My UW
|
UW Search
Computer Science Home Page
|
 |
|
Computer Security and Cryptography Reading Group
December 2005 List
Thursday, December 1, 2005
3 PM - 4 PM
7331 CS
|
S. Son
M. Livny
S. Son, B. Allcock, M. Livny
UW / Argonne
CODO: firewall traversal by cooperative on-demand opening
HPDC 2005
URL: http://www.cs.wisc.edu/~sschang/papers/CODO-hpdc.pdf
Firewalls and network address translators (NATs)
cause significant connectivity problems along with
benefits such as network protection and easy address
planning. Connectivity problems make nodes separated
by a firewall/NAT unable to communicate with each
other. Due to the bidirectional and
multiorganizational nature of grids, they are
particularly susceptible to connectivity
problems. These problems make collaboration
difficult or impossible and cause resources to be
wasted. This paper presents a system, called CODO,
which provides applications end-to-end connectivity
over firewalls/NATs in a secure way. CODO allows
applications authorized through strong security
mechanisms to traverse firewalls/NATs, while
blocking unauthorized applications. This paper also
formalizes the firewall/NAT traversal problem and
clarifies how a traversal system fits in the overall
security policy enforcement by a firewall/NAT.
|
Thursday, December 15, 2005
3 PM - 4 PM
7331 CS
|
N. Feamster
H. Balakrishnan
D. Karger
N. Feamster, M. Balazinska, G. Harfst, H. Balakrishnan, D. Karger
MIT
Infranet: Circumventing Web Censorship and Surveillance
Security'02
URL: http://www.usenix.org/publications/library/proceedings/sec02/feamster.html
An increasing number of countries and companies
routinely block or monitor access to parts of the
Internet. To counteract these measures, we propose
Infranet, a system that enables clients to
surreptitiously retrieve sensitive content via
cooperating Web servers distributed across the
global Internet. These Infranet servers provide
clients access to censored sites while continuing to
host normal uncensored content. Infranet uses a
tunnel protocol that provides a covert communication
channel between its clients and servers, modulated
over standard HTTP transactions that resemble
innocuous Web browsing. In the upstream direction,
Infranet clients send covert messages to Infranet
servers by associating meaning to the
sequence of HTTP requests being made. In the
downstream direction, Infranet servers return
content by hiding censored data in uncensored images
using steganographic techniques. We describe the
design, a prototype implementation, security
properties, and performance of Infranet. Our
security analysis shows that Infranet can
successfully circumvent several sophisticated
censoring techniques.
|
Thursday, December 29, 2005
3 PM - 4 PM
7331 CS
|
M. Swift
M. M. Swift, C. Van Dyke, P. Brundrett, P. Garg, A. Hopkins, M. Goertzel, S. Chan, G. Jensensworth
Microsoft
Improving the Granularity of Access Control in Windows NT
SACMAT'01
URL: http://www.cs.washington.edu/homes/mikesw/papers/win2kacl.pdf
This paper presents the access control mechanisms in
Windows 2000 that enable fine-grained protection and
centralized management. These mechanisms were added
during the transition from Windows NT 4.0 to support
the Active Directory, a new feature in Windows
2000. We first extended entries in access control
lists to allow rights to apply to just a portion of
an object. The second extension allows centralized
management of object hierarchies by specifying more
precisely how access control lists are
inherited. The final extension allows users to limit
the rights of executing programs by restricting the
set of objects they may access. These changes have
the combined effect of allowing centralized
management of access control while precisely
specifying which accesses are granted to which
programs.
|
< Back to the Sec & Crypto reading group page
Created and maintained by Mihai Christodorescu ( http://www.cs.wisc.edu/~mihai)
Created: Fri Feb 04 16:32:13 2005
Last modified: Fri Sep 30 13:59:39 Central Daylight Time 2005
|
|
|
 |