Advanced search Help
Searching for terms: EXACT: "Levin, Timothy" in: author
Clear all search criteria
Only 2/3! You are seeing results from the Public Collection, not the complete Full Collection. Sign in to search everything (see eligibility).
-
Teaching Security Engineering Principles
"The design and construction of secure systems cannot be entirely captured in textbooks or class notes, but must be taught as an art which is learned through apprenticeship and practice. This paper describes a course in Secure Systems that uses the Flaw Hypothesis Methodology for penetration testing as a vehicle for motivating and teaching students fundamental principles of security engineering."
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Levin, Timothy E.
2001-04
-
Security Architecture for Transient Trust
"In extraordinary situations, certain individuals may require access to information for which they are not normally authorized. For example, to facilitate rescue of people trapped inside of a burning building, firefighters may need its detailed floor plan -- information that may not typically be accessible to emergency responders. Thus, it is necessary to provide transient trust so that such sensitive information is available to selected individuals only during the emergency. The architecture presented here is designed to support transient trust. It encompasses pre-positioned, updateable domains for use exclusively during emergencies along with a set of 'normal' domains with different sensitivity levels. Allocated to partitions, these domains are entered via a high integrity trusted path service located in a separate trusted partition. Interaction among subjects in different partitions is controlled by a high assurance separation kernel, and efficient use of devices is achieved through the application of a three-part device model. The resulting architecture enforces mandatory security policies, yet ensures secure and revocable access to a class of information during declared emergencies."
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Levin, Timothy E.; Clark, Paul C.
2008-10
-
Performance Impact of Connectivity Restrictions and Increased Vulnerability Presence on Automated Attack Graph Generation
"The current generation of network vulnerability detection software uses databases of known vulnerabilities and scans target networks for these weaknesses. The results can be voluminous and difficult to assess. Thus, the success of this technology has created a need for software to aid in network vulnerability analysis. Although research has shown the effectiveness of automated attack graph generation tools in displaying potential attack paths in a network, research involving the performance of these tools has been limited. The performance impact of connectivity restrictions and the number of vulnerabilities present on a network for these tools is not well understood. Using empirical testing, we have collected quantitative data using CAULDRON, an attack graph generation tool developed at George Mason University, on a collection of simulated networks defined to modulate connectivity at certain points in our networks and represent the number of vulnerabilities present per node. By defining our model to include sets of nodes, which allow connectivity from all nodes to all vulnerable nodes in the set; the number of nodes present in each set, the number of connections between sets; and the number of vulnerabilities per node as our variables, we are able to observe the performance impact on CAULDRON of both connectivity restrictions and the increased presence of vulnerabilities in our networks. The effect of these variables on processing time and memory usage is presented and can be used as a metric to assess the scalability of this tool within various customer environments."
Naval Postgraduate School (U.S.). Center for Information Systems Security Studies and Research
Irvine, Cynthia E.; Levin, Timothy E.; Cullum, James
2007-03
-
Analysis of Three Kernel-Based Multilevel Security Architectures
"Various system architectures have been proposed for highly robust enforcement of multilevel security (MLS). This paper provides an analysis of the relative merits of three architectural types--one based on a traditional separation kernel, another based on a security kernel, and a third based on a high-robustness separation kernel. We show that by taking advantage of commonly available hardware features, and incorporating security features required by the nascent Separation Kernel Protection Profile (SKPP), the latter architecture may provide several aspects of security and assurance that are not achievable with the other two."
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Levin, Timothy E.; Nguyen, Thuy D.
2006-08-25
-
Emergency Response for Cyber Infrastructure Management
"The objective of this research is to investigate architectural mechanisms to provide an emergency response capability for Cyber Infrastructure management through the use of distributed, highly secure, protected domains. Instead of creating a costly physically separate cyber domain, logical separation is used. This work developed an architecture and prototype demonstration in the context of an open source operating system."
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Dinolt, George W.; Levin, Timothy E.
2003-02
-
Effects of Security Choices and Limits in a Metacomputing Environment
"It is anticipated that the introduction of metacomputing and distributed resource management mechanisms to the Internet and World Wide Web will make available to users and applications a large diversity of previously unavailable network and computing resources. New methods of managing the scheduling and allocation of distributed resources bring into focus new problems and approaches for managing security in those contexts. We present an analysis layered and variable security services and requirements. These services and requirements may be accessed via a network control program such as a Resource Management System (RMS) which is responsible for scheduling resources in distributed heterogeneous environments. The RMS will not present the same virtual computer/network to the same job each time it is submitted for execution. Each instance will be comprised of potentially different actual resources with different properties. Our objective is to understand how user and application requirements, characterized as choices and limits, can affect the overall security provided. A method is presented for fairly measuring the effectiveness of an RMS in performing security allocation and assignments with respect to security choices made by metacomputer users and applications."
