The safe operation of computer systems continues to be a key issue in many applications where people, environment, investment, or goodwill can be at risk. Such applications include medical, railways, power generation and distribution, road transportation, aerospace, process industries, mining, military and many others. This book represents the proceedings of the 12th International Conference on Computer Safety, Reliability and Security, held in Poznan, Poland, 27-29 October 1993. The conference reviews the state of the art, experiences and new trends in the areas of computer safety, reliability and security. It forms a platform for technology transfer between academia, industry and research institutions. In an expanding world-wide market for safe, secure and reliable computer systems SAFECOMP'93 provides an opportunity for technical developers, users, and legislators to exchange and review the experience, to consider the best technologies now available and to identify the skills and technologies required for the future. The papers were carefully selected by the International Program Com mittee of the Conference. The authors of the papers come from 16 different countries. The subjects covered include formal methods and models, safety assessment and analysis, verification and validation, testing, reliability issues and dependable software tech nology, computer languages for safety related systems, reactive systems technology, security and safety related applications. As to its wide international coverage, unique way of combining partici pants from academia, research and industry and topical coverage, SAFECOMP is outstanding among the other related events in the field."

This volume comprises a collection of papers presented at the Workshop on Information Protection, held in Moscow, Russia in December 1993. The 16 thoroughly refereed papers by internationally known scientists selected for this volume offer an exciting perspective on error control coding, cryptology, and speech compression. In the former Soviet Union, research related to information protection was often shielded from the international scientific community. Therefore, the results presented by Russian researchers and engineers at this first international workshop on this topic are of particular interest; their work defines the cutting edge of research in many areas of error control, cryptology, and speech recognition.

A series of workshops devoted to modern cryptography began in Santa Barbara,California in 1981 and was followed in 1982 by a European counterpart in Burg Feuerstein, Germany. The series has been maintained with summer meetings in Santa Barbara and spring meetings somewhere in Europe. At the 1983 meeting in Santa Barbara the International Association for Cryptologic Research was launched and it now sponsors all the meetings of the series. This volume presents the proceedings of Eurocrypt '92, held in Hungary. The papers are organized into the following parts: Secret sharing, Hash functions, Block ciphers, Stream ciphers, Public key I, Factoring, Trapdoor primes and moduli (panel report), Public key II, Pseudo-random permutation generators, Complexity theory and cryptography I, Zero-knowledge, Digital knowledge and electronic cash, Complexity theory andcryptography II, Applications, and selected papers from the rump session. Following the tradition of the series, the authors produced full papers after the meeting, in some cases with revisions.

0 e This is the proceedings of the first annual symposium of the Safety-critical Systems Club (The Watershed Media Centre, Bristol, 9-11 February 1993), which provided a forum for exploring and discussing ways of achieving safety in computer systems to be used in safety-critical industrial applications. The book is divided into three parts, which correspond with the themes of the three days of the symposium. The first - "Experience from Around Europe" - brings together information on developments in safety-critical systems outside the UK. The second - "Current" "Research" - consists of papers on large projects within the UK, which involve collaboration between academia and industry, providing techniques and methods to enhance safety. The final part - "Achieving and Evaluating Safety" - explores how methods already in use in other domains may be applied to safety, and examines the relationships between safety and other attributes such as quality and security. The papers identify the current problems and issues of interest in the field of safety-critical software-based systems, and provide valuable up-to-date material for those in both academia and industry. The academic will benefit from information about current research complimentary to his own, and the industrialist will learn of the technologies which will soon be available and where to find them.

This volume contains the proceedings of ASIACRYPT '91, the first international conference on the theory and application of cryptology to be held in the Asian area. It was held at Fujiyoshida, near Mount Fuji in Japan, in November 1991. The conference was modeled after the very successful CRYTO and EUROCRYPT series of conferences sponsored by the International Association for Cryptologic Research (IACR). The IACR and the Institute of Electronics, Information and Communication Engineers were sponsors for ASIACRYPT '91. The papers from the conference were improved and corrected for inclusion in this volume. The papers are grouped into parts on: differential cryptanalysis and DES-like cryptosystems; hashing and signature schemes; secret sharing, threshold, and authenticationcodes; block ciphers - foundations and analysis; cryptanalysis and new ciphers; proof systems and interactive protocols; public key ciphers - foundations and analysis. Also included are four invited lectures and impromptu talks from the rump session.

