COAST Library
This is a list of documents on various COAST projects, and some other security-related papers by COAST personnel. The list includes technical reports, conference papers, theses, and working papers. Most are in PostScript. The list is ordered by author and date. Not all paper are available to non-sponsors.

Note: These papers can be found in our Bookshelf.

* Secure Outsourcing of Scientific Computations
Mikhail Atallah, and John Rice; Department of Computer Sciences, Purdue University; Coast TR 98-15; 1998

*Compact Recognizers of Episode Sequences
Alberto Apostolico, Mikhail J. Atallah; Department of Computer Sciences; Purdue University; Coast TR 97-20; 1997.

*Secure Outsourcing of Some Computations
Mikhail J. Atallah, Konstantinos Pantazopoulos, E. H. Spafford; Department of Computer Sciences; Purdue University; CSD-TR-96-074; Coast TR 97-19; 1997.

* An Algorithm for Estimating All Matches Between Two Strings
Mikhail J. Atallah, Frederic Chyzak, Philippe Dumas; Department of Computer Sciences; Purdue University; Coast TR 97-18; 1997

* Algorithms for Variable Length Subnet Address Assignment
Mikhail J. Atallah, Douglas E. Comer; Department of Computer Sciences; Purdue University ; Coast TR 97-17; 1997

*A Taxonomy of Security Faults in the Unix Operating System
Taimur Aslam; MS thesis; Department of Computer Sciences; Purdue University; Coast TR 95-09; 1995.

*A Taxonomy of Security Faults
Taimur Aslam, Ivan Krsul, and Eugene H. Spafford; to appear in PROCEEDINGS OF THE NATIONAL COMPUTER SECURITY CONFERENCE; Coast TR 96-05; 1996.

*A Randomized O(N Log N) Algorithm for Generalized Pattern Matching
Mikhail J. Atallah, Frederic Chyzak, and Phillipe Dumas; Department of Computer Sciences, Purdue University; CSD-TR-96-059; 1996.

*Applications of A Numbering Scheme For Polygonal Obstacles in the Plane
Mikhail J. Atallah, and Danny Z. Chen; Department of Computer Sciences, Purdue University; CSD-TR-96-055; 1996.

*Searching For Ephemeral Subsequences in Strings
Alberto Apostolico, and Mikhail J. Atallah; Department of Computer Sciences, Purdue University; CSD-TR-96-076; 1996.

* An Architecture for Intrusion Detection using Autonomous Agents; PDF Format
Jai Balasubramaniyan, Jose Omar Garcia-Fernandez, David Isacoff, E. H. Spafford, and Diego Zamboni, Department of Computer Sciences, Purdue University; Coast TR 98-05; 1998.

* Constructing Distributed Schedulers Using the Messiahs Interface Language
S. J. Chapin and E. H. Spafford; PROCEEDINGS OF THE 27TH HAWAII INTERNATIONAL CONFERENCE ON SYSTEMS AND SOFTWARE (HICSS); pp. 425--434, Vol. II; Wailea-Maui, Hawaii; Coast TR 94-09; 1994.

*Support for Security in Distributed Systems Using MESSIAHS
S. J. Chapin and E. H. Spafford; PROCEEDINGS OF THE NATIONAL COMPUTER SECURITY CONFERENCE; pp. 339--447; Baltimore, MD; Coast TR 94-10; 1994.

*
Active Defense of a Computer System Using Autonomous Agents
Mark Crosbie and E. H. Spafford; Department of Computer Sciences, Purdue University; CSD-TR-95-008; 1995.

*Defending a Computer System Using Autonomous Agents
Mark Crosbie and E. H. Spafford; Department of Computer Sciences, Purdue University; CSD-TR-95-022; Coast TR 95-02; 1995.

* IDIOT Users Guide
Mark Crosbie, et. al. Department of Computer Sciences, Purdue University; CSD-TR-96-050; Coast TR 96-04; 1996.

*
A Secure Message Broadcast System (SMBS)
 Mark Crosbie, Ivan Krsul, Steve Lodin, and E. H. Spafford; Department of Computer Sciences, Purdue University; CSD-TR-96-019; Coast TR 96-01; 1996.

* Identification of Host Audit Data to Detect Attacks on Low-Level IP Vulnerabilties
Thomas E. Daniels, and E. H. Spafford; Department of Computer Sciences, Purdue University; Coast TR 98-10; 1998

* Misplaced trust: Kerberos 4 Session Keys
Bryn Dole, Steve Lodin, and E. H. Spafford; from the proceedings of the 1997 ISOC Conference on Network Security; available in PostScript and Adobe Acrobat(PDF); Coast TR 97-01.

* Networked Agents for Scientific Computing
T. Drashansky, Elias Houstis, and John Rice; Department of Computer Sciences, Purdue University; Coast TR 98-16; 1998

* Categorization of Software Errors that led to Security Breaches
Wenliang Du and A. P. Mathur; 21ST NATIONAL INFORMATION SYSTEMS SECURITY CONFERENCE, CRYSTAL CITY, VA, 1998; Coast TR 97-09; 1997.

* Vulnerability Testing of Software System Using Fault Injection
Wenliang Du and A. P. Mathur; Department of Computer Sciences, Purdue University; Coast TR 98-02; 1998

*The COPS Security Checker System
D. Farmer and E. H. Spafford; PROCEEDINGS OF THE SUMMER 1990 USENIX CONFERENCE; pp. 165-170; Coast TR 94-01; Jun 1990.

*Data Quality in Security Outsourcing of Scientific Applications
J. Chapman Flack; Mikhail Atallah; COAST Laboratory , Purdue University; Coast TR 98-20; 1998

*Monitoring File System Integrity on Unix Platforms
Gene Kim and E. H. Spafford; INFOSECURITY NEWS; 4(4), pp. 21-22; Coast TR 93-02; July 1993.

*The Design of a System Integrity Monitor: Tripwire
Gene Kim and E. H. Spafford; Department of Computer Sciences, Purdue University; CSD-TR-93-071; Coast TR 93-01; 1993.

*Experiences with Tripwire: Using Integrity Checkers for Intrusion Detection
Gene H. Kim and E. H. Spafford; PROCEEDINGS OF THE SYSTEMS ADMINISTRATION, NETWORKING AND SECURITY CONFERENCE III (SANS); Washington DC; Coast TR 94-03; 1994.

*Writing, Supporting, and Evaluating Tripwire: A Publically Available Security Tool
Gene H. Kim and E. H. Spafford; PROCEEDINGS OF THE USENIX UNIX APPLICATIONS DEVELOPMENT SYMPOSIUM; pp. 89-107; Toronto, ON; Coast TR 94-04; 1994.

* Low Threat Security Patches and Tools
Mohd A. Bashar, Ganesh Krishnan, Markus G. Kuhn, E. H. Spafford, S. S. Wagstaff, Jr; Department of Computer Sciences, Purdue University; CSD-TR-96-075; Coast TR 97-10; 1996.

*Authorship Analysis: Identifying the Author of a Program
Ivan Krsul; Department of Computer Sciences, Purdue University; MS Thesis; CSD-TR-94-030; Coast TR 94-08; 1994.

* Authorship Analysis: Identifying the Author of a Program
Ivan Krsul and Eugene H. Spafford; Department of Computer Sciences, Purdue University; CSD-TR-96-052; Coast TR 96-06; 1996.

* Computer Vulnerability Analysis - Thesis Proposal
Ivan Krsul; Department of Computer Sciences, Purdue University; PHD Thesis Proposal; CSD-TR-97-026; Coast TR 97-05; 1997.

*An Economic Model for Enforcing Computer Policies or Detecting Computer Policy Violations
Ivan Krsul; Department of Computer Sciences, Purdue University; Draft, 1997. for a copy, contact krsul@cs.purdue.edu.

*Computer Vulnerability Analysis
Ivan Krsul , E. H. Spafford and Mahesh V. Tripunitara; Department of Computer Sciences, Purdue University; Coast TR 98-07; 1998 ; also available in PDF

* Coast Vulnerability Database User's Manual
Ivan Krsul , Department of Computer Sciences, Purdue University; Coast TR 98-08; 1998 PDF

* Software Vulnerability Analysis
Ivan Krsul; Department of Computer Sciences, Purdue University; PHD Thesis; Coast TR 98-09; 1998; also available in PDF

*Generation of Application Level Audit Data via Library Interposition
Benjamin A. Kuperman, and E. H. Spafford; Department of Computer Sciences, Purdue University; Coast TR 98-17; 1998

* Tamper Resistance -- A Cautionary Note (PDF Version)
Ross Anderson and Markus Kuhn; PROCEEDINGS OF THE 2ND WORKSHOP ON ELECTRONIC COMMERCE; Oakland, California; Coast TR 96-08; November 18-20, 1996.

*A Generic Virus Scanner in C++
Sandeep Kumar and E. H. Spafford; PROCEEDINGS OF THE 8TH COMPUTER SECURITY APPLICATIONS CONFERENCE; pp. 210-219; Coast TR 92-01; 2-4 Dec 1992; Coast TR 92-01.

