Papers by Dorothy Denning
The future of cryptography
The Governance of Cyberspace, 2003
The Global Flow of Information: Legal, Social and Cultural Perspectives
European Journal of Communication, 2012
Page 1. The Global Flow of Information Page 2. Ex Machina: Law, TechnoLogy, and SocieTy General E... more Page 1. The Global Flow of Information Page 2. Ex Machina: Law, TechnoLogy, and SocieTy General Editors: Jack M. Balkin and Beth Simone noveck The Digital Person: Technology and Privacy in the Information Age danielJ. ...
A multilevel database is intended to provide the security needed for database systems that contai... more A multilevel database is intended to provide the security needed for database systems that contain data at a variety of classifications and serve a set of users having different clearances. This paper describes a formal security model for a such a system. The model is formulated in two layers, one corresponding to a reference monitor that enforces mandatory security, and the second an extension of the standard relational model, defining multilevel relations and formalizing policies for labeling new and derived data, data consistency, and discretionary security. The model also defines application-independent properties for entity integrity, referential integrity, and polyinstantia-
The future of cryptography
Proceedings of the 1st ACM conference on Computer and communications security
Vulnerability to deception is part of human nature, owing to fundamental limitations of the human... more Vulnerability to deception is part of human nature, owing to fundamental limitations of the human mind. This vulnerability is exploited by con artists and scammers, but also by the military, intelligence, and law enforcement communities for the purposes of operational security, intelligence collection on adversaries, and undercover operations against organized crime. More recently, deception is being applied to computer security, for example, through the use of honeypots. This paper describes psychological vulnerabilities to deception and how they can be exploited to outwit computer hackers. The paper draws upon research in psychology and fraud, and the military and intelligence deception-literature.
International key escrow encryption: Proposed objectives and options
In today’s information rich and networked economy, information security is crucial to organizatio... more In today’s information rich and networked economy, information security is crucial to organizations and global enterprises. It is also complex, encompassing access controls, network security, encryption, authentication, intrusion detection, auditing, malicious code protection, operational security, and security administration, among other things. There are numerous products to assist, but few offer a comprehensive enterprise-wide approach to secure information management. Moreover, most require expert staff to manage the security-critical components that handle authorizations, key management, and auditing. This is where TriStrata comes in. Founded by John Atalla, developer of automatic teller machine security and the PIN, the Redwood Shores, California company has taken a broad approach to information security. Their philosophy:
Deception is an appealing means for computer network defense (CND), as it pits the defender's str... more Deception is an appealing means for computer network defense (CND), as it pits the defender's strengths against the hacker's weaknesses. This presentation explains how deception operations can be designed and developed for CND. Deception processes, principles and techniques are presented. The presentation focuses on enduring principles that are of use for conducting deception operations. Applications to honeypot systems are also provided.
As the introduction to this book so aptly stated, advances in information technologies simultaneo... more As the introduction to this book so aptly stated, advances in information technologies simultaneously empower and imperil those who use them. They empower by facilitating communications and the flow of information; they emperil by introducing new vulnerabilities and targets of attack. Information strategy has to adapt to both of these effects, exploiting and leveraging the enabling technologies while protecting against threats to the very same technologies we come to rely upon. In this chapter I address the latter -the defensive side of information strategy as it applies to computer and networking technologies. Computer networks have become the target of an ever increasing number of hackers, criminals, spies, and others who have found advantage in exploiting and damaging them. These actors penetrate computer networks in order to steal, degrade, and destroy information and information systems. They launch computer viruses and worms, conduct denial-of-service attacks, vandalize websites, and extort money from victims. The effects have been costly: businesses disrupted or closed, military systems disabled, emergency and banking services suspended, transportation delayed, military and trade secrets compromised, and identity theft and credit card fraud perpetrated around the globe. The potential consequences of cyber attacks will only get worse as our use of and reliance on information technologies increase. Denning / p. 1
Corporate Hacking and Technology-Driven Crime, 2011
This chapter examines the emergence of social networks of non-state warriors launching cyber atta... more This chapter examines the emergence of social networks of non-state warriors launching cyber attacks for social and political reasons. It examines the origin and nature of these networks; their objectives, targets, tactics, and use of online forums; and their relationship, if any, to their governments. General concepts are illustrated with case studies drawn from operations by Strano Net, the Electronic Disturbance Theater, the Electrohippies, and other networks of cyber activists; electronic jihad as practiced by those affiliated with al-Qa’ida and the global jihadist movement associated with it; and operations by patriotic hackers from China, Russia, and elsewhere.
The Global Flow of Information, 2011
Information flows through a global environment characterized by conflict and competition. one par... more Information flows through a global environment characterized by conflict and competition. one party wants a flow to occur; another wants to block it. To illustrate: Users want to freely exchange information, while governments and businesses seek to block information harmful to their interests. Spies try to infiltrate the networks of their adversaries and competitors to gather intelligence, while their targets employ security mechanisms to prevent network exploitation and attack. hackers and identity thieves send e-mails loaded with viruses and other forms of malicious software, while users employ antiviral tools to block the same. conflicts over information flow are at the heart of information operations and warfare, to include cyberwarfare, cybercrime, and cyber conflict in general. one party sends packets or streams of information that aim to attack, exploit, or influence a target, while the opponent employs measures to stop the flows. The cyber assault against estonia in 2007, for example, was launched by patriotic Russian hackers who were incensed by the relocation of a Soviet-era war memorial in estonia's capital, Tallinn. To express their outrage, they flooded select estonian web sites with internet packets, exploiting at least one "botnet" of compromised computers to create a massive amount of traffic. Their distributed denialof-service (ddoS) attack shut down the sites until the estonians could effectively block the traffic and the hackers backed off. Russian hackers launched similar attacks against georgian web sites in 2008, this time in
Cyberwarfare
IEEE Security & Privacy Magazine, 2011
ABSTRACT This special issue on cyberwarfare concerns the use of cyberattacks as an instrument of ... more ABSTRACT This special issue on cyberwarfare concerns the use of cyberattacks as an instrument of warfare. The four papers selected for the issue address topics relating to the use of cybermilitias in cyberwarfare, policy and legal issues concerning state use of cybercapabilities, military principles for conducting cyberwarfare, and strategic deterrence of cyberattacks against national infrastructure.
The case for Clipper
Technology Review, 1995
Google, Inc. (search). ...
Communications of the ACM, 1993
L3 L1(RK) L2(L1(RK)) RK L2(L1(RK)) L1(RK) RK U3 U2 U1 (L2(L1(RK))) Valid times Receive location L... more L3 L1(RK) L2(L1(RK)) RK L2(L1(RK)) L1(RK) RK U3 U2 U1 (L2(L1(RK))) Valid times Receive location L3 Key ID Secure times Secure position Key ID Secure times Secure position Key ID Secure times Secure position Innovation L1(RK) L2(L1(RK)) RK Key ID Valid times Secure position Key ID Valid times Secure position Key ID Valid times Secure position Expected location 1 Key ID Secure time L3(L2(L1(RK))) L2(L1(RK)) L1(RK) RK Expected location 2 Key ID Secure time Expected location 3 Key ID Secure time
Uploads
Papers by Dorothy Denning