Many researchers are devising algorithms for task pladement in distrubuted systems, but few are designing the necessary mechanisms to provide the information required by those algorithms. Fundamental to these mechanisms is an accurate means for information exchange between ditributed systems. The MESSIAHS project investigated the construction of a set of mechanisms to support task placement in autonomous, heterogeneous, distributed systems. In this paper we describe the semantics of the protocols used to exchange system state information within MESSIAHS, and develop formal models to prove that the protocols accurately propogate system description information throughout the system.

The majority of attacks made upon modern computers have been successful due to the exploitation of the same errors and weaknesses that have plagued computer systems for the last thirty years.  Because the industry has not learned from these mistakes, new protocols and systemns are not designed with the aspect of security in mind; and security that is present is typically added as an afterthought.  What makes these systems so vulnerable is that the security design process is based upon assumptions that have been made in the past; assumptions which now have become obsolete or irrelevant.  In addition, fundamental errors in the design an implementation of systems repeatedly occr, which lead to failures. This research presents a comprehensive analysis of the types of attacks that are being leveled upon computer systems and the construction of a general taxonomy and methodologies that will facilitate design of secure protocols.  To develop a coomprehensive taxonomy, existing lists, charts, and taxonomies of host and network attacks published over the last thirty years are examined and combned, revealing common denominators among them.  These common denominators, as well as new information, are assimilated to produce a broadly applicable, simplier, and more complete taxonomy.  It is shown that all computer attacks can be broken into taxonomy consisting of improper conditions: Validation Exposure Randomness Deallocation Improper Conditions Taxonomy; hence described by the acronym VERDICT. The developed methodologies are applicable to both wired and wireless systems, and they are applied to some existing Internet attacks to show how they can be classified under VERDICT.  The methodologies are applied to the IEEE 802.11 wireless local area network protocol and numerous vulnerabilities are found.  Finally, an extensive annotated bibliography is included.

Watermarking, in the traditional sense is the technique of embedding un-detectable (un-perceivable) hidden information into multimedia objects (i.e. images, audio, video, text) mainly to protect the data from unauthorized duplication and distribution by enabling provable ownership over the content. Whereas considerable work has been invested in this topic, little has been done (with the notable exception of attempts in software watermarking and recent progress in the area of natural language processing to enable the same concept in the area of semi-structured non-media data such as XML, databases and non-multimedia repositories.
  We believe that there is much to be gained from the ability to embed non-destructive hidden information in this kind of content, in particular considering current mainstream migration of business interactions towards distributed computing technologies using markup languages such as XML and underlying database storage.
  Watermarking in the area of semi-structured data presents a whole new set of challenges and associated trade-offs. One characterizing main difference can be expressed simply as \“lack of bandwidth\”, deriving from the inherent lack of a major noise component in that domain. We present some of the issues encountered in the course of our ongoing work in watermarking XML and numeric database content.  We define a preliminary model-level analysis of the new domain and corresponding transforms. We design a method for watermarking semistructures based on a novel canonical labeling algorithm that self-adjusts to the specifics of the content. Labeling is tolerant to a significant number of graph attacks (\“surgeries\”) and relies on a complex \“training\” phase at watermarking time in which it reaches a optimal stability point with respect to the expected attacks. Watermark detection works without requiring the original un-marked object. We analyse how to perform efficient and useful generic node content summarisation, hashing. We treat the issue of graph partitioning in the framework of hierarchical watermarking and show how hierarchical watermarking effectively amplifies the power of weak marking algorithms leading to an ultimately more powerful and robust watermark. We perform experiments enforcing some of the introduced algorithms (e.g. labeling) under different attack conditions and present some of the conclusions. Future envisioned medium and long term research issues are outlined.

Computer security is a growing concern in research, development, marketing, and most other areas of everyday life.  The first and foremost task in computer security is to prevent unauthorized access to systems.  This report tells how “rackers” (computer wizards who use their talents for illegal and destructive purposes) obtain access to computer systems and gives specific advice on how to prevent them from doing it.

With the rapid burgeoning of national and international networks, the question of system security has become one of growing importance.  High speed inter-machine communication and even higher speed computational processors have made the threats of system \“cracker,\” data theft, data corruption very real.  This paper outlines some of the problems of current password security by demonstrating the ease by which individual accounts may be broken.  various tachniques used by crackers are outlined, and finally one solution to this point of system vulnerability, a proactive password checker, is proposed.

This report documents the design of the Graph-based Intrusion Detection System in reasonable detail.  It is intended as a guide to people who wish to understand the implementation, or who have more detailed questions about the design than are addressed elsewhere…

This paper provides an analysis of today\‘s security landscape and offers insight into the imperative need for making security intrinsic to the operations of network and desktop resources.  Many security technologies currently being offered are woefully reactive and cannot repel attacks to the enterprise…18

All currently available network intrusion detection systems rely upon a mechanism of data collection-passive protocol analysis- which is fundamentally flawed.  In passive protocol analysis, the intrusion detection system unobtrusively watches all traffic on the network, and scrutinizes it for patterns of suspicious activity…

This report presents the results of the workshop and the reports of the working groups on sharing vulnerability data into technical, motivational and consequential issues.  We summarize and expand on the discussions of fundamental issues such as nomenclature, vocabulary, and the contents of vulnerability databases…

This paper presents a data mining algorithm , namely Clustering and Classification Algorithm - Supervised (CCA-S), which we developed for detecting intrusions into computer network systems for intrusion detection.  CCA-S is used to learn signature patterns of both normal and intrusive activities in the training data, and to classify the activities in the testing data as normal or intrusive based on the learned signature patterns of normal and intrusive activities.  CCA-S differs from many existing data mining techniques in its ability in scalable, incremental learning.  We tested CCA-S and two popular decision tree algorithms, and obtained their performance for an intrusion detection problem.  CCA-S produced better intrusion detection performance than these popular decision tree algorithms.

This paper deals with variations of the quadratic sieve integer factoring algorithm.  We describe what we believe is the first implementation of the hypercube multiple polynomial quadratic sieve with two large primes.  We have used this program to factor many integers with up to 116 digits.  Our program appears to be many times faster than the (non-hypercube) multiple polynomial quadratic sieve with two large primes.

With the prevalence of Distributed Denial of Service (DDOS) attacks, detection and containment of malicious attacks of networks by crackers has gained prominence.  In DDOS attacks and in cracker attacks in general, the usual technique of crackers is to infiltrate a network through a vulnerable host and then launch further attacks.  Software that detects vulnerabilities and intrusions in a single host exists today.  We propose a novel distributed scheme that uses the knowledge of a single system (that it has been the target of an intrusion attempt) to be disseminated to its friendly neighbors, so that they can take preventive measures against the intruder.

This paper presents a new technique for intrusion detection based on concurrent monitoring of user operations.  In this scheme, prior to starting a session on a computer, an auxiliary process called watchdog first queries users for a scope file and then generates a table called a sprint-plan.  The sprint-plan is composed of carefully derived assertions that can be used as a basis for concurrent monitoring of user commands.  The plan is general enough to allow a normal user to perform his task without much interference from the watchdog or system administrator and is specific enough to detect intrusions, both external and inernal.  A distributed watchdog process architecture based on the notion of verifiable assertions is presented.  This scheme is a signigicant enhancement over the traditional approaches that rely on audit trail analysis in that the intrusion detection latency could be much shorter.