Anomaly-based worm detection is a complement to existing signature-based worm detectors. It detects unknown worms and fills the gap between when a worm is propagated and when a signature is generated and downloaded to a signature-based worm detector. A major obstacle for its deployment to personal computers (PCs) is its high false positive alarms since a typical PC user lacks the skill to handle exceptions flagged by a detector without much knowledge of computers. In this paper, we exploit the feature of personal computers in which the user interacts with many running programs and the features combining various network characteristics. The model of a program's network behaviors is conditioned on the human interactions with the program. Our scheme automates detection of unknown worms with dramatically reduced false positive alarms while not compromising low false negatives, as proved by our experimental results from an implementation on Windows-based PCs to detect real world worms.

Access control involves a check to see if a user has an access right to a resource and then a decision is made as to whether his/her access to the resource is to be allowed or denied. Typical access control models are the Discretionary Access Control Model, the Mandatory Access Control Model, and the Role-Based Access Control Model. Today, the Role-Based Access Control Model has become popular and is recognized as an effective method. However, until now, the Role-Based Access Control Model was adequate only for bureaucracy organizations, in which some roles are standardized and organizational hierarchy is stable. Team-Based Access Control models that were designed for team-based organizations have been proposed, but they do not reflect some features of an adhocracy organization, which are organic, temporary, not standardized, changeable, and obscure in terms of hierarchical relationship, such as a Task Force Team in the company. This study shows the characteristics of an adhocracy organization that differ from the existing bureaucracy organization, and then shows why existing access control models have caused some problems. Finally, a revised Role-Based Access Control model is proposed to solve those problems and is analyzed according to main evaluation standards.

We have devised a polynomial time algorithm to decide the security of cryptographic protocols formally under certain conditions, and implemented the algorithm on a computer as a supporting system for deciding the security. In this paper, a useful approach is presented to decide security problems which do not satisfy some of the above-mentioned conditions by using the system. For its application, we consider a basic security problem of Kerberos protocol, whether or not an enemy can obtain the session key between a client and a server by using any information not protected in communication channels and using any operation not prohibited in the system. It is shown that Kerberos is secure for this problem.

It is difficult to decide whether or not a given cryptographic protocol is secure even though the cryptographic algorithm used for the protocol is assumed to be secure. We have proposed an algorithm to decide the security of cryptographic protocols under several conditions. In this paper, we review our algorithm and report a system to verify the security. The system has be implemented on a computer. By using this system, we have verified the security of several protocols efficiently.