Naval Postgraduate School (U.S.). Center for Information Systems Security Studies and Research
Irvine, Cynthia E.; Levin, Timothy E.
2000-01-31
-
Cautionary Note Regarding the Data Integrity Capacity of Certain Secure Systems
"The need to provide standard commercial-grade productivity applications as the general purpose user interface to high-assurance data processing environments is compelling, and has resulted in proposals for several different types of trusted systems. We characterize some of these systems as a class of architecture. We discuss the general integrity property that systems can only be trusted to manage modifiable data whose integrity is at or below that of their interface components. One effect of this property is that in terms of integrity these hybrid-security systems are only applicable to processing environments where the integrity of data is consistent with that of low-assurance software. Several examples are provided of hybrid-security systems subject to these limitations."
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Levin, Timothy E.
2002
-
Sixth Workshop on Education in Computer Security (WECS6): Avoiding Fear, Uncertainty and Doubt Through Effective Security Education
"Naturally, information security educators play an important role in addressing the problems of fear, uncertainty and doubt. We can provide our students with an understanding of system vulnerabilities, the threat agents to whom such vulnerabilities would be attractive, and techniques for mitigating those threats. Even more importantly, our students can be practiced in the critical thinking skills necessary to discern cyber security snake oil and voodoo from sound security architectures and products. It is within this context that we welcome you to the Sixth Workshop on Education in Computer Security (WECS). Our theme this year is 'Avoiding Fear, Uncertainty, and Doubt through Effective Security Education.' The papers contained in this volume present tools and techniques that have been used in undergraduate and graduate settings. Some of the papers describe entire programs or courses, while others present laboratory activities; a few papers explore rather unusual techniques for conveying the cyber security message. The scope of our field continues to expand and this year's workshop includes papers that will broaden our horizons and enrich our teaching. We hope that the readers of this volume will join the conference organizers, authors and participants for future workshops and conferences on information security education."
Naval Postgraduate School (U.S.)
Murray, William Hugh; Tikekar, Rahul V.; Levin, Timothy E. . . .
2004-07
-
KeyNote Policy Files and Conversion to Disjunctive Normal Form for Use in IPsec
This technical report describes the utility developed for converting a KeyNote policy file to Disjunctive Normal Form, so that it can be further utilized in research on Quality of Security Service for IPsec. Some background information on KeyNote and IPsec, on the Disjunctive Normal Form of logical expressions, as well as on lex and yacc tools, can be found in the introductory paragraphs of this document.
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Levin, Timothy E.; Spyropoulou, Evdoxia
2002-01
-
MYSEA Security Architecture
This document describes an innovative architecture consisting of trusted security services and integrated operating system mechanisms for the protection of distributed multi-domain computing environments from malicious code and other attacks. These security services and mechanisms extend and interoperate with existing workstations, applications and open source operating systems, providing new capabilities for composing secure distributed systems using commercial off-the-shelf (COTS) components. The latter construct results from the realization that unless a secure system offers users comfortable and familiar interfaces for handling routine information, the secure system will fail due to lack of user acceptability.
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Levin, Timothy E.; Shifflett, David J.
2002-05
-
National Trusted Computing Strategy
Through neglect, the national capability to design and construct trusted computers and networks has begun to atrophy. Not only has the information infrastructure been built weakly, but also our capability to strengthen it continues to decline. The Nation is now lacking in both the research and development talent to produce trusted computing systems and the educational infrastructure to create this talent. In this document, the Center for INFOSEC Studies and Research (CISR) in Monterey, California, proposes a three-pronged approach to strengthen the national information infrastructure and reinvigorate the national capability to produce trustworthy computing systems. The document describes the Trusted Computing Exemplar project as a worked example of how trusted computing systems and components can be constructed. Second, it defines a national research initiative to advance the theoretical foundations for trusted computing and to produce a set of automated tools to support the development of high assurance systems; and third, it defines an educational initiative based on nascent Information Assurance education programs and the Trusted Computing Exemplar to provide a framework for Trusted Computer Development education. The result of this multi-faceted approach will be to increase the security of the national Information Infrastructure by increasing the availability of: Trusted Computer systems and components, Trusted Computer development tools, and Trusted Computer developers, evaluators and educators.
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Dinolt, George W.; Levin, Timothy E.
2002-05
-
Diamond HASP Trusted Computing Exemplar
The National Information Infrastructure is weak; there are no high security, high assurance, off-the-shelf products available that can be used to strengthen it; and the National capability to design and construct such trusted computer systems and networks has atrophied. The purpose of the Trusted Computing Exemplar project is to provide a worked example to show how trusted computing systems and components can be constructed. A prototype high assurance development framework will be created first, and then used to produce a reference implementation trusted computing component, the Embedded MicroKernel Prototype. A third-party evaluation of the component will be initiated during development (e.g., once the high-level design documentation is written). The documentation, source code, development framework and other deliverables will be made openly available as they are produced. The goal is to produce a very small, portable component that will provide users with correct security operation and an a priori assurance against system subversion.
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Dinolt, George W.; Levin, Timothy E.
2002-09
-
Execution Policies Research and Implementation
This research studied the application of a software-based ring execution policy, the type of which has previously been implemented via hardware mechanisms, to an open source operating system. Such an execution policy is orthogonal to, and may be used in conjunction with, other mandatory (viz, secrecy, integrity) and discretionary policies. It allows processes running with otherwise similar privileges (such as the root user, or secrecy attributes) to be differentiated with respect to priority or privilege regarding system resources and execution. The authors have found that it is possible to construct a mandatory ring execution policy whose primary function is to restrict subjects from executing certain file system objects, and that this may result in a more coherent and manageable policy than what can be expected from various discretionary (e.g., policy-bypass or privilege-grouping) mechanisms.
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Levin, Timothy E.; Clark, Paul C.
2003-02
-
Policy Enforced Remote Login
This document describes enhancements made to the popular OpenSSH authentication service to restrict the execution of OpenSSH processes by applying a ring-based program execution policy. It also applies a label-based mandatory access control (MAC) policy to limit a user's login shell to run at a specific security level within the user's authorized security clearance range. While still rudimentary, these enhancements illustrate the usefulness of a ring-based execution mechanism for restricting program behavior.
Naval Postgraduate School (U.S.)
Levin, Timothy E.; Nguyen, Thuy D.
2003-02
-
Demonstration of Quality of Security Service Awareness for IPsec
Quality of Security Service (QoSS) refers to the ability to provide security services according to user and system preferences, policies and conditions. Thus, security can be managed as a responsive "service" for which quantitative measurement of service "efficiency" is possible. This document presents a demonstration on how a specific underlying security mechanism, IPsec, can be modulated to provide different levels for security in response to changing QoSS requirements. Section 1 provides a demonstration of QoSS awareness for IPsec. Section 2 provides some Psec background and describes how QoSS notions can be linked to this security mechanism. Section 3 gives a brief description of the demo's functionality. Section 4 discusses the IPsec's Security Policy Database and how to put rules into it. Sections 5 and 6 discuss Internet Key Exchange daemon's configuration and policy issues. Section 7 presents the functionality of the QoSS management module. Display of traffic data and of established security parameters is discussed in sections 8 and 9. Section 10 contains a detailed list of demonstration steps and files.
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Levin, Timothy E.; Spyropoulou, Evdoxia
2002-09
-
Approach to Security Requirements Engineering for a High Assurance System
"Requirements specifications for high assurance secure systems are rare in the open literature. This paper examines the development of a requirements document for a multilevel secure system that must meet stringent assurance and evaluation requirements. The system is designed to be secure, yet combines popular commercial components with specialized high assurance ones. Functional and non-functional requirements pertinent to security are discussed. A multi-dimensional threat model is presented. The threat model accounts for the developmental and operational phases of system evolution and for each phase accounts for both physical and non-physical threats. We describe our team-based method for developing a requirements document and relate that process to techniques in requirements engineering. The system requirements document presented provides a calibration point for future security requirements engineering techniques intended to meet both functional and assurance goals."
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Levin, Timothy E.; Wilson, Jeffery D.
2002
-
TCX Project: High Assurance for Secure Embedded Systems
"An overview of the Trusted Computing Exemplar (TCX) research project and its accomplishments to date are presented. The TCX project is constructing a separation kernel that will be high assurance and suitable for use in simple embedded systems. To guide the kernel development, we have created a reusable high assurance development framework. The main emphasis of this multifaceted research and development initiative is to transfer knowledge and techniques for high assurance trusted system development new developers, evaluators and educators."
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Levin, Timothy E.; Nguyen, Thuy D.
2005-03
-
Is Electronic Privacy Achievable?
"While secrecy and integrity policies are most often crafted for protection of corporate (e.g., commercial, educational and government) information, we understand privacy policies to be targeted toward the protection of information for and about individuals. The purpose of this panel is to focus on how new technologies are affecting privacy. [...] Despite the historical lack of support for privacy research on the part of government, military and industry, it is encouraging to see recent developments in theory, techniques and products to support the 'Privacy' part of 'Security & Privacy' (e.g., see 'proponent' panelists, below). However, it seems clear that the science of privacy is in its infancy, and there are more questions on the table than answers."
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Levin, Timothy E.
