In Linux, applications like su and login currently run as root in order to access authentication information and set or alter the identity of the process. In such cases, if the application is compromised while running as a privileged user, the entire ...

The continuing frequency and seriousness of security incidents underline the critical importance of application security. Decentralized information flow control (DIFC), a promising tool for improving application security, gives application developers ...

When computer systems are compromised by an attack, it is difficult to determine the precise extent of the damage caused by the attack because the state changes made by an attacker and those made by regular users can be closely intertwined. This problem ...

In this paper we present the lessons we learned when developing VPFS, a virtual private file system that is based on both a small amount of trusted storage and an untrusted legacy file system residing on the same machine. VPFS' purpose is to provide ...

Virtualization technology is becoming increasingly common in datacenters, since it allows for collocation of multiple workloads, consisting of operating systems, middleware and applications, in different virtual machines (VMs) on shared physical ...

The Caernarvon operating system was developed to demonstrate that a high assurance system for smart cards was technically feasible and commercially viable. The entire system has been designed to be evaluated under the Common Criteria at EAL7, the ...

Decentralized Information Flow Control (DIFC) is an approach to security that allows application writers to control how data flows between the pieces of an application and the outside world. As applied to privacy, DIFC allows untrusted software to ...

Traditional high performance computing systems require extensive management and suffer from security and configuration problems. This paper presents two generations of a cluster-management system that aims at making clusters as secure and self-managing ...

General-purpose, commercial software platforms are increasingly used as system building blocks, even for dependable systems. One reason for their generality, usefulness, and popular adoption is that these software platforms can evolve through ad hoc ...

Asbestos, a new prototype operating system, provides novel labeling and isolation mechanisms that help contain the effects of exploitable software flaws. Applications can express a wide range of policies with Asbestos's kernel-enforced label mechanism, ...

In 2003, Tseng et al. proposed a self-certified public key signature with message recovery, which gives two advantages: one is that the signer's public key can simultaneously be authenticated in verifying the signature and the other one is that only the ...

As the fundamental software to guarantee information security, operating system is desired to support various security policies flexibly and to control the propagation and revocation of access rights efficiently. This paper presents a design and ...

Recently, Wu and Chieu proposed a user-friendly remote authentication scheme with smart card. In their scheme, the users can choose and change their passwords freely. However, their scheme is insecure. In this paper, we propose two attacks on their ...

In 2002, Lee, Hwang, and Yang proposed a verifier-free remote user authentication scheme using smart cards. Their scheme is efficient because of mainly using cryptographic hash functions. However, we find that Lee-Hwang-Yang's scheme is not reparable ...

In 2000, Peyravian and Zunic proposed an efficient hash-based password authentication scheme that can be easily implemented. Later, Lee, Li, and Hwang demonstrated that Peyravian-Zunic's scheme is vulnerable to an off-line guessing attack, and then ...

Nowadays, wireless communication becomes more and more popular. In 2003, Hwang et al. proposed an authentication scheme for mobile satellite communication systems. However, their proposed scheme lacks efficiency and perfect forward secrecy. Thus, we ...

The feature of the peer-to-peer system such as user anonymity, open nature makes that some peers are not responsible for their distributing inauthentic information. An effective solution is that set up the trust model in the p2p system. This paper ...

Although Web-based information systems (WISs) have been widely used by enterprises to accomplish business tasks through the Internet, there is little research on designing a flexible access control and delegation model for WISs. In this paper, we design ...

In 2002, Lee, Ryu, and Yoo proposed a fingerprint-based remote user authentication scheme using smart cards. The scheme makes it possible for authenticating the legitimacy of each login user without any password table. In addition, the authors claimed ...

With the one-time password concept, the S/Key scheme is widely utilized by the protocols with limited login times to defend against replay attack. By employing the simple and unidirectional hash function, the improved version of the S/Key scheme is ...