Security architectures for network clients

Information Management and Computer Security

Volumn 11, Issue 2-3, 2003, Pages 84-91

  Skoularidou, Victoria ^a   Spinellis, Diomidis ^a  

^a ATHENS UNIVERSITY OF ECONOMICS AND BUSINESS   (Greece)

Author keywords

Clients; Computer architectures; Networks; Security; Software

Indexed keywords

COMPUTER SOFTWARE; COMPUTER SYSTEM FIREWALLS; DATA PRIVACY; JAVA PROGRAMMING LANGUAGE;

VIRTUAL MACHINES;

SECURITY OF DATA;

EID: 0042363358     PISSN: 09685227     EISSN: None     Source Type: Journal    
DOI: 10.1108/09685220310468664     Document Type: Review

References (44)

1. Andersen, J. (1972), "Computer security technology planning study", ESD-TR-73-51, HQ Electronic Systems Division (AFSC), L.G. Hanscom Field, Bedford, MA, October, Vol. 1/2.
2. Anderson, R. (2002), "TCPA/Palladium frequently asked questions, Version 1.0", available at: www.cl.cam.ac.uk/̃rja14/tcpa-faq.html (accessed 6 November 2002).
3. Arbaugh, B. (2002), "Improving the TCPA specification", IEEE Computer, Vol. 38 No. 5, August, pp. 77-9.
4. Balfanz, D. and Felten, E. (1999), "Hand-held computers can be better smart cards", Proceedings of the 8th USENIX Security Symposium, Washington, DC.
5. Chen, Z. (1998), "Understanding Java Card 2.0", Javaworld Magazine, March.
6. Cheswick, W. and Bellovin, S. (1994), Building Internet Firewalls, Addison-Wesley, Reading, MA.
7. Coleman, A. (1998), "Giving currency to the Java Card API", Javaworld Magazine.
8. Erlingsson, U. and Schneider, F. (1999), "SASI enforcement of security policies: a retrospective", ACM New Security Paradigms Workshop, July, New York, NY, pp. 246-55.
9. Erlingsson, U. and Schneider, F. (2000), "IRM enforcement of Java stack inspection", 2000 IEEE Symposium on Security and Privacy (SOSP '2000), Piscataway, NJ.
10. Freudenthal, M., Heiberg, S. and Willemson, J. (2000), "Personal security environment on palm PDA", 16th Annual Computer Security Applications Conference (ACSAC '00), New Orleans, LA, 11-15 December.
11. Fu, K., Sit, E., Smith, K. and Feamster, N. (2000), "MAPbox: using parameterized behavior classes to confine untrusted applications", 9th USENIX UNIX Security Symposium, Denver, CO.
12. Garfinkel, S. and Spafford, G. (2002), Web Security, Privacy and Commerce, 2nd ed., O'Reilly & Associates, Sebastopol, CA.
13. Ghosh, A. (1998), E-Commerce Security: Weak Links, Best Defenses, Wiley Computer Publishing, New York, NY.
14. Ghosh, A. (2001), Security and Privacy for E-Business, Wiley Computer Publishing.
15. Ghosh, A. and McGraw, G. (1998), "An approach for certifying security in software components", 21st National Information Systems Security Conference, National Institute of Standards and Technology (MIST), Crystal City, VA, pp. 82-6.
16. Gong, L., Mueller, M., Prafullchandra, H. and Schemers, R. (1997), "Going beyond the sandbox: an overview of the new security achitecture in the Java development kit (JDK) 1.2", USENIX Symposium on Internet Technologies and Systems, Monterey, CA, December, pp. 103-12.
17. Gritzalis, S. and Spinellis, D. (1997) "Addressing threats and security issues in World Wide Web technology", 3rd International Conference on Communications and Multimedia Security, Athens, Greece, pp. 33-46.
18. Gritzalis, S., Aggelis, G. and Spinellis, D. (1998), "Programming languages for mobile code: a problems viewpoint", 1st International Network Conference INC '98, Plymouth, pp. 210-17.
19. Kozen, D. (1998), Efficient Code Certification, Tech. Report 98-1661, Cornell University, January.
20. Lampson, B. (1971), "Protection", 5th Princeton Conference on Information Science and Systems, Princeton, NJ.
21. Lampson, B. (1983), "Hints for computer systems design", 9th ACM Symposium on Operating Systems Principles, Bretton Woods, NH.
22. Lindhorn, T. and Yellin, F. (1997), The Java Virtual Machine Specification, Addison-Wesley, Reading, MA.
23. Lobel, J. (1986), Computer Security and Access Control: Foiling the System Breakers, McGraw-Hill, New York, NY.
24. McGraw, G. and Felten, E. (1997), "Understanding the keys to Java Security", Javaworld Magazine.
25. McGraw, G. and Felten, E. (2000), "Securing Java", Wiley Computer Publishing, New York, NY.
26. Martin, D. Jr, Rajagopalan, S. and Rubin, A. (1997), "Blocking Java applets at the firewall", 1997 IEEE Symposium on Network and Distributed Systems Security, San Diego, CA, March, available at: www.cs.bu.edu/techreports/96-026-java-firewalls.ps.Z (accessed 6 November 2002).
27. Meyer, K., Schaeffer, S., Baker, D. and Manning, S. (1995) "Addressing threats in World Wide Web technology", 11th Annual Computer Security Applications Conference, pp. 123-3.
28. Microsoft Corporation (2001) "Code signing with Microsoft authenticode", MSDN Library Online.
29. Microsoft Corporation (2002), Microsoft "Palladium": A Business Overview, White Paper, August, available at: www.microsoft.com/presspass/features/2002/jul02/0724palladiumwp.asp (accessed 6 November 2002).
30. Necula, G. and Lee, P. (1996), "Safe kernel extensions without run-time checking", 2nd USENIX Symposium on Operating Systems Design and Implementation (OSDI '96, Seattle, Washington, DC, October.
31. NSA (2001), "Security enhanced Linux (SELinux)", available at: www.nsa.gov/selinux/(accessed 20 November 2001).
32. Organick, E. (1972), The MULTICS System: An Examination of Its Structure, MIT Press, Cambridge, MA.
33. Prevelakis, V. and Spinellis, D. (2001), USENIX 2001 Technical Conference, USENIX Association.
34. Saltzer, J., Reed, D. and Clark, D. (1984), "End-to-end arguments in system design", ACM Transactions on Computer Systems, Vol. 2 No. 4, pp. 277-88.
35. Schneier, B. (2002), "Palladium and the TCPA", Crypto-Gram Newsletter, 15 August, Counterpane Internet Security, Inc., available at: www.counterpane.com/crypto-gram-0208.html (accessed 6 November 2002).
36. Schoen, S. (2002), "Palladium details", ActiveWin.com, July 8, available at: www.activewin.com/articles/2002/pd.shtml (accessed 6 November 2002).
37. Sommerville, I. (2001), Software Engineering, 6th Edition, Addison-Wesley, Reading, MA.
38. Stallings, W. (1995), Network and Internetwork Security: Principles and Practice, Prentice-Hall, Englewood Cliffs, NJ.
39. Trusted Computing Platform Alliance (TCPA) (2000), Building a Foundation of Trust in the PC, White Paper, January.
40. Visa International (2001), "Chip migration plan", available at www.visa.com (accessed 10 November 2001).
41. VMware Inc. (2000), "VMware GSX server", available at: www.vmware.com/pdf/gsx_whitepaper.pdf (accessed 10 November 2001).
42. Wahbe, R., Lucco, S., Andersen, T. and Graham, S. (1993), "Efficient software-based fault isolation", 14th ACM Symposium on Operating Systems Principles (SOSP' 93, Asheville, NC, pp. 203-16.
43. Wallach, D. and Felten, E. (1998), "Understanding Java stack inspection", 1938 IEEE Symposium on Security and Privacy (SOSP' 98), Oakland, CA, May.
44. Zwicky, E., Cooper, S. and Chapman, D. (2000), Building Internet Firewalls, 2nd Edition, O'Reilly & Associates, Sebastopol, CA.