enter search term and/or author name
Clustering intrusion detection alarms to support root cause analysis
It is a well-known problem that intrusion detection systems overload their human operators by triggering thousands of alarms per day. This paper presents a new approach for handling intrusion detection alarms more efficiently. Central to this...
A secure and private system for subscription-based remote services
Pino Persiano, Ivan Visconti
In this paper we study privacy issues regarding the use of the SSL/TLS protocol and X.509 certificates. Our main attention is placed on subscription-based remote services (e.g., subscription to newspapers and databases) where the service manager...
Flexible access control policy specification with constraint logic programming
Steve Barker, Peter J. Stuckey
We show how a range of role-based access control (RBAC) models may be usefully represented as constraint logic programs, executable logical specifications. The RBAC models that we define extend the "standard" RBAC models that are described by Sandhu...
Public-key support for group collaboration
Carl Ellison, Steve Dohrmann
This paper characterizes the security of group collaboration as being a product not merely of cryptographic algorithms and coding practices, but also of the man-machine process of group creation. We show that traditional security mechanisms do not...
Certificate-based authorization policy in a PKI environment
Mary R. Thompson, Abdelilah Essiari, Srilekha Mudumbai
The major emphasis of public key infrastructure has been to provide a cryptographically secure means of authenticating identities. However, procedures for authorizing the holders of these identities to perform specific actions still need additional...