Skip to main content
SpringerLink
Log in
Book cover

Australasian Conference on Information Security and Privacy

ACISP 2001: Information Security and Privacy pp 305–319Cite as

Applications of Trusted Review to Information Security

  • Conference paper
  • First Online:

  • 981 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2119))

Abstract

The review process is an important part of many everyday activities. We introduce the concept of trusted review for electronic data. The review process is performed using an insertable security device called a Trusted Reviewer. The Trusted Reviewer can be designed to satisfy high assurance evaluation requirements. We show how the Trusted Reviewer can offer increased security in messaging, certification authorities, funds transfer, witnessing, and information downgrade.

This work was performed in part while with DSTO, and in part while with the ISRC at QUT.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. C. Adams and S. Lloyd, Understanding Public-key infrastructure: concepts, standards, and deployment considerations, Macmillan Technical Publishing, 1999.

    Google Scholar 

  2. J. Allen, A. Christie, W. Fithen, J. McHugh, J. Pickel and E. Stoner, State of the Practice of Intrusion Detection Technologies, Technical Report

    Google Scholar 

  3. M. Anderson, C. North, J. Griffin, R. Milner, J. Yesberg, and K. Yin, Starlight: Interactive Link, Proc. 12th. Annual Computer Science Security Applications Conference, IEEE Computer Society Press, 55–63, 1996.

    Google Scholar 

  4. M. Anderson, J. Yesberg, D. Marriott, L. Nayda, K. Hayman, M. Stevens, and B. Beahan Communications Security and Trusted Path Method and Means Australian Patent 706073, 1991.

    Google Scholar 

  5. R. Anderson, Liability and Computer Security-Nine Principles, ESORICS 94, http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/liability.pdf).

  6. R. Anderson and F. Petitcolas, Information Hiding: An Annotated Bibliography, 1999. http://www.cl.cam.ac.uk/~fapp2/steganography/bibliography/Annotated_Bibliography.pdf

  7. Australian Media Pty Ltd, Melissa.Net Portal, 2001, http://melissa.net/melissavirus.htm

  8. D. Baker, Fortresses Built Upon Sand, Proc. of the New Security Paradigms Workshop, pp. 148–153, 1996.

    Google Scholar 

  9. Common Criteria, http://www.commoncriteria.org/

  10. Commonwealth of Australia, Privacy Act, 1988, Australian Government Printing Service. http://www.austlii.edu.au/au/legis/cth/consol_act/pa1988108/index.html

  11. Dallas Semiconductor, iButton 2001. http://www.ibutton.com

  12. Defence Signals Directorate, Evaluated Products List, April 2000. Available at http://www.dsd.gov.au/infosec/aisep/EPL.html

  13. Department of Justice and Attorney-General, Queensland, Administrative Duties of Commissioners for Declarations and Justices of the Peace, 2000.

    Google Scholar 

  14. C. Ellison and B. Schneier Ten Risks of PKI: What You’re Not Being Told About Public Key Infrastructure, Computer Security Journal, 16(1), 1–7, 2000. http://www.counterpane.com/pki-risks.html

    Article  Google Scholar 

  15. T. Fiorino, P. Casey, M. Easley, and R. Jordan. Lessons learned during the life cycle of an MLS guard deployed at multiple sites Proc. IEEE 11th Annual Computer Security Applications Conference, 1995. pp. 99–107.

    Google Scholar 

  16. L. Gagnon, An overview of the USAFE Guard System, Proc. 13th National Computer Security Conference, 1990. pp. 218–227

    Google Scholar 

  17. P. Greve, J. Hoffman, and R.E. Smith, Using type enforcement to assure a configurable guard, Proc. IEEE 13th Annual Computer Security Applications Conference, 1997. pp. 146–154.

    Google Scholar 

  18. M. Henderson, M. Burmester, E. Dawson and E. Okamoto, The Dark Side of Digital Signatures, Business Briefing — Global Information Security, to appear.

