Enabling the Internet White Pages Service -- the Directory Guardian

The Internet White Pages Service (IWPS) has been slow to materialise for many reasons. One of them is the security concerns that organisations have, over allowing the public to gain access to either their Intranet or their directory database. The Directory Guardian is a firewall application proxy for X.500 and LDAP protocols that is designed to alleviate these fears. Sitting in the firewall system, it filters directory protocol messages passing into and out of the Intranet, allowing security administrators to carefully control the amount of directory information that is released to the outside world. This paper describes the design of our Guardian system, and shows how relatively easy it is to configure its filtering capabilities. Finally the paper describes the working demonstration of the Guardian that was built for the 1997 World Electronic Messaging Association directory challenge. This linked the WEMA directory to the NameFLOWParadise Internet directory, and demonstrated some of the powerful filtering capabilities of the Guardian

Providing secure remote access to legacy applications

While the widespread adoption of Internet and Intranet technology has been one of the exciting developments of recent years, many hospitals are finding that their data and legacy applications do not naturally fit into the new methods of dissemination. Existing applications often rely on isolation or trusted networks for their access control or security, whereas untrusted wide area networks pay little attention to the authenticity, integrity or confidentiality of the data they transport. Many hospitals do not have the resources to develop new ''network-ready'' versions of existing centralised applications. In this paper, we examine the issues that must be considered when providing network access to an existing health care application, and we describe how we have implemented the proposed solution in one healthcare application namely the diabetic register at Hope Hospital. We describe the architecture that allows remote access to the legacy application, providing it with encrypted communications and strongly authenticated access control but without requiring any modifications to the underlying application. As well as comparing alternative ways of implementing such a system, we also consider issues relating to usability and manageability, such as password management

Merging and Extending the PGP and PEM Trust Models - the ICE-TEL Trust Model

The ICE-TEL project is a pan-European project that is building an Internet X.509 based certification infrastructure throughout Europe, plus several secure applications that will use it. This paper describes the trust model that is being implemented by the project. A trust model specifies the means by which a user may build trust in the assertion that a remote user is really who he purports to be (authentication) and that he does in fact have a right to access the service or information that he is requesting (authorization). The ICE-TEL trust model is based on a merging of and extensions to the existing Pretty Good Privacy (PGP) web of trust and Privacy Enhanced Mail (PEM) hierarchy of trust models, and is called a web of hierarchies trust model. The web of hierarchies model has significant advantages over both of the previous models, and these are highlighted here. The paper further describes the way that the trust model is enforced through some of the new extensions in the X.509 V3 certificates, and gives examples of its use in different scenarios

Initial Experiences of Building Secure Access to Patient Confidential Data via the Internet

A project to enable health care professionals (GPs, practice nurses and diabetes nurse specialists) to access, via the Internet, confidential patient data held on a secondary care (hospital) diabetes information system, has been implemented. We describe the application that we chose to distribute (a diabetes register); the security mechanisms we used to protect the data (a public key infrastructure with strong encryption and digitally signed messages, plus a firewall); the reasons for the implementation decisions we made; the validation testing that we performed and the preliminary results of the pilot implementation

Advanced Security Infrastructures for Grid Education

This paper describes the research conducted into advanced authorization infrastructures at the National e-Science Centre (NeSC) at the University of Glasgow and their application to support a teaching environment as part of the Dynamic Virtual Organisations in e-Science Education (DyVOSE) project. We outline the lessons learnt in teaching Grid computing and rolling out the associated security authorisation infrastructures, and describe our plans for a future, extended security infrastructure for dynamic establishment of inter-institutional virtual organisations (VO) in the education domain

Coping with Poorly Understood Domains: the Example of Internet Trust

The notion of trust, as required for secure operations over the Internet, is important for ascertaining the source of received messages. How can we measure the degree of trust in authenticating the source? Knowledge in the domain is not established, so knowledge engineering becomes knowledge generation rather than mere acquisition. Special techniques are required, and special features of KBS software become more important than in conventional domains. This paper generalizes from experience with Internet trust to discuss some techniques and software features that are important for poorly understood domains

The 1000 GeV gamma rays from ms pulsars

The detection of 1000 GeV gamma-rays with the characteristic 6.1 ms periodicity of the radio pulsar PSR 1953 +29 is reported. This result, significant at the 5.4 beta level, provides the first direct evidence for the association of the 6 ms radio pulsar PSR1953+29 with the gamma-ray source 2CG065+0. Extensive observations of the 1.5 ms pulsar PSR 1937 are also reported

The 1000 GeV gamma ray emission from radio pulsars

Radio pulsars have concentrated on long observations of the Crab pulsar and showed that it emits short intense bursts and a persistent weak periodic flux at gamma-ray energies 1000 GeV. It was shown that the light curve of the persistent emission was dominated by a single peak, coincident with the position of the radio and low energy gamma-ray main pulse. The results of a more detailed analysis of the structure of this main pulse are reported following an appraisal of the timing system. It is shown that at energies 1000 GeV the duration of the main pulse is not greater than 0.4 ms, which is less than that seen at all frequencies other than radio. Flux limits for the emission of 1000 GeV gamma-rays by seven other radio pulsars are reporte

1000 GeV gamma rays from Cygnus X-3: An update

Measurements of 1000 GeV gamma-rays from Cygnus X-3 made with the University of Durham facility at Dugway, Utah in 1981/82 are reviewed. The light curve of the 4.8 hour modulated emission is updated and shows evidence significant at the 4.4 sigma level for strong emission (9% of the cosmic ray rate) at phase 0.625 and less significant (1.4 sigma level) indications of weaker emission (3% of the cosmic ray rate) at phase 0.125. The effect constituting the excess on the few nights showing the strongest emission appears to arise from the smallest Cerenkov light signals suggesting a steep gamma-ray spectrum. The 1982 data have been searched unsuccessfully for evidence of emission at phase 0.2, in coincidence with the results from the ultra-high energy (extensive Air Showers (EAS) measurements in 1979-1982. A systematic investigation of a long term variation in the strength of the peak of the 4.8 hr modulated 1000 GeV gamma-ray emission has been made. We find that in addition to the approximately 34 d variation reported by us previously, a stronger effect exists at around 19d