R. Hörmanseder

Mobile agent security based on payment

Mobile agents are autonomous entities that handle tasks for their owner. Agents act on their own by reacting to changes and by planning their course of action. These agents can move from one server to another. In the future, agents will also be supplied with real money in some form to pay for resources or services.In this paper we discuss a dynamic security architecture, in which permissions are assigned in exchange for information (money). The decision as to which permissions are available, as well as how much they cost, is based on the source of the code, the owner/user of the code and what other information the agent is willing (or able) to provide.We discuss the advantages and limitations of assessing permissions in monetary terms, rather than binary granting or denial of permissions according to pre-set classes. A test-framework has been implemented using Java.

Managing Windows NT®file system permissions A security tool to master the complexity of Microsoft Windows NT®file system permissions

One of the main tasks of an operating system is to share global resources among multiple users. Additionally, modern operating systems are able to control access to these resources in order to protect them against unauthorised user access. Windows NT makes use of access control lists (ACLs) to implement this feature. An ACL is a list of users and their permissions to access a specific object. It can be associated with any globally accessible object such as files, folders, registry keys, processes, pipe-endpoints and many others. However, the standard tools of Windows NT have limited functionality for managing these object permissions. For example, Windows NT only supports an object-centred view of these permissions. That means you can view and manipulate the permissions per object, but not per user. The subject of this paper is the realization of a user-centred visualization of object permissions. An application has been developed in the course of this project. It deploys several strategies for producing concise and clear representations of the permissions of a single user. An archive function maintains a history and you can therefore compare security settings from different times.

Modular design for on-line protection and observation programs

This paper presents a design concept for on-line protection and observation programs under the Microsoft DOS operating system. In contrast to other solutions, the design makes the protection system scaleable to the actual hardware environment and the users current requirements, so the full version of the program need not be installed. To save memory space, especially in the cramped area below the 1 MB limit, the user need only install the components necessary in the current configuration. Besides saving memory, this design forces modularity and eases portability. The design concept and its advantages are outlined using on-line virus protection software as an example. These protection and observation systems draw the users attention to circumstances indicating virus reproduction and virus activities.

Programming the MS-DOS shell: organizing data and programs consistently

Abstract This paper is concerned with programming the Microsoft DOS 3.x-shell, in particular the use of DOS commands to achieve a structured and consistent organization of data files and programs. We discuss several aspects and give practical hints which a user should consider if he has to reconfigure his system, or if he must transfer DOS software to other DOS systems with a different organization of hard disks. The need for restructuring the file system may also occur if one has two hard disks and for technical reasons one is out of order temporarily. We also give several recommendations for how the file system should be organized, in particular when casual and inexperienced users are to use the system.

Managing data flow in a DAC supporting security system

The most frequently used operating systems with integrated security features (like Unix, Windows NT) use a security approach that is based on discretionary access control (DAC). DAC does not deal with data-flow, but access rights, which are assigned to subjects or objects. A subject is granted or denied access to an object based on its identity and assigned rights. In this paper, we present a method for finding all allowed data-flow paths within an arbitrary computer network that has a DAC-based security system. Of course, the organisation, from the point of view of the management, determines what is allowed and what is not allowed. So the organisational environment in which the computer network is integrated has to be considered. The DAC-based security system has to fulfil the requirements of the organisation. The computer network is modelled as a graph. Each node represents a resource and may have assigned to it some users together with their access rights for this resource. Each edge represents possible data-flow between the nodes it connects. Network resources as well as users also belong to the organisational model. This model is also described by a graph. It consists of labelled edges describing the hierarchical relationship between the connected nodes. Nodes in this model stand for organisational units. The model of the computer network and the model of proposed data-flow in the organisation can be compared with each other. Such a comparison highlights any inconsistencies between the two models. This allows us to improve the security setup--either by adjusting the configuration until the needs of the organisation are met or by implementing some organisational guidelines to overcome the problems. The proposed method is supported by a security tool named SecSim1 (Security Simulator Version 1). This tool supports the data input for the two models and also performs the comparison. It thus serves as a proof of our proposed concept.

A configuration recommendation for DOS and OS/2

Abstract This paper is concerned with programming the shell of MS-DOS and O S 2 to get a consistent program organization on several computers. This recommendation, originated from a university department environment, does not fix the directory structure but tries to give a ‘common view’ by definition of a configuration utility program.

A modula-2 supervisor for multitasking with MS-DOS

Abstract One of the disadvantages of Microsofts disk operating system MS-DOSTM is its restriction to only one process running at a time. Consequently the integration of standard application programs to more complex application systems is rather limited. This paper shows how to use Modula-2 for integrating several standard MS-DOS applications. To perform this task, a Modula supervisor program implements a shell between application, MS-DOS operating system and BIOS (basic input output system). This shell provides all services needed for loading and executing programs as concurrent processes as well as a communication environment for these processes.

Connecting an IBM enhanced graphics adapter (EGA) to a video projector (Sony VPH-772QM/VPH-1020QM)

Abstract A single terminal or video monitor is very often not convenient for a computer based presentation in front of a large group. For this one can use video projectors (beamers) or LCD screens in combination with overhead projectors. Since computer video ‘standards’ and projector inputs often do not fit together, it is necessary to find an interface which is not too expensive. This report shows how we adapted Sony beamers (type VPH-722QM and VPH-1020QM) to work with an IBM EGA. We achieved this without internal modifications of the beamer or display adapter.