Abstract
One of the favorite diversions of university students involves "beating" the system.
In the case of operating systems, this has been a remarkably easy accomplishment
An extensive lore of operating system penetration, ranging from anecdotes describing
students who have outsmarted the teacher's grading program to students who captured
the system's password list and posted it on one of the bulletin boards has been
collected on college campuses. Private industry has been victimized much more seriously.
Here the lore of the "system" penetrations contains scenarios involving the loss of
tens of thousands of dollars.
The Research and Development organization at SDC has been seriously involved with
legitimate operating system penetration efforts. Under contract to government agencies
and industry SDC has assessed the secure-worthiness of their systems by attemps to
gain illegal access to their operating systems. As of this date, seven operating
systems have been studied. This paper examines the successful penetration methodology
employed and the generic operating system functional weaknesses that have been found.
Recommendations are made for improvement that can strengthen the penetration methodology.