Current investigations into computer intrusions usually focus on individual systems and geographically localized incidents. However, in reality, many intrusions are interrelated and international in scope. To better protect systems, intrusions must be understood in their proper context; not in the isolated focus of a single incident. Key to a global understanding of these threats is classifying the various motives of individuals and groups involved. When incidents are investigated in their global context, it is possible to analyze the dynamics and patterns of interrelated incidents previously misunderstood or ignored. This paper will summarize the author’s investigations of international intrusions during the last eight years to present a classification model of attributes and motives displayed by intruders, and explain common patterns of activities. Finally, current technical trends are considered in order to understand potential future risks.

Although computer intrusions have exsisted from the moment of the Internet’s birth, until recently system administrators either did not consider them to be a serious problem or were totally ignoring them. Unfortunately, hiding their heads in the sand did not make intrusions disapper; rather, it gave the intruders time to create more and more sophisticated attack tools, making the countermeasures necessary to block the attacks a very high tech, time and monetary consuming activity. This paper is an attempt to summarize the techniques used to detect and successfully defeat attacks launched by the intruders equipped with the modern intrusion kits in high availablility environments such as the communication carriers.

In view of the increasing threat of unauthorized intrusions into Department of Defense computer systems, you asked us to report on the extent to which Defense computer systems are being attacked, the actual and potential damage to its information and systems, and the challenges Defense is facing in securing sensitive information. This report identifies opportunities and makes recommendations to the Secretary of Defense to improve Defense’s efforts to counter attacks on its computer systems.

This document discusses many of the security-related elementes of AIX 4.1. It is directed toward a reader who is a system administrator for one or more AIX systems, although much of the material may be useful to AIX users. Recommendations and suggestions for installation and day-to-day administration are included. Specialized topics, including DCE and NIS, are not discussed. Basic UNIX knowledge is assumed.

The Handbook is presented as a set of methods and procedures in checklist form which higlight the steps necessary to institute and maintain a more secure environment. It also provides procedures used to detect inconsistencies within the system, which may indicate breaches of security.

This guide describes the tasks and considerations associated with managing system security in an ULTRIX environment.

Most automated packages for intrusion detection focus on determining if a collection of audit data is suspicious. Package developers assume that the System Security Officer (SSO) will combine the results of their tools with a careful inspection of the logs to determine if indeed there is evidence of intrusive activity. In practice, most administrators rely exclusively on the conclusions generated by such packages. As a result, very few methods have been developed to browse the raw audit trails. This thesis presents a new approach to this problem. By treating conceptual entities in an audit trail as objects, a framework for observing how entities interact can be developed. All of the records of interest are first scanned to determine the objects and actions of interest. During this initial scanning phase, the objects are interconnected based on how each affects the other, much like a directed graph. The vertices and edges represent the objects and actions respectively. Then, by focusing initially on one object of interest, a SSO can quickly determine how that object affected or was affected by any other object by noting the direction and type of edge connecting the nodes. Say, for example, a process with limited privilege was able to create a new process with unlimited privileges by executing one action. The two processes are represented by the vertices, and the action of gaining privilege could be represented by a directed edge from the first process to the second. Thus by focusing on these new objects, the SSO can then determine how other nodes were directly or indirectly affected by the first object simply by following the next set of edges. An initial prototype program was produced and focused on the UNIX operating system model, and was fairly successful in following entities in the audit trail. Later efforts tried to extrapolate the model to more general comutational systems. Of course, the SSO must still possess technical knowledge of any system to fully analyze the data and realize the implications of the actions therein: there is no substitute for such expertise. This thesis presents a new methodology for browsing such data.

This document was prepared by the Institute for Defense Analyses (IDA) under the task order, Federal Criteria Development, and fulfills the objective of extending the Federal Criteria to support distributed operating systems. The study was sponsored by the National Security Agency (NSA) with the joint involement of the National Institute of Standards and Technology. The study was initiated as a separate, parallel effort to that of developing the international Common Criteria, with the intent of making this study’s material available at an appropriate time for ultimate inclusion into the Common Criteria.

This report is an adaptation of a proposal that was submitted to the National Science Foundation’s Coordinated Experimental Research Program in September 1986. In September 1980 the University of Washington’s Eden Project Received the first award in the CER program. Eden was a five-year effort that explored a specific approach to building “integrated distributed” computer systems. In September 1985 the University of Washington’s Heterogenous Computer Systems Project received a two-year CER award to study strategies for interconnecting hetrogenous computer systems in a research environment. In both the Eden Project and the HCS project, a relatively small subset of the department joined together to pursue a specific, unified experimental research objective. The proposal from which the current techreport is adapted adheres to a different “model”. A broad cross-section of our department currently is involved in research into various aspects of parallel computing, supported by a collection of “traditional” grants from NSF and other agencies. The proposal seeks experimental infrastucture (equipment, maintenence, staffing) to support this existing work, and to propel it in new directions. Thus, the value of this report is that it presents a coherent review (through a “parallel computing” filter) of the broad research activities of our department. The reader desiring a quick overview should direct his or her attention to Section B of the proposal (the “Executive Summary”), and the “Addendum” (a separate 9-page document prepared in January 1987 and appearing at the end of this report).

This report consists of brief synopses of a number of research projects underway in the University of Washington’s Department of Computer Science. Beyond indicating the breadth and depth of our research activities, we hope to stimulate readers to request futher information on projects of specific interest.

This report gathers together and reprints six technical papers produced by the University of Washington’s Heterogeneous Computer Systems (HCS) Project. Our objective is to make the major contributions of the project available in a single place.

In the transition axiom method, safety properties of a concurrent system can be specified by programs; liveness properties are specified by assertions in a simple temporal logic. The method is described with some simple examples, and its logical foundation is informally explored through a careful examination of what it means to implement a specification. Language issues and other practical details are largely ignored.

Multiple threads (program counters executing in the same address space) make it easier to write programs that deal with related asynchronous activities and that execute faster on shared-memory multiprocessors. Supporting multiple threads places new constraints on the design of operating system interfaces. Part I of this report presents guidelines for designing (or redesigning) interfaces for multithreaded clients. We show how these guidelines were used to design an interface to UNIX-compatible file and process management facilities in the Topaz operating system. Two implementations of this interface are in everyday use: a native one for the Firefly multiprocessor, and a layered one running within a UNIX process. Part II is the actual programmer’s manual for the interface discussed in Part I.