Taimur Aslam,
A Taxonomy of Security Faults in the Unix Operating
System
Keywords: Unix, faults, vulnerabilities, intrusion
Abstract: Security in computer systems is important to
ensure reliable operation and protect the integrity of stored
information. Faults in the implementation can be exploited to
breach security and penetrate an operating system. These faults
must be identified, detected, and corrected to ensure reliability
and safe-guard against denial of service, unauthorized
modification of data, or disclosure of information. We define a
classification of security faults in the Unix operating system.
We state the criteria used to categorize the faults and present
examples of the different fault types. We present the design and
implementation details of a database to store vulnerability
information collected from different sources. The data is
organized according to our fault categories. The information in
the database can be applied in static audit analysis of systems,
intrusion detection, and fault detection. We also identify and
describe software testing methods that should be effective in
detecting different faults in our classification scheme.
Mark
Crosbie, Ivan
Krsul, Steve
Lodin, Eugene
Spafford,
A Secure Message Broadcast System (SMBS)
Abstract: This paper describes the design and
implementation of a secure message broadcast system (SMBS). It is
a secure, multi-party chat program that ensures privacy in
communication and does not rely on shared secret keys. The system
was built as a study of the feasibility of building effective
communication tools using advanced cryptographic techniques like
Zero Knowledge Proofs.
Ivan
Krsul, Eugene
H. Spafford,
Authorship Analysis: Identifying The Author of a
Program
Abstract: Authorship analysis on computer software is a
difficult problem. In this paper we explore the classification of
programmer's style, and try to find a set of characteristics that
remain constant for a significant portion of the programs that
this programmer might produce. Our goal is to show that it is
possible to identify the author of a program by examining its
programming style characteristics. Ultimately, we would like to
find a signature for each individual programmer so that at any
given point in time we could identify the author of any program.
The results of this paper support the conclusion that within a
closed environment, and for a specific set of programmers, it is
possible to identify a particular programmer and the probability
of finding two programmers that share exactly those same
characteristics should be small.
Sandeep
Kumar,
Classification and Detection of Computer Intrusions
Keywords: intrusion detection
Abstract: Some computer security breaches cannot be
prevented using access and information flow control techniques.
These breaches may be a consequence of system software bugs,
hardware or software failures, incorrect system administration
procedures, or failure of the system authentication module.
Intrusion detection techniques can have a significant role in the
detection of computer abuse in such cases. This dissertation
describes a pattern matching approach to representing and
detecting intrusions, a hitherto untried approach in this field.
We have classified intrusions on the basis of structural
interrelationships among observable system events. The
classification formalizes detection of specific exploitations by
examining their manifestations in the system event trace. Thus,
we can talk about intrusion signatures belonging to particular
categories in the classification, instead of vulnerabilities that
result in intrusions. The classification developed in this
dissertation can also be used for developing computational models
to detect intrusions in each category by exploiting the common
structural interrelationships of events comprising the signatures
in that category. We can then look at signatures of interest that
can be matched efficiently, instead of attempting to devise a
comprehensive set of techniques to detect any violation of the
security policy. We define and justify a computational model in
which intrusions from our classification can be represented and
matched. We also present experimental results based on an
implementation of the model tested against real-world
intrusions.
Christoph
Schuba, Bryan Lyles,
A Reference Model for Firewall Technology and its Implications
for Connection Signaling (A related
WWW homepage exists for this item)
Keywords: firewall, signaling
Abstract: This paper concentrates on one particular aspect
of providing communication security: firewalls between domains of
trust. We argue that signaling support for providing scalable
security services is a design requirement. On this basis we
outline a reference model for firewall technology. It captures
the current state of the art and proves suitable for
connection-oriented high-performance networks.The architecture is
an improvement in network management and provides a controlled
exposure of the internal network structure to the outside, and
transparency to the user. Its components are endpoint
authentication, call admission control, connection
authentication, audit, and a distributed architecture with
centralized policy. The paper discusses implications of this
reference model for the design of signaling protocols.
Mark
Crosbie, Gene
Spafford,
Applying Genetic Programming to Intrusion Detection
Keywords: intrusion detection, genetic programming,
artificial life, genetic algorithms, security, anomaly
detection
Abstract: This paper presents a potential solution to the
intrusion detection problem in computer security. It uses a
combination of work in the fields of Artificial Life and computer
security. It shows how an intrusion detection system can be
implemented using autonomous agents, and how these agents can be
built using Genetic Programming. It also shows how Automatically
Defined Functions (ADFs) can be used to evolve genetic programs
that contain multiple data types and yet retain type-safety.
Future work arising from this is also discussed.
Built by Mark Crosbie and Ivan Krsul.