*An Application of Pattern Matching in Intrusion Detection
Sandeep Kumar and E. H. Spafford; Department of Computer Sciences, Purdue University; CSD-TR-94-013; Coast TR 94-07; 1994.

*A Pattern-Matching Model for Instrusion Detection
Sandeep Kumar and E. H. Spafford; PROCEEDINGS OF THE NATIONAL COMPUTER SECURITY CONFERENCE; pp. 11-21; Baltimore, MD; Coast TR 95-06; 1994.

*A Software Architecture to Support Misuse Instrusion Detection
Sandeep Kumar and E. H. Spafford; Department of Computer Sciences, Purdue University; CSD-TR-95-009; Coast TR 95-04; 1995.

*Classification and Detection of Computer Intrusions
Sandeep Kumar; Department of Computer Sciences, Purdue University; PhD Dissertation; Coast TR 95-08; 1995.

* Temporal Sequence Learning and Data Reduction for Anomaly Detection
Terran Lane, Carla E. Brodley; ECE and the COAST Laboratory , Purdue University; Coast TR 98-18; 1998

* Filtering Techniques for Rapid User Classification
Terran Lane, Carla E. Brodley; ECE and the COAST Laboratory , Purdue University; Coast TR 98-13; 1998

* Approaches to Online Learning and Conceptual Drift for User Identification in Computer Security
Terran Lane, Carla E. Brodley; ECE and the COAST Laboratory , Purdue University; Coast TR 98-12; 1998

* Machine Learning Techniques for the Domain of Anomaly Detection for Computer Security
Terran Lane; ECE and the COAST Laboratory , Purdue University; Coast TR 98-11; 1998

*Detecting the Abnormal: Machine Learning in Computer Security
Terran Lane; ECE and the COAST Laboratory , Purdue University; technical report; Coast TR 97-02; 1997.

* Sequence Matching and Learning in Anomaly Detection for Computer Security
Terran Lane; ECE and the COAST Laboratory , Purdue University; AAAI-97 Workshop on AI Approaches to Fraud Detection and Risk Management; Coast TR 97-04; 1997.

*An Application of Machine Learning to Anomaly Detection
Terran Lane; ECE and the COAST Laboratory , National Information Systems Security Conference; Coast TR 97-03; 1997.

* Firewalls Fend Off Invasions From the Net
Steve Lodin and Christoph L. Schuba; Department of Computer Sciences, Purdue University; Coast TR 98-04; 1998.

*Final Report of the 2nd Workshop on Research with Security Vulnerability Databases, January 1999, PDF version;
Pascal C. Meunier and Eugene H. Spafford; Department of Computer Sciences, Purdue University, CERIAS TR 99-06; 1999

*Host-Based Misuse Detection and Conventional Operating Systems' Audit Data Collection
Kathrine Price ; Department of Computer Sciences also available in (PDF); Coast TR 97-15.

*Address Weaknesses in the Domain Name System Protocol
Christoph L. Schuba; Department of Computer Sciences, Purdue University; MS Thesis; CSD-TR-94-028; Coast TR 94-05; 1994.

*Countering Abuse of Name-Based Authentication
Christoph L. Schuba and E. H. Spafford; Department of Computer Sciences, Purdue University; CSD-TR-94-029; Coast TR 94-06; 1994.

*Classical IP and ARP over ATM
Christoph L. Schuba, Berry Kercheval and E. H. Spafford; Department of Computer Sciences, Purdue University; CSD-TR-95-024; Coast TR 95-07; 1995.

* Report of the CMAD III - 3rd Annual Workshop on Computer Misuse and Anomaly Detection
Sandeep Kumar, Steven W. Lodin, and Christoph L. Schuba; COAST Watch electronic newsletter, V1 (2); Department of Computer Sciences, Purdue University; April 1995.

Reprinted in CIPHER electronic newsletter V4. IEEE Technical Committee on Security & Privacy; March 1995.

* Report of the NDSS 95 - 3rd Symposium on Network and Distributed System Security 1995
Christoph L. Schuba; COAST Watch electronic newsletter, V1 (2); Department of Computer Sciences, Purdue University; April 1995.

* Report of the SNDSS 96 - 4th Symposium on Network and Distributed System Security 1996
Christoph L. Schuba; CIPHER electronic newsletter V13. IEEE Technical Committee on Security & Privacy; March 1996.

Reprinted in COAST Watch electronic newsletter, V2 (2); Department of Computer Sciences, Purdue University; April 1996.

Reprinted in TIS security newsletter; Trusted Information Systems, Glenwood, MD; April 1996.

Reprinted in NSA in-house newletter; National Security Agency, Fort Mead, MD; April 1996.

