National Computer
Security Center,
A Guide To Understanding Discretionary Access Control In Trusted
Systems
Abstract: This publication, "A Guide to Understanding
Discretionary Access Control In Trusted Systems," is issued by
the National Computer Security Center (NCSC) under the authority
of and in accordance with Department of Defense (DoD) Directive
5215.1, "Computer Security Evaluation Center." The guidelines
defined in this document are intended to be used by computer
hardware and software designers who are building systems with the
intent of meeting the requirements of the Department of Defense
Trusted Computer System Evaluation Criteria, DoD
5200.28-STD.
B. Clifford Neuman,
Proxy-Based Authorization and Accounting for Distributed
Systems
Abstract: Despite recent widespread interest in the secure
authentication of principals across computer networks there has
been considerably less discussion of distributed mechanisms to
support authorization and accounting. By generalizing the
authentication model to support restricted proxies, both
authorization and accounting can be easily supported. This paper
presents the proxy model for authorization and shows how the
model can be used to support a wide range of authorization and
accounting mechanisms. The proxy model strikes a balance between
access-control-list and capability-based mechanisms allowing each
to be used where appropriate and allowing their use in
combination. The paper describes how restricted proxies can be
supported using existing authentication methods.
Peiter Z, Secure Networks Inc.,
Weaknesses in SecurID
Keywords: SecurID, token cards, race attacks, denial of
service attacks, server - slave separation, replay attacks, ACE
Server, out-of-band authentication
Abstract: Due to increased recent interest that has been
witnessed on the net about the SecurID token cards and potential
vulnerabilities with their use, we offer a white paper on some of
the vulnerabilities that we believe have been witnessed and/or
speculated upon. Topics dealt with in the paper include: Race
attacks based upon fixed length responses Denial of Service
attacks based upon server patches. Server - Slave separation and
replay attacks. Vulnerabilities in the communications with the
ACE Server. A quick analysis of the communications with the ACE
Server. Problems with out-of-band authentication.
Built by Mark Crosbie and Ivan Krsul.