This volume contains a selection of refereed papers from the 1993 Canadian Workshop on Information Theory, held in Rockland, Ontario, May 30 - June 2.
The workshop provided a forum for Canadian and international researchers to gather and discuss new results in the areas of information theory, algebraic coding, digital communications, and networks.
A number of novel approaches to research problems are presented, and seminal works by several renowned experts are included in the volume.
The papers have been loosely grouped into four parts: coding and cryptography, coding and modulation of fading channels, decoding techniques, and networks and information theory.

This volume is based on a course held several times, and again in 1993, at the ESAT Laboratorium of the Department of Electrical Engineering at the Katholieke Universiteit Leuven in Belgium. These courses are intended for both researchers in computer security and cryptography and for practitioners in industry and government. The contributors of the 1991 course were invited to submit revised and updated versions of their papers for inclusion in a book. This volume is the final result; it is well- balanced between basic theory and real life applications, between mathematical background and juridical aspects, and between technical developments and standardization issues. Some of the topics are public key cryptography, hash functions, secure protocols, digital signatures, security architectures, network security, and data encryption standards (DES).

Eurocrypt is a series of open workshops on the theory and application of cryptographic techniques. These meetings have taken place in Europe every year since 1982 and are sponsored by the International Association for Cryptologic Research. Eurocrypt '93 was held in the village of Lofthus in Norway in May 1993. The call for papers resulted in 117 submissions with authors representing 27 different countries. The 36 accepted papers were selected by the program committee after a blind refereeing process. The papers are grouped into parts on authentication, public key, block ciphers, secret sharing, stream ciphers, digital signatures, protocols, hash functions, payment systems, and cryptanalysis. The volume includes 6 further rump session papers.

This volume presents the proceedings of the second European Symposium on Research in Computer Security (ESORICS 92), held in Toulouse in November 1992. The aim of this symposium is to further the progress of research in computer security by bringing together researchers in this area, by promoting the exchange of ideas with system developers, and by encouraging links with researchers in areas related to computer science, informationtheory, and artificial intelligence. The volume contains 24 papers organizedinto sections on access control, formal methods, authentication, distributed systems, database security, system architectures, and applications. ESORICS 92 was organized by AFCET (Association francaise des sciences et technologies de l'information et des syst mes) in cooperation with a large number of national and international societies and institutes.

Crypto'92 took place on August 16-20, 1992. It was the twelfth in the series of annual cryptology conferences held on the beautiful campus of the University of California, Santa Barbara. Once again, it was sponsored by the International Association for Cryptologic Research, in cooperation with the IEEE Computer Society Technical Committee on Security and Privacy. The conference ran smoothly, due to the diligent efforts of the g- eral chair, Spyros Magliveras of the University of Nebraska. One of the measures of the success of this series of conferences is represented by the ever increasing number of papers submitted. This year, there were 135 submissions to the c- ference, which represents a new record. Following the practice of recent program comm- tees, the papers received anonymous review. The program committee accepted 38 papers for presentation. In addition, there were two invited presentations, one by Miles Smid on the Digital Signature Standard, and one by Mike Fellows on presenting the concepts of cryptology to elementary-age students. These proceedings contains these 40 papers plus 3 papers that were presented at the Rump Session. I would like to thank all of the authors of the submitted papers and all of the speakers who presented papers. I would like to express my sincere appreciation to the work of the program committee: Ivan Damgard (Aarhus University, Denmark), Odd Goldreich (Technion, Israel), Burt Kaliski (RSA Data Security, USA), Joe Kilian (NEC, USA).

This book contains the proceedings of AUSCRYPT '92, an international conference on cryptologic research held on the Gold Coast, Australia, in December 1992. This is the third conference held outside the series of CRYPTO meetings held in Santa Barbara, California, each August and EUROCRYPT meetings held in European countries each northern spring. The first two were AUSCRYPT '90, held in Australia, and ASIACRYPT '91, held in Japan. The volume contains three invited papers and 44 contributed papers selected from 77 submissions. The articles cover all main topics in modern computer and communications security research.These include: - authentication - secret sharing - digital signatures - one-way hashing functions - design of block ciphers - cryptanalysis - cryptographic protocols - pseudo-random sequences and functions - public key cryptography.

"A systematic review of the structure and context of the blockchain-derived economic model... (the book) describes cryptoeconomics in connection with the game theory, behavioral economics and others in simple understandable language."-Wang Feng, founder of Linekong Interactive Group and Mars Finance, partner in Geekbang Venture Capital Blockchain technology has subverted existing perceptions and is the start of an economic revolution, called, cryptoeconomics. Blockchain is a key component of cryptoeconomics. Vlad Zamfir, a developer of Ethereum, defines this term as "a formal discipline that studies protocols that governs the production, distribution, and consumption of goods and services in a decentralized digital economy. Cryptoeconomics is a practical science that focuses on the design and characterization of these protocols". This book explains the structures of blockchain-derived economic models, their history, and their application. It uses real-world cases to illustrate the relationship between cryptoeconomics and blockchain. Blockchain technology solves trust issues. A blockchain application can restrict behavior on the blockchain through a reward and punishment system that enables consensus in an innovative way. The greatest significance of cryptoeconomics lies in guaranteeing safety, stability, activity, and order in a decentralized consensus system. Security and stability are achieved mainly by cryptographical mechanisms. Activity and order are achieved through economic mechanisms. Cryptoeconomics and Blockchain: Ignighting a New Era of Blockchain discusses the most popular consensus algorithms and optimization mechanisms. With examples explained in clear and simple terms that are easy to understand, the book also explores economic mechanisms of blockchain such as game theory and behavioral economics.

Secure message transmission is of extreme importance in today's information-based society. Stream encryption is a practically important means to this end. This monograph is devoted to a new aspect of stream ciphers, namely the stability theory of stream ciphers, with the purpose of developing bounds on complexity which can form part of the basis for a general theory of data security and of stabilizing stream-cipher systems. The approach adopted in this monograph is new. The topic is treated by introducing measure indexes on the security of stream ciphers, developing lower bounds on these indexes, and establishing connections among them. The treatment involves the stability of boolean functions, the stability of linear complexity of key streams, the period stability of key streams, and the stability of source codes. Misleading ideas about stream ciphers are exposed and new viewpoints presented. The numerous measure indexes and bounds on them that are introduced here, the approach based on spectrum techniques, andthe ten open problems presented will all be useful to the reader concerned with analyzing and designing stream ciphers for securing data.

Many commercial and defense applications require a database system that protects data of different sensitivities while still allowing users of different clearances to access the system. This book is a collection of papers covering aspects of the emerging security technology for multilevel database systems. It contains reports on such landmark systems as SeaView, LDV, ASD, Secure Sybase, the UNISYS secure distributed system, and the secure entity-relationship system GTERM. Much of the research is concerned with the relational model, although security for the entity-relationship and object-oriented models of data are also discussed. Because the field is so new, it has been extremely difficult to learn about the research going on in this area, until now. This book will be invaluable to researchers and system designers in database systems and computer security. It will also be of interest to data users and custodians who are concerned with the security of their information. This book can also be used as a text for an advanced topics course on computer security in a computer science curriculum.

This report on the state of the art and future directions of public-key cryptography is published in accordance with the terms of reference of the European Institute for System Security (EISS). The EISS was founded in 1988 by cabinet resolution of the state government of Baden-W}rttemberg and its basic task is scientific research and knowledge transfer in the field of security in telecommunications and computer and information systems. This report gives the results of an EISS workshop on public-keycryptography and contains seven chapters: an introduction, the scope of the workshop, the topics chosen, classification and description of the most prominent public-key systems, the dependence of public-key cryptography on computational number theory, mistakes and problems with public-key systems, and a projection of needs and requirements for public-key systems. It is addressed to all members of the computer science community: systems developers, researchers, decision makers, standardization committees, patent offices, and users and customers of secure computer systems.

