Privacy and Security (TOPS)


Search Issue
enter search term and/or author name


ACM Transactions on Information and System Security (TISSEC), Volume 9 Issue 3, August 2006

On countering online dictionary attacks with login histories and humans-in-the-loop
Paul C. Van Oorschot, Stuart Stubblebine
Pages: 235-258
DOI: 10.1145/1178618.1178619
Automated Turing Tests (ATTs), also known as human-in-the-loop techniques, were recently employed in a login protocol by Pinkas and Sander (2002) to protect against online password-guessing attacks. We present modifications providing a new...

Methods and limitations of security policy reconciliation
Patrick McDaniel, Atul Prakash
Pages: 259-291
DOI: 10.1145/1178618.1178620
A security policy specifies session participant requirements. However, existing frameworks provide limited facilities for the automated reconciliation of participant policies. This paper considers the limits and methods of reconciliation in a...

XML access control using static analysis
Makoto Murata, Akihiko Tozawa, Michiharu Kudo, Satoshi Hada
Pages: 292-324
DOI: 10.1145/1178618.1178621
Access control policies for XML typically use regular path expressions such as XPath for specifying the objects for access-control policies. However such access-control policies are burdens to the query engines for XML documents. To relieve this...

A practical revocation scheme for broadcast encryption using smartcards
Noam Kogan, Yuval Shavitt, Avishai Wool
Pages: 325-351
DOI: 10.1145/1178618.1178622
We present an anti-pirate revocation scheme for broadcast encryption systems (e.g., pay TV), in which the data is encrypted to ensure payment by users. In the systems we consider, decryption of keys is done on smartcards and key management is done...

Safety in automated trust negotiation
William H. Winsborough, Ninghui Li
Pages: 352-390
DOI: 10.1145/1178618.1178623
Exchange of attribute credentials is a means to establish mutual trust between strangers wishing to share resources or conduct business transactions. Automated Trust Negotiation (ATN) is an approach to regulate the exchange of sensitive information...