2000-05
-
Securing the Dissemination of Emergency Response Data with an Integrated Hardware-Software Architecture
"During many crises, access to sensitive emergency-support information is required to save lives and property. For example, for effective evacuations first responders need the names and addresses of non-ambulatory residents. Yet, currently, access to such information may not be possible because government policy makers and third-party data providers lack confidence that today's IT systems will protect their data. Our approach to the management of emergency information provides first responders with temporary, transient access to sensitive information, and ensures that the information is revoked after the emergency. The following contributions are presented: a systematic analysis of the basic forms of trusted communication supported by the architecture; a comprehensive method for secure, distributed emergency state management; a method to allow a userspace application to securely display data; a multifaceted system analysis of the confinement of emergency information and the secure and complete revocation of access to that information at the closure of an emergency."
Naval Postgraduate School (U.S.). Center for Information Systems Security Studies and Research
Levin, Timothy E.; Dwoskin, Jeffrey S.; Bhaskara, Ganesha
2009-04
-
Idea: Trusted Emergency Management
"Through first-responder access to sensitive information for which they have not been pre-vetted, lives and property can be saved. We describe enhancements to a trusted emergency information management (EIM) system that securely allows for extraordinary access to sensitive information during a crisis. A major component of the architecture is the end-user device, the security of which is enhanced with processor- level encryption of memory. This paper introduces an approach to more efficiently use the processor-encryption feature for secure data storage, as well as ISA instructions for the management of emergency state."
Naval Postgraduate School (U.S.). Center for Information Systems Security Studies and Research
Irvine, Cynthia E.; Levin, Timothy E.; Benzel, Terry V.
2009-02
-
Quality of Security Service: Adaptive Security [preprint version]
The premise of Quality of Security Service is that system and network management functions can be more effective if variable levels of security services and requirements can be presented to users or network tasks. In this approach, the "level of service" must be within an acceptable range, and can indicate degrees of security with respect to various aspects of assurance, mechanistic strength, administrative diligence, etc. These ranges result in additional latitude for management functions to meet overall user and system demands, as well as to balance costs and projected benefits to specific users/clients. With a broader solution space to work within the security realm, the underlying system and network management functions can adapt more gracefully to resource shortages, and thereby do a better job at maintaining requested or required levels of service in all dimensions, transforming security from a performance obstacle into an adaptive, constructive network management tool.
Keywords: security ; quality of service ; performance ; adaptive security
Naval Postgraduate School (U.S.). Center for Information Systems Security Studies and Research
Irvine, Cynthia E.; Levin, Timothy E.; Spyropoulou, Evdoxia
2005-12-01
-
Note on Mapping User-Oriented Security Policies to Complex Mechanisms and Services
"The quality of service framework in a heterogeneous computer network environment may provide users and applications with a wide range of security mechanisms and services. We propose a simplified user security interface and a method for mapping this interface to complex underlying security mechanisms and services. Additionally, we illustrate a mechanism for mapping multiple security policies to the same user security interface."
Naval Postgraduate School (U.S.). Center for Information Systems Security Studies and Research
Irvine, Cynthia E.; Levin, Timothy
1999-06-15
-
Diamond High Assurance Security Program: Trusted Computing Exemplar
"Over the past decade, the US Government has not been significantly involved in high assurance Trusted Computing acquisitions and research. During this time, the Government's focus on commercial off the shelf procurements helped to fuel explosive advances in commercial technology, but it also contributed to the lack of progress in the ability of commercial systems to appropriately protect themselves and the data with which they are entrusted. While industry has been driven to supply the latest technology at the fastest pace, it has not been motivated, either internally or externally via customer demand, to produce highly trustworthy computing systems. As a result, the National Information Infrastructure is weak; there are no high security, high assurance, off-the-shelf products available that can be used to strengthen it; and the National capability to design and construct such trusted computer systems and networks has atrophied."
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Levin, Timothy E.; Dinolt, George W.
2002-09
-
Case Study in Security Requirements Engineering for a High Assurance System
"Requirements specifications for high assurance secure systems are rare in the open literature. This paper presents a case study in the development of a requirements document for a multilevel secure system that must meet stringent assurance and evaluation requirements. The system is secure, yet combines popular commercial components with specialized high assurance ones. Functional and non-functional requirements pertinent to security are discussed. A multi-dimensional threat model is presented. The threat model accounts for the developmental and operational phases of system evolution and for each phase accounts for both physical and non-physical threats. We describe our team-based method for developing a requirements document and relate that process to techniques in requirements engineering. The system requirements document presents a calibration point for future security requirements engineering techniques intended to meet both functional and assurance goals."
Naval Postgraduate School (U.S.)
Irvine, Cynthia E.; Levin, Timothy E.; Wilson, Jeffery D.
2001-03
1
