The SEAL calculus is a calculus of mobile computations designed for programming secure distributed applications over large scale open networks. The calculus is a distributed variant of the pi-calculus
that incorporates agent mobility as well as strong
protection mechanisms. Linear, revocable, capabilities
control access to resources and ensure that agents may
only use resources that have been allocated to them.
Capabilities are also used to protect agents from the
hosts on which they execute. The syntax and semantics
of the SEAL calculus are presented and its expressive
power is demonstrated with an example secure mobile

Software systems are becoming heterogeneous: instead of a small number of large programs from well-established sources, a user’s desktop may now consist of many smaller components that interact in intricate ways.  Some components will be downloaded from the network from sources that are only partially trusted.  A user would like to know that a number of securiy properties hold, e.g. that personal data is not leaked to the net, but it is typically infeasible to verify that such components are well-behaved.  Instad, hey must be executed in a secure environment that provides fine-grain control of the allowable interactions between them, and between components and other resources. In this paper, we concider the problem of assembling concurrent software systems from untrusted or partially trusted off-the-shelf components, using wrapper programs to encapsulate components and enforce security policies.  We introduce a model programming language, the box-pie calculus, that supports composition of software components and the enforcement of information flow security policies.  Several example wrappers are expressed using the calculus; we explore the delicate security properties they guarantee.  We present a novel casual type system that statically captures the allowed flows between wrapped possibly-badly-typed components; we use it to prove that an example ordered pipeline wrapper enforces a casual flow property.

Under U.S. Government contract N00039-92-C-0015 for SPAWAR, SRI International is developing functional NIDES prototypes with improved detection capability and increased functinality.  SPAWAR is currently modifying that contract to fund SRI to provide maintenance and support of the NIDES Beta Software release expected in late April 1994.  This Engineering and Technical Services Plan identifies SRI will provide to NIDES Beta sites upon completion and dleivery of the NIDES Beta release.  These activities will take place during Year 3 of our contract, and will terminate on 1 March 1995.  This Plan represents deliverable B002 under our currnet contract.

SRI International has designed and developed a real-time intrusion -detection expert system (IDES). IDES is a stand alone system that observes user behavior on one or more monitored computer systems and flgs suspicious events. IDES monitors the activities of individual users, groups, remote hosts and entire systems, and detects suspected security violations, by both insiders and outsiders, as they occur. IDES adaptively learns users\’ behavior patterns over time and detects behavior that deviates from these patterns.  IDES also has a rule-based component that can be used to encode information about known system vulnerabilities and intrusion scenarios.  Inegrating the two approaches makes IDES a comprehensive system for detecting intrusions as well as misuse by authorized users. IDES has been enhanced to run under GLU, a platform supporting distributed, parallel computation; GLU enhances configuration flexibility and system fault tolerance. Thhis final reprt is deliverable item for work supported by the U.S. navy, SPAWAR, which funded SRI through U.S. Governement Contract No. N00039-89-C-0050.

We have completely factored the numberators N2k of the Bernoulli numbers for all 2k<=152 and the Euler numbers E2k for all 2k<=88, using the even index notation. We studied the results seeking new theorems about the prime factors of these numbers. We rediscovered two nearly-forgotten congruences for the Euler numbers.

Software vulnerabilities are potential attack points in computing systems that can lead to considerable losses and severe security incidents.The way in which the information describing these vulnerabilities is handled is extremely important.Vulnerability data is very sensitive and therefore should be disclosed to the right people in the right circumstances.However,information sharing is currently mostly unidirectional;the present paper discusses a new approach for handling software vulnerability information:a cooperative system supported by a vulnerability classification.The system is composed by internal protocols that determine state transitions through which new vulnerability information is submitted,classified,verified,and made available via a Web Interface. Based on features like effects and nature,vulnerabilities in the collection can also be assigned a type.The proposed type system is a set of sub-classes that contain features of well-known vulnerability groups.Vulnerabilities can be linked together through these types and can be referenced as a group when retrieving or storing entries,hereby, speeding up the process.A voting mechanism allows a set of cooperating arbiters to review the information submitted from different sources.Approved descriptions of vulnerabilities can then be made available to the members of the cooperative system.The data model storing the vulnerability information is composed of a comprehensive set of features whose values are selected through decision trees.The leaves of the trees represent the most detailed qualities of a vulnerability.

\\noindent The vulnerability assessment of Windows CE devices started with 3 Aero 1550 Pocket PC devices by Compaq.  Halfway through the semester, the project received the remaining equipment needed for penetration testing: wireless and ethernet cards to be used with two PocketPC iPaq devices by Compaq.  Preliminary results implicate the existence of several vulnerabilities (one compromise and several Denial-of-Service vulnerabilities) that the team has not been able to analyze precisely.  A problem area is the need to reverse engineer ActiveSync in order to clearly demonstrate the impact of the compromise, and to explore more powerful ways in which it could be exploited.  Moreover, the team has identified several areas and hypotheses that should be investigated if this project is continued in the Spring 2001 semester.