    Google Scholar 

  19. McAfee.com Associates, Virus Profile: VBS/Loveletter.a 2001, http://vil.mcafee.com/dispVirus.asp?virus_k=98617&

  20. M. Manninger and R. Schischka, Adapting an electronic purse for Internet payments, ACISP’98, Springer-Verlag LNCS 1438, pp 205–214, 1998.

    Google Scholar 

  21. J. McLean and C. Meadows, The Future of Information Security, Themes and Highlights of the New Security Paradigms Workshop. http://chacs.nrl.navy.mil/publications/CHACS/1999/index1999.html

  22. A. McCullagh, W. Caelli, and P. Little, Electronic Signatures: Understand the Past to Develop the Future, University of New South Wales Law Journal, 1998. http://www.law.unsw.edu.au/unswlj/ecommerce/mccullagh.html

  23. C. Meadows and J. McLean, Security and Dependability: Then and Now, Computer Security, Dependability, and Assurance: From Needs to Solutions, IEEE Society Press, 166–170, 1999. http://chacs.nrl.navy.mil/publications/CHACS/1999/index1999.html

  24. A. Moore, Network Pump (NP) Security Target, Naval Research Laboratory, Memorandum Report 5540-00-8459, May 2000.

    Google Scholar 

  25. National Computer Security Center, Department of Defense Trusted Computer Security Evaluation Criteria, Report DOD5200.28-STD 1985.

    Google Scholar 

  26. National Security Agency, Security-Enhanced Linux http://www.nsa.gov/selinux/

  27. T. Redhead and D. Povey, The Problems With Secure On-line Banking. In Proceedings of the XVIIth annual South East Asia Regional Conference (SEARCC’98). July, 1998, http://security.dstc.edu.au/papers/searcc98-bank/

  28. J. Saltzer and M. Schroeder The protection of information in computer systems Proc. IEEE 63(9) 1278–1308, 1975.

    Article  Google Scholar 

  29. B. Schneier Why Digital Signatures are Not Signatures, Cryptogram, November 15 2000. http://www.counterpane.com/crypto-gram-0011.html#1

  30. E. Smith, Trusted Computing: Trusted by Whom? http://www.brouhaha.com/~eric/editorials/trusted_computing.html

  31. Spyrus, Rosetta Personal Access Reader, 2001. http://www.spyrus.com/content/products/rosetta/PAR2.asp

  32. Trusted Computing Platform Alliance, (for information http://www.trustedpc.org/home/home.htm)

  33. R. Vick, An overview of the AMC WWMCCS CAT Guard, Proc. IEEE Eighth Annual Computer Security Applications Conference, 1992. pp. 46–54.

    Google Scholar 

  34. Vision Abell Pty Ltd (now Tenix Defence Systems), Data Diode v1.2 Security Target, 1998.

    Google Scholar 

  35. Vision Abell Pty Ltd (now Tenix Defence Systems), Interactive Link v3.0 Security Target, 1999. http://www.systems.tenix.com/PRODUCTS/c3i/INTERLINK.HTML

  36. Vision Abell Pty Ltd (now Tenix Defence Systems), Interactive Link Multiple Computer Switch v2.0 Security Target, 1999.

    Google Scholar 

  37. P. Winkler, Electronic Trusted Party, US Patent 5117358, 1992. http://www.delphion.com/details?pn=US05117358

Download references

Author information

Authors and Affiliations

  1. Information Technology Division, Defence Science and Technology Organisation, PO Box 1500, Salisbury, SA, 5108, Australia

    John Yesberg

  2. School of Computer Science and Electrical Engineering, University of Queensland, Qld, 4072, Australia

    Marie Henderson

Authors
  1. John Yesberg
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marie Henderson
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computing, Macquarie University, North Ryde, NSW, 2109, Australia

    Vijay Varadharajan  & Yi Mu  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2001 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Yesberg, J., Henderson, M. (2001). Applications of Trusted Review to Information Security. In: Varadharajan, V., Mu, Y. (eds) Information Security and Privacy. ACISP 2001. Lecture Notes in Computer Science, vol 2119. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-47719-5_25

Download citation

  • DOI: https://doi.org/10.1007/3-540-47719-5_25

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-42300-3

  • Online ISBN: 978-3-540-47719-8

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation