A temporal RBAC (TRBAC) model has recently been proposed that addresses the temporal aspects of roles and trigger-based role enabling. However, it is limited to constraints on enabling of roles only. We propose a Generalized Temporal Role Based Access Control model (GTRBAC) that is capable of expressing a wider range of temporal constraints. GTRBAC is capable of expressing periodic as well as duration constraints on roles, user-role assignments and role-permission assignments. In GTRBAC, temporal constraints on role enablings and role activations can be separately specified. A user-activated role can further be restricted to various activation constraints such as cardinality constraint or maximum active duration constraint within a specified interval. The GTRBAC model extends the syntactic structure of TRBAC model and its event and trigger expressions subsume those of TRBAC.

Analysis methods for cryptographic protocols have often focused on information leakage rather than on seeing whether a protocol meets its goals.  Many protocols, however, fall far short of meeting their goals, sometimes for quite subtle reasons

A Generalized Temporal Role Based Access Control (GTRBAC) model that captures an exhaustive set of temporal constraint needs for access control has recently been proposed. GTRBAC

A TCP forwarder is a network node that establishes and forwards data between a pair of TCP connections.  For example, a firewall that places a proxy between a TCP connection to an external host and a TCP connection to an internal host - for the purpose of implementing access control to a resource on the internal host - is an example of a TCP forwarder.

Contemporary computer networks are heterogeneous; even a single network consists of many kinds of processors and communications channels.  But few programming tools embrace, or even acknowledge, this complexity.  New methods and approaches are required if next-generation networks are to be configured, administered and utilized to their full potentials…

This paper discusses the Address Resolution Protocol (ARP) and the problem of cache poisoning.  ARP cache poisoning is the malicious act, by a host in a LAN, of introducing a spurious IP address to MAC (Ethernet) address mapping in another host\‘s ARP cache…

Onion Routing provides anonymous connections that are strongly resistant to both eavesdropping and traffic analysis.  Unmodified Internet applications can use these anonymous connections by means of proxies…

Protection of software code against illegitimate modifications by its users is a pressing issue to many software developers. Many software-based mechanisms for protecting program code are too weak (e.g., they have single points of failure) or too expensive to apply (e.g., they in-  cur heavy runtime performance penalty to the protected programs). In this paper, we present and explore a methodology that we believe can protect program integrity in a more tamper-resilient and manner. Our approach is based on a distributed scheme, in which protection and tamper-resistance of program code is achieved, not by a single security module, but by a network of (smaller) security units that work together in the program. These security units, or guards, can be programmed to do certain tasks (checksumming the program code is one example) and a network of them can reinforce the protection of each other by creating mutual-protection. We have implemented a system for automating the process of installing guards into Win32 executables. 1 Experimental results show that memory space and run-time performance impacts incurred by guards can be kept very low (as explained later in the paper).

This work introduces a new approach to code safety.  We present Naccio, a system architecture that allows a large class of safety policies to be expressed in a general and platform-independent way…

This paper describes a specfication-based approach to detect exploitations of vulnerabilities in security-critical programs.  The approach utilizes security specifications that describe the intended behavior of programs and scans audit trails for operations that are in violation of the specifications…

Intrusion detection systems rely on a wide variety of observable data to distinguish between legitimate and illegitimate activities.  In this paper we study one such observable - sequences of system calls into the kernel of an operating system…

An attractive target for a computer system attacker is the router.  An attacker in control of a router can disrupt communication by dropping or misrouting packets passing through the router.  We present a protocol called Watchers that detects and reacts to routers that drop or misroute packets…