During a short visit to Bremen in December 1989 John Rosenberg had several discussions with me about computer architecture. Although we had previously worked together for more than a decade in Australia we had not seen each other for over a year, following my move to Bremen in 1988. Meanwhile John was spending a year on study leave at the University of St. Andrews in Scotland with Professor Ron Morrison and his persistent programming research group. From our conversations it was quite clear that John was having a most fruitful time in St. Andrews and was gaining valuable new insights into the world of persistent programming. He was very keen to explore the significance of these insights for the MONADS Project, which we had been jOintly directing since the early 1980s. MONADS was not about persistent programming. In fact it had quite different origins, in the areas of software engineering and information protection. In an earlier stage of the project our ideas on these themes had led us into the world of computer architecture and even hardware deSign, in our attempts to provide an efficient base machine for our software ideas. The most important practical result of this phase of the project had been the development of the MONADS-PC, a mini computer which would be better compared with say a V tv< 11/750 than with a personal computer, despite its unfortunate name.

The 1980's saw the advent of widespread (and potentially damaging) computer virus infection of both personal computer and mainframe systems. The computer security field has been comparatively slow to react to this emerging situation. It is only over the last two years that a significant body of knowledge on the operation, likely evolution and prevention of computer viruses has developed. A Pathology of Computer Viruses gives a detailed overview of the history of the computer virus and an in-depth technical review of the principles of computer virus and worm operation under DOS, Mac, UNIX and DEC operating systems. David Ferbrache considers the possible extension of the threat to the mainframe systems environment and suggests how the threat can be effectively combatted using an antiviral management plan. The author addresses the latest developments in "stealth" virus operations, specifically the trend for virus authors to adopt extensive camouflage and concealment techniques, which allow viruses to evade both existing anti-viral software and to avoid detection by direct observation of machine behaviour. A Pathology of Computer Viruses addresses a distinct need - that of the computer specialist and professional who needs a source reference work detailing all aspects of the computer virus threat.

This title discusses theoretical frameworks, recent research findings and practical applications which will benefit researchers and students in electrical engineering and information technology, as well as professionals working in digital audio.

It is our pleasure to thank dl those uho contributed to nial\ing thew proceeding\ possible: the authors. progriimme committee. organihing committee, I4C.K otticfrh and directors, and all the attendees. We were all deeplq saddened nhen ne lemied th,it Tore Ilerle~tam. J member 01 the programme committee, had died unexpsctedl\ Thi\ olunie I\ dedicated to liim Amsterdum, the Netherlirnds London, Englund Junuur,, 1988 __~ ...~~~. ~ ~ ~ I. Advances in C'r>ptolog?: .A Report on C'RY t'TO Si. Allen Cirr\lio. k.d. L 04. Department of P.lectrica1 and ('omputcr Engineering, S'iiita Harhara 2. C'ryptography: Proceeding\. Burg keusrwiii lYX2 (I.ecturr biotr5 in C'omptitcr Scicncr: 149). I li- mas Beth, Ed. Springer-Verlag. 1983. 3. Advanccs in C'rytology: Proceedings cif C'KY'PTO S2, I),]\ id ('hauin. Ronald L KiLcsi. and Al~n I Sherman. Eds. Plenum NY. 1YX3. 4. Advances in C'ryptology: Proceeding5 of C'K)'f)l.O S3. D;i\id ('hiiuni, kd. I'Icnuiii XY. IY84. IV ~~~ ~ ~~~_.______ 5 4dbances in Crqptolog>: Proceeding, of C'RYP'TO X4 (Lecture Notes in Computer Science: 196). G.R. Blakley and Ua\ id ('haurn. Eda. Springer-Verlag, 19x5. 6. .Advances in CTptology: Proceeding\ of C'RYPTO X5 (Lecture Notes in C'oiiiputer Sc~encc: 2 IX). tlugh C. Williams. Ed. Springer-Vrrl:ig. 1986. 7. Advances in Cqptologq : Proceedings of C'RYP10 80 (Lecture h'cite\ in C'ornputer Scwncc: 263). A.hl Odlyzko. td. Springer-Verlag. 1987. 8. No proceedings were published for ECROCRYP7 X3. which w:i\ held in Udiiie Ital?.