* Report on the IEEE CS 1996 Symposium on Security and Privacy
Christoph L. Schuba and Mary Ellen Zurko; CIPHER electronic newsletter V15. IEEE Technical Committee on Security & Privacy; June 1996.

* Reference Model for Firewall Technology and its Implications for Connection Signaling
J. Bryan Lyles and Christoph L. Schuba; Proceedings Open Signaling Workshop, Columbia University, New York, NY, October 1996; Coast TR 96-07.

Reprinted as Department of Computer Sciences, Purdue University; CSD-TR-94-061; 1996.

* Analysis of a Denial of Service Attack on TCP
Christoph L. Schuba, Ivan Krsul, Markus Kuhn, E. H. Spafford, Aurobindo Sundaram, and Diego Zamboni, IEEE Symposium on Security and Privacy; Oakland, CA; Coast TR 97-06; May, 1997.

* On the Modeling, Design and Implementation of Firewall Technology (Thesis)
Christoph L. Schuba, E. H. Spafford; Department of Computer Sciences, Purdue University; Coast TR 97-07. PDF

* Prototyping Experiences with Classical IP and ARP over Signaled ATM Connections (Prototyping Experiences with IP over ATM)
Christoph L. Schuba, E. H. Spafford and Berry Kercheval; Journal of Systems and Software; Coast TR 97-16; III/1998.

*The Internet Worm Program: An Analysis
E. H. Spafford; ACM COMPUTER COMMUNICATION REVIEW; 19(1), pp. 17-57, Jan 1989.

*An Analysis of the Internet Worm
E. H. Spafford; PROCEEDINGS OF THE EUROPEAN SOFTWARE ENGINEERING CONFERENCE 1989 (LECTURE NOTES IN COMPUTER SCIENCE #387); Springer-Verlag; pp. 446-468, Sep 1989.

*Preventing Weak Password Choices
E. H. Spafford; 14th NATIONAL COMPUTER SECURITY CONFERENCE; National Institute of Standards and National Security Institute; pp. 446-455, 2-4 Oct 1991; Coast TR 91-02.

*Are Computer Break-Ins Ethical?
E. H. Spafford; THE JOURNAL OF SYSTEMS AND SOFTWARE; 17(1), pp. 41-48; Coast TR 90-01; Jan 1992.

*OPUS: Preventing Weak Password Choices
E. H. Spafford; COMPUTERS & SECURITY; 11(3), pp. 273-278; Coast TR 91-02; May 1992.

*Observing Reusable Password Choices
E. H. Spafford; 3RD USENIX UNIX SECURITY SYMPOSIUM; pp. 299-312; Coast TR 91-03; 14-16 Sep 1992.

*Computer Viruses as Artificial Life
E. H. Spafford; JOURNAL OF ARTIFICIAL LIFE; v. 1(3), pp. 249-265; Coast TR 94-02; 1994.

*Software Forensics: Can We Track Code to its Authors?
E. H. Spafford and S. A. Weeber; 15TH NATIONAL COMPUTER SECURITY CONFERENCE; pp. 641-650; Coast TR 91-01; 13-16 Oct 1992.

*Software Forensics: Tracking Code to its Authors
E. H. Spafford and S. A. Weeber; COMPUTERS & SECURITY; 12(6), pp. 585-595; Coast TR 91-01; Dec. 1993.

*One View of A Critical National Need: Support for Information Security Education and Research
E. H. Spafford; Department of Computer Sciences, Purdue University; Coast TR 97-08; 1997.

*Data Quality in Security Outsourcing of Scientific Applications
Chieh-Hsien Tiao, John R. Rice; COAST Laboratory , Purdue University; Coast T R 98-19; 1998

* The Compression Functions of SHA, MD2, MD4 and MD5 are not Affine
Mahesh V. Tripunitara and Samuel Wagstaff Department of Computer Sciences, Purdue University; Coast TR 98-01; 1998

* Issues in the Incorporation of Security Services into a Protocol Reference Model
Mahesh V. Tripunitara and E. H. Spafford Department of Computer Sciences, Purdue University; Coast TR 98-03; 1998

* Security Policy Communication in a Distributed Network Element
Mahesh V. Tripunitara and Eugene H. Spafford; Department of Computer Sciences, Purdue University; CERIAS TR 99-01; 1999;  

* Security Assessment of IP-based Networks: A Holistic Approach
Mahesh V. Tripunitara and Eugene H. Spafford; Department of Computer Sciences, Purdue University; CERIAS TR 99-02; 1999;  PDF

*A prototype for a distributed Intrusion Detection System
Diego Zamboni and E. H. Spafford Department of Computer Sciences, Purdue University; Coast TR 98-06; 1998