About Us

Publications

Shelby Evans
Richard Feiertag
Carol Muehrcke
O. Sami Saydjari
Dan Thomsen

Shelby Evans Publications

S. Evans, D. Heinbuch, E. Kyle, J. Piorkowski, and J. Wallner, "Risk-Based Systems Security Engineering: Stopping Attacks with Intention," IEEE Security & Privacy, Nov. 2004, pp. 32-35.
S. Evans and J. Wallner, "Risk-Based Security Engineering through the Eyes of the Adversary," Proc. IEEE Workshop on Information Assurance, June 2005.

Richard Feiertag Publications

Richard Feiertag, Jaisook Rho, Timothy Redmond,Policy, "Policy Migration in Large Agent-Based Systems," Proceedings 5th International Conference Integration of Knowledge Intensive Multi-Agent Systems KIMAS'05: Modeling, Evolution and Engineering, Waltham, MA, 2005.
R. Feiertag, J. Rho, S. Rosset , "Using Security Mechanisms in Cougaar," Proceedings Open Cougaar Conference, New York, NY, 2004.
Peter G. Neumann, Richard J. Feiertag, "PSOS Revisited," Proceedings 19th Annual Computer Security Applications Conference (ACSAC '03), 2003.
Richard Feiertag, Sue Rho, Lee Benzinger, Stephen Wu, Timothy Redmond, Cui Zhang, Karl Levitt, Dave Peticolas, Mark Heckman, Stuart Staniford-Chen, and Joey McAlerney, "Intrusion Detection Inter-component Adaptive Negotiation," Computer Networks 34 (2000) 605-621.
R. Feiertag, T. Redmond, S. Rho, "A Framework for Building Composable Replaceable Security Services", Proceedings of DARPA Information Survivability Conference and Exposition (DISCEX'00), 2000.
R. Thomas and R. Feiertag, "Addressing Survivability in the Composable Replaceable Security Services Infrastructure", Procedings of the Second Information Survivability Workshop, Orlando, Florida, October 28-30, 1998, IEEE Computer Society.
E.J. Sebes and R.J. Feiertag, "Trusted Distributed Computing: Using Untrusted Network Software," 14th National Computer Security Conference, Washington, D.C., October 1991.
E.J. Sebes and R.J. Feiertag, "Implicit Discretionary Access Propagation: A New Interpretation of DAC," The Computer Security Foundations Workshop IV, Franconia, New Hampshire, June 1991.
N.L. Kelem and R.J. Feiertag, "A Separation Model for Virtual Machine Monitors," 1991 IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, California, May 1991.
R.J. Feiertag, "Trusted CASE for Trusted Systems," Fourth Aerospace Computer Security Applications Conference, Orlando, Florida, December 1988.
R.J. Feiertag, "A Review of Formal Methods as Applied to Ada," Tutorial, SIGAda Summer '87, Seattle, WA, August 1987.
R.M. Wong, T.A. Berson, R.J. Feiertag, "Polonius: An Identity Authentication System," Proceedings of the 1985 Symposium on Security and Privacy, Oakland, CA, April 1985.
R.K. Bauer, T.A. Berson, R.J. Feiertag, "A Key Distribution Protocol Using Event Markers," pp. 249-255, ACM Transactions on Computer Systems (TOCS), Volume 1, Number 3, August 1983.
T.A. Berson, R.J. Feiertag, and R.K. Bauer, "Processor-per-Domain Guard Architecture," Proceedings of the 1983 Symposium on Security and Privacy, Oakland, CA, April 1983.
R.J. Feiertag, "How Can We Build Reliably Secure Systems?," Workshop on Computer Security for the Commercial World, Lake Arrowhead, CA, September 1981.
R.J. Feiertag, "Protection Issues in Distributed Environments," DoE Computer Security Conference, Boise, ID, June 1981.
R.J. Feiertag and T. Berson, "An Avenue of Exploitation and Development for Verification Technology," Second Verification Workshop, Gaithersberg, MD, April 1981.
P.G. Neumann, R.S. Boyer, R.J. Feiertag, K.N. Levitt, and L. Robinson, "A Provably Secure Operating System: The System, its Applications, and Proofs," CSL-116, SRI International, Menlo Park, CA, May 1980.
R.J. Feiertag, "Automated Proof of Multilevel Security," First Verification Workshop, Menlo Park, CA, April 1980.
R. J. Feiertag, "A Technique for Proving Specifications are Multilevel Secure," CSL-109, SRI International, Menlo Park, January 1980.
R.J. Feiertag and P.G. Neumann, "The Foundations of a Provably Secure Operating System (PSOS)," National Computing Conference, New York, NY, June 1979.
R.J. Feiertag, "A Formal Technique for Designing Secure Communications Systems," National Telecommunications Conference, Birmingham, AL, December 1978.
R.J. Feiertag, K.N. Levitt, and L. Robinson, "Proving Multilevel Security of a System Design," Proceedings of the Sixth Symposium on Operating Systems Principles, West Lafayette, IN, November 1977.
P.G. Neumann, R.J. Feiertag, K.N. Levitt, and L. Robinson, "Software Development and Proofs of Multi-Level Security," Second International Conference on Software Engineering, San Francisco, CA, October 1976.
R.J. Feiertag, E.I. Organick, "The MULTICS Input/Output System," pp. 35-41, Proceedings of the Third Symposium on Operating System Principles, October 1971, Stanford University, Palo Alto, California, USA, Operating System Review 6(1-2), June 1972, ACM, New York.

Carol Muehrcke Publications

C. Muehrcke, "Formal Methods for the Informal World," Proceedings IEEE Computer Security Foundations Workshop VII, 1994, pp. 36-45.

O. Sami Saydjari Publications

O. Sami Saydjari, Information Assurance Forecast 2005, IEEE Security and Privacy, v4, n.1, pp64-71

O. Sami Saydjari. Multilevel Security: Reprise. IEEE Security and Privacy, v.2 n.5. pp. 64-67.

O. Sami Saydjari, Cyber Defense: Art to Science, Communications of the ACM, v.47, n.3, pp52-57. 2004

"LOCK: An Historical Perspective," ACSAC, Dec 02
"Defending Cyberspace," Computer, p 125, Dec 02
"Cyberwar Strategy and Tactics," Proceedings of the 2002 IEEE Workshop on Information Assurance, U.S. Military Academy, June 02
"The Role of Game Theory in Information Warfare," Fourth Information Survivability Workshop, Mar 02
"Challenges in Applying Game Theory to the Domain of Information Warfare", Fourth Information Survivability Workshop, Mar 02
"A Proactive Holistic Approach to Strategic Cyber Defense", Information Survivability Workshop 2000, Oct 2000
"Toward a Secure System Engineering Methodology," New Security Paradigms Workshop, Sep 98
"Synergy: A distributed, microkernel-based security architecture. Technical Report v 1.0, National Security Agency, Ft. George G. Meade, MD, Nov. 1993.
"Logical Analysis of Okamoto," Informal Technical Report, TECH-014-92, Mar 92
"Logical Analysis of XXXXXXX," Technical Report, TECH-002-92, Jan 92
"LOCK Trek," IEEE Proceedings on Security and Privacy, IEEE Comp. Soc, May 89
"LOCKing Computers Securely," Cryptologic Quarterly, Spring 1988
"LOCKing Computers Securely," 10th National Comp. Security Conference, Sep 87
"A Standard Notation in Computer Security Models," 9th Nat'l Comp. Sec, Sep 86
"Computer Virus Organization," Crytologic Quarterly, Fall 1986
"Computer Viruses," Cryptlogic Quarterly, Fall 1985