The storage, routing and transmission of information, either in the form of digital data or of analog signals, plays a central role in modern society. To ensure that such information is protected from access by unauthorized persons is an important new challenge. The development of the theory and practical techniques needed to meet this challenge is the goal of current cryptological research. This research is highly varied and multidisciplinary. It is concerned with fundamental problems in mathematics and theoretical computer science as well as with the engineering aspects of complex information systems. Cryptology today ranks among the most active and interesting areas of research in both science and engineering. EUROCRYPT '85 maintained the tradition of the three previous workshops in this series (Paris 1984, Udine 1983, Burg Feuerstein 1982) with its emphasis on recent developments in cryptology, but also made a concerted effort to encompass more traditional topics in cryptology such as shift register theory and system theory. The many papers on these topics in this volume are witness to the success of this effort.

Der Arbeitskreis "Datenschutz und Datensicherung" des Prasidiums der Gesellschaft fur In- formatik sieht es als seine Aufgabe an, Probleme des Datenschutzes und der Datensicherung aus der Sicht der Informatik zu behandeln. Er hat in diesem Rahmen grundsatzliche Aus- sagen zu diesen Themen unter besonderer Berucksichtigung der sich rasch entwickelnden In- formationstechnologien erarbeitet und zu Entwurfen fur Anderungen des Bundesdatenschutz- gesetzes Stellung genommen. Aus dieser Tatigkeit heraus entstand der Plan zur Durchfuh- rung einer Fachtagung mit dem Thema "Datenschutz und Datensicherung im Wandel der Informationstechnologien". Diese Tagung, deren Beitrage dieser Band enthalt, findet am 30. und 31. Oktober 1985 im Rahmen der SYSTEMS 85 statt. Sie soll die Datenschutz- und Datensicherungs-Probleme, die mit den wachsenden technologischen Moglichkeiten entstehen, aus der Sicht der Informa- tionstechnik beleuchten. Sie soll Methoden, Verfahren und Hilfsmittel aufzeigen, mit denen die Datenschutz- und Datensicherungs-Probleme konstruktiv einer Losung naher gebracht werden konnen. Sie soll Anwender von Rechensystemen und Kommunikationsnetzen, Juristen und Informatiker dazu anregen, gemeinsam uber Datenschutz- und Datensicherungs-Probleme nachzudenken und miteinander Losungen dieser Probleme zu erarbeiten.

Are you serious about network security? Then check out SSH, the Secure Shell, which provides key-based authentication and transparent encryption for your network connections. It's reliable, robust, and reasonably easy to use, and both free and commercial implementations are widely available for most operating systems. While it doesn't solve every privacy and security problem, SSH eliminates several of them very effectively.

Everything you want to know about SSH is in our second edition of "SSH, The Secure Shell: The Definitive Guide," This updated book thoroughly covers the latest SSH-2 protocol for system administrators and end users interested in using this increasingly popular TCP/IP-based solution.

How does it work? Whenever data is sent to the network, SSH automatically encrypts it. When data reaches its intended recipient, SSH decrypts it. The result is "transparent" encryption-users can work normally, unaware that their communications are already encrypted. SSH supports secure file transfer between computers, secure remote logins, and a unique "tunneling" capability that adds encryption to otherwise insecure network applications. With SSH, users can freely navigate the Internet, and system administrators can secure their networks or perform remote administration.

Written for a wide, technical audience, "SSH, The Secure Shell: The Definitive Guide" covers several implementations of SSH for different operating systems and computing environments. Whether you're an individual running Linux machines at home, a corporate network administrator with thousands of users, or a PC/Mac owner who just wants a secure way to telnet or transfer files between machines, ourindispensable guide has you covered. It starts with simple installation and use of SSH, and works its way to in-depth case studies on large, sensitive computer networks.

