firmly divided into hardware and software solutions. These two categories differ very much in their characteristics.
North-Holland Computers & Security 0167-4048/86/$3.50
5 (1986) 167-169 0 1986, Elsevier Science Publishers
FREDERICK G. TOMPKINS AND RUSSEL RICE: Integrating Security Activities into the Software Development Life Cycle and the Software Quality Assurance Process. Security concerns should be an integral part of the entire planning, development, and operation of a computer application. Inadequacies in the design and operation of computer applications are a very frequent source of security vulnerabilities associated with computers. In most cases, the effort to improve security should concentrate on the application software. The system development life cycle (SDLC) technique provides the structure to assure that security safeguards are planned, designed, developed and tested in a manner that is consistent with the sensitivity of the data and/or the application. The software quality assurance process provides the reviews and audits to assure that the activities accomplished during the SDLC produce operationally effective safeguards.
JUNE M. POWER AND STEVE R. WILBUR: Authentication in a Heterogeneous Environment. This paper considers how a mechanism might be set up to provide authentication of users and servers. The scheme proposed aims to deal with simple processors which are unmanaged, as well as managed timesharing systems. It would provide authentication tokens which can be included in the applications protocols. Much of the difficulty of the scheme is concerned with building a distributed secure database for private keys. T.K. WORTHINGTON, J.J. CHAINER, J.D. WILLFORD AND S.C. GUNDERSON: IBM Dynamic Signature Verification. The IBM signature verification technology uses a pen with transducers to convert the motions made while signing into electronic signals. A mathematical algorithm has been developed which measures the degree of similarity between two sets of these signals. A user enrolls in the system by signing a number of times to establish a reference. At a later time, when verification of the identity of this individual is required, a signature is acquired and compared against the reference. If the required degree of similarity is achieved the individual is
B.V. (North-Holland)