enter search term and/or author name
On countering online dictionary attacks with login histories and humans-in-the-loop
Paul C. Van Oorschot, Stuart Stubblebine
Automated Turing Tests (ATTs), also known as human-in-the-loop techniques, were recently employed in a login protocol by Pinkas and Sander (2002) to protect against online password-guessing attacks. We present modifications providing a new...
Methods and limitations of security policy reconciliation
Patrick McDaniel, Atul Prakash
A security policy specifies session participant requirements. However, existing frameworks provide limited facilities for the automated reconciliation of participant policies. This paper considers the limits and methods of reconciliation in a...
XML access control using static analysis
Makoto Murata, Akihiko Tozawa, Michiharu Kudo, Satoshi Hada
Access control policies for XML typically use regular path expressions such as XPath for specifying the objects for access-control policies. However such access-control policies are burdens to the query engines for XML documents. To relieve this...
A practical revocation scheme for broadcast encryption using smartcards
Noam Kogan, Yuval Shavitt, Avishai Wool
We present an anti-pirate revocation scheme for broadcast encryption systems (e.g., pay TV), in which the data is encrypted to ensure payment by users. In the systems we consider, decryption of keys is done on smartcards and key management is done...
Safety in automated trust negotiation
William H. Winsborough, Ninghui Li
Exchange of attribute credentials is a means to establish mutual trust between strangers wishing to share resources or conduct business transactions. Automated Trust Negotiation (ATN) is an approach to regulate the exchange of sensitive information...