No matter where or how you're shipping information, "SSH, The Secure Shell: The Definitive Guide" will show you how to do it securely.

"Don't look now, but your fingerprints are all over the cover of this book. Simply picking it up off the shelf to read the cover has left a trail of evidence that you were here.
"If you think book covers are bad, computers are worse. Every time you use a computer, you leave elephant-sized tracks all over it. As Dan and Wietse show, even people trying to be sneaky leave evidence all over, sometimes in surprising places.
"This book is about computer archeology. It's about finding out what might have been based on what is left behind. So pick up a tool and dig in. There's plenty to learn from these masters of computer security."
--Gary McGraw, Ph.D., CTO, Cigital, coauthor of "Exploiting Software" and "Building Secure Software"

"A wonderful book. Beyond its obvious uses, it also teaches a great deal about operating system internals."
--Steve Bellovin, coauthor of "Firewalls and Internet Security, Second Edition," and Columbia University professor

"A must-have reference book for anyone doing computer forensics. Dan and Wietse have done an excellent job of taking the guesswork out of a difficult topic."
--Brad Powell, chief security architect, Sun Microsystems, Inc.

"Farmer and Venema provide the essential guide to 'fossil' data. Not only do they clearly describe what you can find during a forensic investigation, they also provide research found nowhere else about how long data remains on disk and in memory. If you ever expect to look at an exploited system, I highly recommend reading this book."
--Rik Farrow, Consultant, author of "Internet Security for Home and Office"

"Farmer and Venema do for digital archaeology what Indiana Jones did for historicalarchaeology. "Forensic Discovery" unearths hidden treasures in enlightening and entertaining ways, showing how a time-centric approach to computer forensics reveals even the cleverest intruder."
--Richard Bejtlich, technical director, ManTech CFIA, and author of "The Tao of Network Security Monitoring"

"Farmer and Venema are 'hackers' of the old school: They delight in understanding computers at every level and finding new ways to apply existing information and tools to the solution of complex problems."
--Muffy Barkocy, Senior Web Developer, Shopping.com

"This book presents digital forensics from a unique perspective because it examines the systems that create digital evidence in addition to the techniques used to find it. I would recommend this book to anyone interested in learning more about digital evidence from UNIX systems."
--Brian Carrier, digital forensics researcher, and author of "File System Forensic Analysis"The Definitive Guide to Computer Forensics: Theory and Hands-On Practice

Computer forensics--the art and science of gathering and analyzing digital evidence, reconstructing data and attacks, and tracking perpetrators--is becoming ever more important as IT and law enforcement professionals face an epidemic in computer crime. In Forensic Discovery, two internationally recognized experts present a thorough and realistic guide to the subject.

Dan Farmer and Wietse Venema cover both theory and hands-on practice, introducing a powerful approach that can often recover evidence considered lost forever.

The authors draw on their extensive firsthand experience to cover everything from file systems, to memory and kernel hacks, to malware. They expose a widevariety of computer forensics myths that often stand in the way of success. Readers will find extensive examples from Solaris, FreeBSD, Linux, and Microsoft Windows, as well as practical guidance for writing one's own forensic tools. The authors are singularly well-qualified to write this book: They personally created some of the most popular security tools ever written, from the legendary SATAN network scanner to the powerful Coroner's Toolkit for analyzing UNIX break-ins.

After reading this book you will be able to Understand essential forensics concepts: volatility, layering, and trustGather the maximum amount of reliable evidence from a running systemRecover partially destroyed information--and make sense of itTimeline your system: understand what really happened whenUncover secret changes to everything from system utilities to kernel modulesAvoid cover-ups and evidence traps set by intrudersIdentify the digital footprints associated with suspicious activityUnderstand file systems from a forensic analyst's point of viewAnalyze malware--without giving it a chance to escapeCapture and examine the contents of main memory on running systems Walk through the unraveling of an intrusion, one step at a time

The book's companion Web site contains complete source and binary code for open source software discussed in the book, plus additional computer forensics case studies and resource links.