Advertisement

Applications of Trusted Review to Information Security

  • John Yesberg
  • Marie Henderson
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2119)

Abstract

The review process is an important part of many everyday activities. We introduce the concept of trusted review for electronic data. The review process is performed using an insertable security device called a Trusted Reviewer. The Trusted Reviewer can be designed to satisfy high assurance evaluation requirements. We show how the Trusted Reviewer can offer increased security in messaging, certification authorities, funds transfer, witnessing, and information downgrade.

Keywords

Personal Computer Digital Signature Information Security Computer Security Security Breach 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    C. Adams and S. Lloyd, Understanding Public-key infrastructure: concepts, standards, and deployment considerations, Macmillan Technical Publishing, 1999.Google Scholar
  2. 2.
    J. Allen, A. Christie, W. Fithen, J. McHugh, J. Pickel and E. Stoner, State of the Practice of Intrusion Detection Technologies, Technical ReportGoogle Scholar
  3. 3.
    M. Anderson, C. North, J. Griffin, R. Milner, J. Yesberg, and K. Yin, Starlight: Interactive Link, Proc. 12th. Annual Computer Science Security Applications Conference, IEEE Computer Society Press, 55–63, 1996.Google Scholar
  4. 4.
    M. Anderson, J. Yesberg, D. Marriott, L. Nayda, K. Hayman, M. Stevens, and B. Beahan Communications Security and Trusted Path Method and Means Australian Patent 706073, 1991.Google Scholar
  5. 5.
    R. Anderson, Liability and Computer Security-Nine Principles, ESORICS 94, http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/liability.pdf).
  6. 6.
    R. Anderson and F. Petitcolas, Information Hiding: An Annotated Bibliography, 1999. http://www.cl.cam.ac.uk/~fapp2/steganography/bibliography/Annotated_Bibliography.pdf
  7. 7.
    Australian Media Pty Ltd, Melissa.Net Portal, 2001, http://melissa.net/melissavirus.htm
  8. 8.
    D. Baker, Fortresses Built Upon Sand, Proc. of the New Security Paradigms Workshop, pp. 148–153, 1996.Google Scholar
  9. 9.
  10. 10.
    Commonwealth of Australia, Privacy Act, 1988, Australian Government Printing Service. http://www.austlii.edu.au/au/legis/cth/consol_act/pa1988108/index.html
  11. 11.
    Dallas Semiconductor, iButton 2001. http://www.ibutton.com
  12. 12.
    Defence Signals Directorate, Evaluated Products List, April 2000. Available at http://www.dsd.gov.au/infosec/aisep/EPL.html
  13. 13.
    Department of Justice and Attorney-General, Queensland, Administrative Duties of Commissioners for Declarations and Justices of the Peace, 2000.Google Scholar
  14. 14.
    C. Ellison and B. Schneier Ten Risks of PKI: What You’re Not Being Told About Public Key Infrastructure, Computer Security Journal, 16(1), 1–7, 2000. http://www.counterpane.com/pki-risks.html CrossRefGoogle Scholar
  15. 15.
    T. Fiorino, P. Casey, M. Easley, and R. Jordan. Lessons learned during the life cycle of an MLS guard deployed at multiple sites Proc. IEEE 11th Annual Computer Security Applications Conference, 1995. pp. 99–107.Google Scholar
  16. 16.
    L. Gagnon, An overview of the USAFE Guard System, Proc. 13th National Computer Security Conference, 1990. pp. 218–227Google Scholar
  17. 17.
    P. Greve, J. Hoffman, and R.E. Smith, Using type enforcement to assure a configurable guard, Proc. IEEE 13th Annual Computer Security Applications Conference, 1997. pp. 146–154.Google Scholar
  18. 18.
    M. Henderson, M. Burmester, E. Dawson and E. Okamoto, The Dark Side of Digital Signatures, Business Briefing — Global Information Security, to appear.Google Scholar
  19. 19.
    McAfee.com Associates, Virus Profile: VBS/Loveletter.a 2001, http://vil.mcafee.com/dispVirus.asp?virus_k=98617&
  20. 20.
    M. Manninger and R. Schischka, Adapting an electronic purse for Internet payments, ACISP’98, Springer-Verlag LNCS 1438, pp 205–214, 1998.Google Scholar
  21. 21.
    J. McLean and C. Meadows, The Future of Information Security, Themes and Highlights of the New Security Paradigms Workshop. http://chacs.nrl.navy.mil/publications/CHACS/1999/index1999.html
  22. 22.
    A. McCullagh, W. Caelli, and P. Little, Electronic Signatures: Understand the Past to Develop the Future, University of New South Wales Law Journal, 1998. http://www.law.unsw.edu.au/unswlj/ecommerce/mccullagh.html
  23. 23.
    C. Meadows and J. McLean, Security and Dependability: Then and Now, Computer Security, Dependability, and Assurance: From Needs to Solutions, IEEE Society Press, 166–170, 1999. http://chacs.nrl.navy.mil/publications/CHACS/1999/index1999.html
  24. 24.
    A. Moore, Network Pump (NP) Security Target, Naval Research Laboratory, Memorandum Report 5540-00-8459, May 2000.Google Scholar
  25. 25.
    National Computer Security Center, Department of Defense Trusted Computer Security Evaluation Criteria, Report DOD5200.28-STD 1985.Google Scholar
  26. 26.
    National Security Agency, Security-Enhanced Linux http://www.nsa.gov/selinux/
  27. 27.
    T. Redhead and D. Povey, The Problems With Secure On-line Banking. In Proceedings of the XVIIth annual South East Asia Regional Conference (SEARCC’98). July, 1998, http://security.dstc.edu.au/papers/searcc98-bank/
  28. 28.
    J. Saltzer and M. Schroeder The protection of information in computer systems Proc. IEEE 63(9) 1278–1308, 1975.CrossRefGoogle Scholar
  29. 29.
    B. Schneier Why Digital Signatures are Not Signatures, Cryptogram, November 15 2000. http://www.counterpane.com/crypto-gram-0011.html#1
  30. 30.
    E. Smith, Trusted Computing: Trusted by Whom? http://www.brouhaha.com/~eric/editorials/trusted_computing.html
  31. 31.
    Spyrus, Rosetta Personal Access Reader, 2001. http://www.spyrus.com/content/products/rosetta/PAR2.asp
  32. 32.
    Trusted Computing Platform Alliance, (for information http://www.trustedpc.org/home/home.htm)
  33. 33.
    R. Vick, An overview of the AMC WWMCCS CAT Guard, Proc. IEEE Eighth Annual Computer Security Applications Conference, 1992. pp. 46–54.Google Scholar
  34. 34.
    Vision Abell Pty Ltd (now Tenix Defence Systems), Data Diode v1.2 Security Target, 1998.Google Scholar
  35. 35.
    Vision Abell Pty Ltd (now Tenix Defence Systems), Interactive Link v3.0 Security Target, 1999. http://www.systems.tenix.com/PRODUCTS/c3i/INTERLINK.HTML
  36. 36.
    Vision Abell Pty Ltd (now Tenix Defence Systems), Interactive Link Multiple Computer Switch v2.0 Security Target, 1999.Google Scholar
  37. 37.
    P. Winkler, Electronic Trusted Party, US Patent 5117358, 1992. http://www.delphion.com/details?pn=US05117358

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • John Yesberg
    • 1
  • Marie Henderson
    • 2
  1. 1.Information Technology DivisionDefence Science and Technology OrganisationSalisburyAustralia
  2. 2.School of Computer Science and Electrical EngineeringUniversity of QueenslandQldAustralia

Personalised recommendations