Information protection via environmental data tethers

Proceedings New Security Paradigms Workshop

Volumn , Issue , 2007, Pages 67-73

  Beaumont Gay, Matt ^a   Eustice, Kevin ^a   Reiher, Peter ^a  

^a UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

Authorization; Data security

Indexed keywords

CONFIDENTIAL DATA; DATA EXPOSURE; DATA PROTECTION; DATA SECURITY; DATA-PROTECTION STRATEGY; ENVIRONMENTAL DATA; ENVIRONMENTAL FACTORS; INFORMATION PROTECTION; SENSITIVE DATAS;

NETWORK SECURITY;

TETHERLINES;

EID: 70450228476     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1600176.1600188     Document Type: Conference Paper

References (41)

1. Apple. FileVault: Increased security for your computer. http://www.apple.com/macosx/features/filevault/. Visited 2007/5/4.
2. Marine base seeks missing laptop. Associated Press, Oct 2006.
3. D. Balfanz, D. K. Smetters, P. Stewart, and H. C. Wong. Talking to strangers: Authentication in ad-hoc wireless networks. In Proc. NDSS, Feb 2002.
4. M. Blaze. A cryptographic file system for UNIX. In Proc. CCS, pages 9-16, Nov 1993.
5. S. Capkun and J.-P. Hubaux. Secure positioning of wireless devices with application to sensor networks. In Proc. INFOCOM, pages 1917-1928, Mar 2005.
6. S. Capkun and J.-P. Hubaux. Secure positioning in wireless networks. JSAC, 24(2):221-232, Feb 2006.
7. Cisco Systems. Cisco Network Admission Control (NAC) solution executive overview. http://www.cisco.com/application/pdf/en/us/guest/netsol/ns466/c654/ cdccont-0900aecd80557152.pdf, 2006. Visited 2007/5/4.
8. M. D. Corner and B. D. Noble. Zero-Interaction Authentication. In Proc. MOBICOM, pages 1-11, Sep 2002.
9. M. J. Covington, W. Long, S. Srinivasan, A. K. Dey, M. Ahamad, and G. D. Abowd. Securing context-aware applications using environment roles. In Proc. Symposium on Access Control Models and Technologies, pages 10-20, May 2001.
10. N. Damianou, N. Dulay, E. Lupu, and M. Sloman. The Ponder policy specification language. In Proc. Policies for Distributed Systems and Networks, LNCS, pages 18-39, Jan 2001.
11. M. Dornseif, M. Becker, and C. N. Klein. FireWire: All of your memory are belong to us. http://md.hudora.de/presentations/firewire/2005-firewire- cansecwest.pdf, May 2005. Visited 2007/5/4.
12. G. Durfee, D. K. Smetters, and D. Balfanz. Posture-Based Data Protection. Technical report, PARC, 2007.
13. P. Efstathopoulos, M. Krohn, S. VanDeBogart, C. Frey, D. Ziegler, E. Kohler, D. Mazières, F. Kaashoek, and R. Morris. Labels and event processes in the Asbestos operating system. In Proc. SOSP, pages 17-30, Oct 2005.
14. K. Eustice, V. Ramakrishna, S. Markstrum, P. Reiher, and G. Popek. WiFi nomads and their unprotected devices: The case for Quarantine, Examination, and Decontamination. In Proc. NSPW, pages 123-128, Aug 2003.
15. M. T. Goodrich, M. Sirivianos, J. Solis, G. Tsudik, and E. Uzun. Loud and Clear: Human-verifiable authentication based on audio. In Proc. International Conference on Distributed Computing Systems, pages 10-17, 2006.
16. Infosecurity Europe. Two thirds of workers reveal passwords for chocolate and a pretty smile. http://www.infosec.co.uk/page.cfm/Action=Press/PressID=640, Apr 2007. Visited 2007/5/4.
17. J. Leyden. Afghan market sells US military flash drives. The Register, Apr 2006.
18. M. Lorch, S. Proctor, R. Lepro, D. Kafura, and S. Shah. First experiences using XACML for access control in distributed systems. In Proc. Workshop on XML Security, pages 25-37, Oct 2003.
19. McAfee. Data Loss Prevention. http://www.mcafee.com/us/enterprise/ products/data-loss-prevention/. Visited 2007/10/29.
20. J. M. McCune, A. Perrig, and M. K. Reiter. Seeing-is-believing: Using camera phones for human-verifiable authentication. In Proc. Symposium on Security and Privacy, pages 110-124, May 2005.
21. Microsoft. Windows BitLocker Drive Encryption. http://www.microsoft.com/ windows/products/windowsvista/features/details/bitlocker.mspx. Visited 2007/5/4.
22. D. L. Mills. The Autokey security architecture, protocol and algorithms. Technical Report 06-1-1, University of Delaware Electrical and Computer Engineering, January 2006.
23. M. J. Moyer and M. Ahamad. Generalized Role-Based Access Control. In Proc. International Conference on Distributed Computing Systems, pages 391-398, Apr 2001.
24. A. C. Myers. JFlow: Practical mostly-static information flow control. In Proc. POPL, pages 228-241, January 1999.
25. National Security Agency. Security-Enhanced Linux. http://www.nsa.gov/ selinux/. Visited 2007/5/4.
26. N. Provos. Encrypting virtual memory. In Proc. USENIX Security, Aug 2000.
27. Reconnex. http://www.reconnnex.net/. Visited 2007/10/29.
28. L. Rosencrance. Boeing laptop with data on 382,000 employees stolen. Computerworld, Dec 2006.
29. J. H. Saltzer and M. D. Schroeder. The protection of information in computer systems. Proc. of the IEEE, 63(9):1278-1308, Sep 1975.
30. J. Seper. FBI eyes contractor in Los Alamos leak. The Washington Times, Oct 2006.
31. F. Stajano and R. Anderson. The resurrecting duckling: Security issues for ad-hoc wireless networks. In Proc. International Workshop on Security Protocols, LNCS, pages 172-182, 1999.
32. G. E. Suh, J. W. Lee, D. Zhang, and S. Devadas. Secure program execution via dynamic information flow tracking. In Proc. Architectural Support for Programming Languages and Operating Systems, pages 85-96, Oct 2004.
33. Trusted Computing Group. https://www.trustedcomputinggroup.org/. Visited 2007/5/4.
34. Verdasys. Digital Guardian. http://www.verdasys.com/digital-guardian.php. Visited 2007/10/29.
35. Vontu. http://www.vontu.com/. Visited 2007/10/29.
36. R. Want, A. Hopper, V. Falcão, and J. Gibbons. The Active Badge location system. Transactions on Information Systems, 10(1):91-102, Jan 1992.
37. Websense. Content Protection Suite. http://www.websense.com/global/en/ ProductsServices/CPS/. Visited 2007/10/29.
38. R.-P. Weinman and J. Appelbaum. Unlocking FileVault: An analysis of Apple's disk encryption system. http://events.ccc.de/congress/2006/Fahrplan/ attachments/1244-23C3VileFault.pdf, Dec 2006. Visited 2007/5/4.
39. C. P. Wright, J. Dave, and E. Zadok. Cryptographic file systems performance: What you don't know can hurt you. In Proc. Security in Storage Workshop, pages 47+, Oct 2003.
40. W. Xu, S. Bhatkar, and R. Sekar. Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks. In Proc. USENIX Security, pages 121-136, August 2006.
41. N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazières. Making information flow explicit in HiStar. In Proc. OSDI, Nov 2006.