Denial of service (DoS)attack on the Internet has become a pressing problem.In this paper,we describe and evaluate route-based distributed packet .ltering (DPF),a novel ap- proach to distributed DoS (DDoS)attack prevention.We show that DPF achieves proactiveness and scalability,and we show that there is an intimate relationship between the e .ectiveness of DPF at mitigating DDoS attack and power- law network topology.

Computer viruses are a worrying real-world problem, and a challenge to theoretical modelling. In this issue of the \‘Computer Journal\’, Erkki Makinen proposes universal machines in a critique of an earlier paper, \“A Framework for Modelling Trojans and Computer Viris Infection\” (H. Thimbleby, S. O. Anderson and P. A. Cairns, Comp. J., 41(7):444-458, 1999). This short paper is a reply by those authors.

Alice has a private input x (of any data type, such as a number, a matrix or a data set). Bob has another private input y. Alice and Bob want to cooperatively conduct a specific computation on x and y without disclosing to the other person any information about her or his private input except for what could be derived from the results. This problem is a Secure Two-party Computation (STC) problem, which has been extensively studied in the past. Several generic solutions have been proposed to solve the general STC problem; however the generic solutions are often too inefficient to be practical. Therefore, in this dissertation, we study several specific STC problems with the goal of finding more efficient solutions than the generic ones.

We introduce a number of specific STC problems in the domains of scientific computation, statistical analysis, computational geometry and database query. Most of the problems have not been studied before in the literature.

It is not possible to view a computer operating in the real world, including the possibility of Trojan Horse programs and computer viruses, as simply a finite realisation of a Turing Machine.  We consider the actions of Trojan Horses and viruses in real computer systems and suggest a minimal framework for an adequate formal understanding of the phenomena. Some conventional approaches, including biological metaphors, are shown to be inadequate; some suggestions are made towards constructing virally-resistant systems.

The purpose of the study was to determine the effect of computer viruses on disaster recovery model development.  Through a review of the literature and careful thought, the Susceptibilities/Assets/Frequencies and Expected Value Model was developed. The design of this model is unique in that it addresses the threat of computer viruses to organizational computing resources. The model consists of two concrrent processes. These processes are the management process and the prevention recovery process.  The S.A.F.E. Model is inended to function as a tool that guides and organization through the systematic assessment of areas that are essential to the development of viral recovery strategies within the organization. Computer viruses are a dynamic threat.  The S.A.F.E. Model represents an attempt to outline a process that can be utilized to develop prevention and recovery strategies to cope with this threat.

This paper describes a method of monitoring file integrity (changes in file contents) using a collection of embedded sensors within the kernel.  An embedded sensor is a small piece of code designed to monitor a specific condition and report to a central logging facility. In our case, we have built several such sensors into the 4.4 BSD kernel (OpenBSD V2.7) to monitor for changes in file contents. The sensors look for files which are marked with a specific system flag in the inode. When the sensors detect a file with this flag, they will report all changes to file contents made through the file system interface. This provides administrators with a valuable audit tool and supplies more reporting granularity than conventional file system integrity checkers (such as Tripwire).

Our technique relies on only two fundamental file system characteristics. First, the file system object must have a provision for storing file characteristics (i.e. flags) within the object. Secondly, the file system must present a block device interface to the operating system.

We show that system performance is not severely hampered by the presence of this monitoring mechanism given the select set of files that would be monitored in a conventional system and the beneficial audit data that results from monitoring.

This dissertation introduces the concept of using internal sensors to perform intrusion detection in computer systems. It shows its practical feasibility and discusses its characteristics and related design and implementation issues.

We introduce a classification of data collection mechanisms for intrusion detection systems. At a conceptual level, these mechanisms are classified as direct and indirect monitoring. At a practical level, direct monitoring can be implemented using external or internal sensors. Internal sensors provide advantages with respect to reliability, completeness, timeliness and volume of data, in addition to efficiency and resistance against attacks.

We introduce an architecture called ESP as a framework for building intrusion detection systems based on internal sensors. We describe in detail a prototype implementation based on the ESP architecture and introduce the concept of embedded detectors as a mechanism for localized data reduction.

We show that it is possible to build both specific (specialized for a certain intrusion) and generic (able to detect different types of intrusions) detectors. Furthermore, we provide information about the types of data and places of implementation that are most effective in detecting different types of attacks.

Finally, performance testing of the ESP implementation shows the impact that embedded detectors can have on a computer system. Detection testing shows that embedded detectors have the capability of detecting a significant percentage of new attacks.

Survivability and secure communications are essential in a mobile computing environment. In a secure network, all the hosts must be authenticated before communicating, and failure of the agents that authenticate the hosts may completely detach the hosts from the rest of the network. In this paper, we describe two techniques to eliminate such a single point of failure. Both of these approaches make use of backup servers, but they differ in the way they are organized and deployed. We evaluate our proposed architectures with threats and performance issues in group (multicast) communications in mobile computing environments. We propose a scheme for efficient key distribution and management using key graphs to provide secure multicast service.

Drawing from the experience obtained during the development and testing of a distributed intrusion detection system, we reflect on the data collection needs of intrusion detection systems, and on the limitations that are faced when using the data collection mechanisms built into most operating systems.  We claim that it is best for an intrusion detection system to be able to collect its data by looking directly at the operations of network packets.  Furthermore, for collecting data in an efficient, reliable and complete fashion, incorporation of monitoring mechanisms in the source code of the operating system and its applications is needed.

The trend towards a strong interdependence among networks has serious security implications.  Not only does the compromise of one network adversely affect resources needed by others, but the compromised network may be part of a multi-network attack targeting other systems.  The task of identifying such attacks in progress can be quite difficult.  Other researchers have found that data sharing is needed to detect many systemic attacks involving multiple hosts even within a single network [PN97].  Systems such as DIDS and EMERALD have been developed to gather and analyze such data network and enterprise-wide, respectively.  However, neither system addresses data sharing between networks that lack central administration.  This paper identifies some of the issues that need to be addressed if cooperative intrusion detection using data sharing between distinct sites is to become a viable option, and provides a set of requirements for designing such a system.  A substantial subset of these requirements have been modelled in a functional cooperative data sharing system.

With the growing need for multimedia data management, security requirements are becoming very crucial.  Composing multimedia documents involves bringing together media objects that exist in various formats.  These objects may reside in a distributed environment and belong to different security domains.  We propose a time augmented colored-Petri Net model for multimedia document composition that allows the specification of multilevel security.  The model also allows handling multiple security policies and hierarchical and path-based protection schemes.

We introduce a technique for tracing a class of

The natural immune system has evolved many interesting mechanisms to solve the problem of self-nonself discrimination.  An anomaly detection system based upon principles derived from the immune system was introduced in [Forr94].  Its main advantages are that it is distributable, local, and tunable.  This paper provides an overview of the theoretical, algorithmic,and practical developments extending the original proposal.  In particular, we present information theoretic results on the detection method, show the possibility of strings that cannot be detected for a given combination of self set and matching rule, present efficient algorithms to generate the detector set, and provide rules of thumb for setting the parameters to apply this method to a real data set.