Jeremy L. Jacob

The role-based access control system of a European bank: a case study and discussion

Research in the area of role-based access control has made fast progress over the last few years. However, little has been done to identify and describe existing role-based access control systems within large organisations. This paper describes the access control system of a major European Bank. An overview of the systems structure, its administration and existing control principles constraining the administration is given. In addition, we provide an answer to a key question - the ratio of the number of roles to the system user population - which was raised in the recent RBAC2000 Workshop. Having described certain weaknesses of the Banks system, the case study is extended to a comparison between the system and the RBAC96 models. In particular the issues of inheritance and grouping are addressed.

The design of s-boxes by simulated annealing

Substitution boxes (S-boxes) are important components in many modern-day symmetric key ciphers. Their study has attracted a great deal of attention over many years. The emergence of a variety of cryptosystem attacks has shown that substitutions must be designed with great care. Some general criteria such as high non-linearity and low autocorrelation have been proposed (providing some protection against attacks such as linear cryptanalysis and differential cryptanalysis). The design of appropriate S-boxes is a difficult task; several criteria must be traded off and the design space is huge. There has been little application of evolutionary search to the development of S-boxes. In this paper we show how a cost function that has found excellent single-out put Boolean functions can be generalised to provide improved results for small S-boxes.

On the derivation of secure components

The author discusses the problems in deriving a system from its specification when that specification includes simple trace-based information-flow security properties as well as safety properties. He presents two fundamental theorems of information-flow security which describe the inherent difficulties of deriving secure implementations and considers the implications of these results. It is concluded that it is dangerous to extrapolate from success in the case of two to the case of many. Results proved about systems with just low- and high-access users may not extend easily to full lattices.<<ETX>>

Evolving Boolean Functions Satisfying Multiple Criteria

Many desirable properties have been identified for Boolean functions with cryptographic applications. Obtaining optimal tradeoffs among such properties is hard. In this paper we show how simulated annealing, a search technique inspired by the cooling processes of molten metals, can be used to derive functions with profiles of cryptographically-relevant properties as yet unachieved by any other technique.

Protocols are programs too: the meta-heuristic search for security protocols

Abstract Protocol security is important. So are efficiency and cost. This paper provides an early framework for handling such aspects in a uniform way based on combinatorial optimisation techniques. The belief logic of Burrows, Abadi and Needham (BAN logic) is viewed as both a specification and proof system and as a ‘protocol programming language’. The paper shows how simulated annealing and genetic algorithms can be used to generate correct and efficient BAN protocols. It also investigates the use of parsimonious and redundant representations.

Two-Stage Optimisation in the Design of Boolean Functions

This paper shows how suitable choice of cost function can significantly affect the power of optimisation methods for the synthesising of Boolean functions. In particular we show how simulated annealing, coupled with a new cost function motivated by Parseval’s Theorem, can be used to drive the search into areas of design from which traditional techniques, such as hill-climbing, can find then find excellent solutions.

On the security of recent protocols

Hwang and Chen examined the SLICE/AS authentification protocol and found two attacks. Again they describe a modification to the protocol. Unfortunately, the protocol is still flowed, and the flaw is independent of the encryption mechanism. We discuss this in Section 3. The notation we use for describing protocols is that which is standard in the literature.

Searching for resource-efficient programs: low-power pseudorandom number generators

Non-functional properties of software, such as power consumption and memory usage, are important factors in designing software for resource-constrained platforms. This is an area where Search-Based Software Engineering has yet to be applied, and this paper investigates the potential of using Genetic Programming and Multi-Objective Optimisation as key tools in satisfying non-functional requirements. We outline the benefits of such an approach and give an example application of evolving pseudorandom number generators and performing power-functionality trade-offs.

Basic Theorems about Security

We build a mathematical structure in which we can ask questions about the methods for achieving security properties, such as confidentiality and integrity, and functionality properties, such as safety and liveness. The structure allows us to consider many different choices for the meaning of “confidentiality” and “integrity” and so on, and to compare and contrast security properties with functionality properties.

Almost Boolean Functions: The Design of Boolean Functions by Spectral Inversion

The design of Boolean functions with properties of cryptographic significance is a hard task. In this paper, we adopt an unorthodox approach to the design of such functions. Our search space is the set of functions that possess the required properties. It is “Boolean‐ness” that is evolved.