The Center for Education and Research in Information Assurance and Security, or CERIAS, is the world's foremost University center for multidisciplinary research and education in areas of information security. Our areas of research include computer, network, and communications security as well as information assurance.

This site's design is only visible in a graphical browser that supports web standards, but its content is accessible to any browser or Internet device. (Why?)

Center for Education and Research in Information Assurance and Security

COAST Security Archive Logo Category Index: /pub/doc/general

No Pointing!

This WWW page was generated automatically. Link makers should not point their links to this page. If you must, please make a link to the search entry point.

Geoffrey S. Steward, David Sylvester, CSRC memorandum
Abstract: Memo of CSRC. In recent years the Internet has been used to spread computer viruses to many of its host computers, it used email services to send copies of itself to network users, it displayed the holiday message on the receivers screen and then mailed itself to others. The virus caused both the denial of services and systems shutdown. In view of these matters, some Internet users are developing Computer Security Response Centers(CSRC) to establish emergency and preventative measures.

EFF, Various EFF Papers on Issues in Computing and Cyberspace
Abstract: EFF Papers on a variety of topics. These range from profiles of Hackers to James Joyce on Cyberspace. An eclectic mix - use at your peril!

Dan Farmer, Wietse Venema, Improving the Security of Your Site by Breaking Into it
Abstract: In this paper we will take an unusual approach to system security. Instead of merely saying that something is a problem, we will look through the eyes of a potential intruder, and show "why" it is one. We will illustrate that even seemingly harmless network services can become valuable tools in the search for weak points of a system, even when these services are operating exactly as they are intended to. In an effort to shed some light on how more advanced intrusions occur, this paper outlines various mechanisms that crackers have actually used to obtain access to systems and, in addition, some techniques we either suspect intruders of using, or that we have used ourselves in tests or in friendly/authorized environments.

Unknown, General Information About NIST
Abstract: This directory contains the general information about NIST.

Unknown, NIST Interagency Reports
Abstract: This directory contains computer security-related Interagency Reports.

Paul Holbrook, Joyce K. Reynolds, RFC 1244: Site Security Handbook
Abstract: This FYI RFC is a first attempt at providing Internet users guidance on how to deal with security issues in the Internet. As such, this document is necessarily incomplete. There are some clear shortfalls; for example, this document focuses mostly on resources available in the United States. In the spirit of the Internet's "Request for Comments" series of notes, we encourage feedback from users of this handbook. In particular, those who utilize this document to craft their own policies and procedures. This handbook is meant to be a starting place for further research and should be viewed as a useful resource, but not the final authority. Different organizations and jurisdictions will have different resources and rules. Talk to your local organizations, consult an informed lawyer, or consult with local and national law enforcement. These groups can help fill in the gaps that this document cannot hope to cover.

Alan Solomon, Barry Nielson and Simon Meldrum, Information about the AIDS diskette trojan
Abstract: On Monday, 11th December, several thousand diskettes were mailed out containing a program that purported to give you information about AIDS. These diskettes actually contained a trojan - do not install the program. If you have installed it, you must remove it - see Appendix 3 below for how.

Christopher William Klaus, Compromise: What if your Machines are Compromised by an Intruder.
Abstract: This FAQ deals with some suggestions for securing your Unix machine after it has already been compromised. Even if your machines have not been compromised, there are many helpful tips on securing machine in this paper. I would appreciate any suggestions. This FAQ will be posted monthly.

G. Pernul G. Luef, A Bibliography on Database Security
Abstract: A lot of discussion about literature on Computer Security has been taken place recently in news group. The author have compiled a bibliography on the security aspect in databases.

Barton P. Miller, David Koski, Cjin Pheow Lee, Vivekananda Maganty, Ravi Murthy, Ajitkumar Natarajan, Jeff Steidl, Fuzz Revisited: A Re-examination of the Reliability of UNIX Utilities and Services
Keywords: testing, debugging, programs, utilities, random testing, reliability
Abstract: e have tested the reliability of a large collection of basic UNIX utility programs, X-Window applications and servers, and network services. We used a simple testing method of subjecting these programs to a random input stream. Our testing methods and tools are largely automatic and simple to use. We tested programs on nine versions of the UNIX operating system, including seven commercial systems and the freely-available GNU utilities and Linux. We report which programs failed on which systems, and identify and categorize the causes of these failures.

Barton P. Miller, Lars Fredriksen, Bryan So, An Empirical Study of the Reliability of UNIX Utilities
Keywords: testing, debugging, programs, utilities, reliability
Abstract: Operating system facilities, such as the kernel and utility programs, are typically assumed to be reliable. In our recent experiments, we have been able to crash 25-33 of the utility programs on any version of UNIX that were tested. This report describes these tests and an analysis of the program bugs that caused the crashes.

B. