%0 Conference Paper %B IEEE Symposium on Security and Privacy, 2008. SP 2008 %D 2008 %T Fable: A Language for Enforcing User-defined Security Policies %A Swamy,N. %A Corcoran,B.J. %A Hicks, Michael W. %K Access control %K Automata %K Collaborative work %K Communication system security %K Computer languages %K computer security %K Data security %K enforcement policy %K FABLE %K Government %K high-level security goals %K information flow %K Information security %K Language-based security %K programming languages %K Programming profession %K provenance %K security automata %K security labels %K security of data %K user-defined security policies %K verified enforcement %K Web programming language %X This paper presents FABLE, a core formalism for a programming language in which programmers may specify security policies and reason that these policies are properly enforced. In FABLE, security policies can be expressed by associating security labels with the data or actions they protect. Programmers define the semantics of labels in a separate part of the program called the enforcement policy. FABLE prevents a policy from being circumvented by allowing labeled terms to be manipulated only within the enforcement policy; application code must treat labeled values abstractly. Together, these features facilitate straightforward proofs that programs implementing a particular policy achieve their high-level security goals. FABLE is flexible enough to implement a wide variety of security policies, including access control, information flow, provenance, and security automata. We have implemented FABLE as part of the LINKS web programming language; we call the resulting language SELlNKS. We report on our experience using SELlNKS to build two substantial applications, a wiki and an on-line store, equipped with a combination of access control and provenance policies. To our knowledge, no existing framework enables the enforcement of such a wide variety of security policies with an equally high level of assurance. %B IEEE Symposium on Security and Privacy, 2008. SP 2008 %I IEEE %P 369 - 383 %8 2008/05/18/22 %@ 978-0-7695-3168-7 %G eng %R 10.1109/SP.2008.29 %0 Book %D 2008 %T Introduction to Modern Cryptography %A Katz, Jonathan %A Lindell,Yehuda %K Computer networks %K computer security %K Computers / Operating Systems / General %K Computers / Security / General %K cryptography %K Language Arts & Disciplines / Communication Studies %K Mathematics / Combinatorics %X Cryptography plays a key role in ensuring the privacy and integrity of data and the security of computer networks. Introduction to Modern Cryptography provides a rigorous yet accessible treatment of modern cryptography, with a focus on formal definitions, precise assumptions, and rigorous proofs. The authors introduce the core principles of modern cryptography, including the modern, computational approach to security that overcomes the limitations of perfect secrecy. An extensive treatment of private-key encryption and message authentication follows. The authors also illustrate design principles for block ciphers, such as the Data Encryption Standard (DES) and the Advanced Encryption Standard (AES), and present provably secure constructions of block ciphers from lower-level primitives. The second half of the book focuses on public-key cryptography, beginning with a self-contained introduction to the number theory needed to understand the RSA, Diffie-Hellman, El Gamal, and other cryptosystems. After exploring public-key encryption and digital signatures, the book concludes with a discussion of the random oracle model and its applications. Serving as a textbook, a reference, or for self-study, Introduction to Modern Cryptography presents the necessary tools to fully understand this fascinating subject. %I CRC Press %8 2008/// %@ 9781584885511 %G eng %0 Conference Paper %B Computer Software and Applications Conference, 2006. COMPSAC '06. 30th Annual International %D 2006 %T A Software Architectural Approach to Security by Design %A Ray,A. %A Cleaveland, Rance %K architecture description notation %K Clocks %K communication semantics %K Computer architecture %K computer crime %K computer security %K Connectors %K Costs %K Degradation %K Delay %K Educational institutions %K security design %K security of data %K Software architecture %K software engineering %X This paper shows how an architecture description notation that has support for timed events can be used to provide a meta-language for specifying exact communication semantics. The advantages of such an approach is that a designer is made fully aware of the ramifications of her design choices so that an attacker can no longer take advantage of hidden assumptions %B Computer Software and Applications Conference, 2006. COMPSAC '06. 30th Annual International %I IEEE %V 2 %P 83 - 86 %8 2006/09/17/21 %@ 0-7695-2655-1 %G eng %R 10.1109/COMPSAC.2006.102 %0 Journal Article %J Proceedings of the IEEE %D 2006 %T Wireless Network Security and Interworking %A Shin,M. %A Ma,J. %A Mishra,A. %A Arbaugh, William A. %K 3G mobile communication %K 3G systems %K Authentication %K Bandwidth %K Communication system security %K computer network security %K computer security %K Data security %K internetworking %K Land mobile radio cellular systems %K Paper technology %K security architectures %K security of data %K telecommunication security %K wireless communication %K wireless communications %K Wireless LAN %K wireless network security %K Wireless networks %K wireless technologies %K WLAN systems %X A variety of wireless technologies have been standardized and commercialized, but no single technology is considered the best because of different coverage and bandwidth limitations. Thus, interworking between heterogeneous wireless networks is extremely important for ubiquitous and high-performance wireless communications. Security in interworking is a major challenge due to the vastly different security architectures used within each network. The goal of this paper is twofold. First, we provide a comprehensive discussion of security problems and current technologies in 3G and WLAN systems. Second, we provide introductory discussions about the security problems in interworking, the state-of-the-art solutions, and open problems. %B Proceedings of the IEEE %V 94 %P 455 - 466 %8 2006/02// %@ 0018-9219 %G eng %N 2 %R 10.1109/JPROC.2005.862322 %0 Journal Article %J IEEE Security & Privacy %D 2003 %T The dangers of mitigating security design flaws: a wireless case study %A Petroni,N. L. %A Arbaugh, William A. %K Communication system security %K computer security %K cryptography %K design flaw mitigation %K Dictionaries %K legacy equipment %K privacy %K Protection %K Protocols %K security design flaws %K security of data %K synchronous active attack %K telecommunication security %K Telecommunication traffic %K wired equivalent privacy protocol %K Wireless LAN %K wireless local area networks %K Wireless networks %X Mitigating design flaws often provides the only means to protect legacy equipment, particularly in wireless local area networks. A synchronous active attack against the wired equivalent privacy protocol demonstrates how mitigating one flaw or attack can facilitate another. %B IEEE Security & Privacy %V 1 %P 28 - 36 %8 2003/02//Jan %@ 1540-7993 %G eng %N 1 %R 10.1109/MSECP.2003.1176993 %0 Book %D 2003 %T Multimedia Data Hiding %A M. Wu %A Liu,Bede %K computer security %K Computers / Computer Engineering %K Computers / Computer Science %K Computers / Database Management / General %K Computers / Information Technology %K Computers / Information Theory %K Computers / Interactive & Multimedia %K Computers / Networking / General %K Computers / Security / Cryptography %K Computers / Security / General %K Computers / System Administration / Storage & Retrieval %K Data encryption (Computer science) %K multimedia systems %K Technology & Engineering / Electrical %K Technology & Engineering / Engineering (General) %X With the advances of the digital information revolution and the societal changes they have prompted, it has become critical to facilitate secure management of content usage and delivery across communication networks. Data hiding and digital watermarking are promising new technologies for multimedia information protection and rights management. Multimedia Data Hiding addresses the theory, methods, and design of multimedia data hiding and its application to multimedia rights management, information security, and communication. It offers theoretical and practical aspects, and both design and attack problems. Applications discussed include: annotation, tamper detection, copy/access control, fingerprinting, and ownership protection. Countermeasures for attacks on data hiding are discussed, and a chapter assesses attack problems on digital music protection under a unique competitive environment. Topics and features: * Comprehensive and practical coverage of data hiding for various media types, including binary image, grayscale and color images and video, and audio * Provides unique analysis of problems and solutions, such as data hiding in binary signature and generic binary documents, block concealment attacks, and attacks on audio watermarking * Authoritative discussion and analysis of data hiding and effective countermeasures, supported by concrete application examples * Accessible, well-organized progression from the fundamentals to specific approaches to various data-hiding problems This work offers a state-of-the-art presentation covering theoretical, algorithmic, and design topics for digital content/data security protection, and rights management. It is an essential resource for multimedia security researchers and professionals in electrical engineering, computer science, IT, and digital rights management. %I Springer %8 2003/// %@ 9780387954264 %G eng