Dan Thomsen Publications

D. Thomsen, "Patterns in Security Enforcement Policy Development," SPattern '07 First International Workshop on Secure Systems Methodologies Using Patterns, DEXA '07, Regensburg Germany, pp. 744-748, September 2007.
D. Thomsen, "Centrally Managed Network Security: Hope or Reality?" SC Infosec - Opinionwire,http://www.infosecnews.com/opinion/2002/11/20_02.htm, November 18, 2002.
D. Thomsen, R. C. O'Brien "Layered Security Policy Management Using Napoleon" MilCom 2000, pp. 134-142, October 2000.
C. Payne, D. Thomsen, J. Bogle, R. C. O'Brien "NAPOLEON: A recipe for workflow" Proceedings of the Fifteenth Annual Computer Security Applications Conference, pp. 145-152, December 1999.
D. Thomsen, R. C. O'Brien, C. Payne. "Napoleon, Network Application Policy Environment," Fourth ACM RBAC Workshop, pp. 145-152, October 1999.
D. Thomsen, R. C. O'Brien, J. Bogle. "Role Based Access Control Framework for Network Enterprises," Proceedings of the 14th Annual Computer Security Applications Conference, pp. 50-58, December 1998.
D. Thomsen and M. Denz. "Incremental Assurance for Multilevel Applications" Proceedings of the 13th Annual Computer Security Applications Conference, pp. 81-88, December 1997.
D. Thomsen, "TRANSMAT - Transactions for Multilevel Applications," Proceedings of the 20th National Information Systems Security Conference, pp. 555 - 564, October 1997.
D. Thomsen, "A New Security Model for Networks and the Internet", Internet and Internetworking Security, pp. 231-237, Auerbach, Boston 1997.
D. Thomsen. "Protecting and Sharing Database Information" Proceedings of the Rome Lab Workshop in Concord Massachusetts, November 1996.
D. Thomsen and T. Tiemens, "Java Security," Java Unleashed, Sams.net, pp. 735-770, January 1996.
D. Thomsen and W. Schwartau, "Is Your Network Secure?" BYTE Magazine, pp. 155-156, January 1996.
Tom Haigh, R. C. O'Brien and Dan Thomsen. "High Assurance MLS Database Applications," Proceedings of the AFCEA, pp. ?-? 1996.
D. Thomsen. "Implementation Experiences and Prospects: LOCK DBMS Lessons Learned" Proceedings of the Tenth Annual IFIP WG 11.3 Working Conference on Database Security, pp. 221-222 July 1996.
D. Thomsen, "Sidewinder: Combining Type Enforcement and UNIX," Proceedings of the 11th Annual Computer Security Applications Conference, pp. 14-20, December 1995.
D. Thomsen, "Sidewinder: Enhanced Security for a Unix Firewall, Proceedings of Computers and the Law II, Sun Users Group, pp. 273-283, November 1995.
D. Thomsen, "Type Enforcement: The New Security Model," Proceedings SPIE - The International Society for Optical Engineering, Vol. 2617, pp. 143-150, October 1995.
D. Thomsen, "IP spoofing and session hijacking," Network Security, pp. 6-11, March 1995.
D. Thomsen, The Sidewinder Challenge - Results So Far", Electronic Cipher IEEE Security and Privacy Newsletter, May 30, 1995
D. Thomsen, R. C. O'Brien, and Tom Haigh "LOCK DBMS: Integrating Type Enforcement" Research Directions in Database Security VI", RL-TR-95-171, pp. 69-72, September 1995.
D. Thomsen, "Integrity Issues in Secure Systems," May 1991, Master Thesis, University of Minnesota.
D. Thomsen, "Role Based Application Design and Enforcement," Database Security, IV Status and Prospects, edited by S. Jajodia and C.E. Landwehr, pp. 151-168, North Holland, New York 1991.
J.T. Haigh, R. C. O'Brien and D.J. Thomsen, "The LDV Secure Relational DBMS Model," Database Security, IV Status and Prospects, edited by S. Jajodia and C.E. Landwehr, pp. 265-279, North Holland, New York 1991.
D. Thomsen, "A Comparison of Type Enforcement and Unix Setuid," Proceedings of the 6th Annual Computer Security Applications Conference, pp. 304-312, December 1990.
W. T. Tsai, T. F. Keefe, M. B. Thuraisingham, and D. J. Thomsen "AI Applications in Multilevel Database Security," Computer Security Journal, Volume 6, Number 1, November 1990.
D. J. Thomsen, W. T. Tsai, and M. B. Thuraisingham, "Prototyping to Explore MLS/DBMS Design," Computers & Security, Volume 8, Number 3, 1989.
D. J. Thomsen, W. T. Tsai, and M. B. Thuraisingham, "Prototyping As a Research Tool for MLS/DBMS," Database Security II: Status and Prospects, Edited by C.E. Landwehr, North Holland, 1989.
T.F. Keefe, D.J. Thomsen, W.T. Tsai and M.R. Hansch, "Multi-Party Update Conflict: The Problem and Its Solutions," Proceedings of the 5th Annual Computer Security Applications Conference, pp. 222-231, December 1989.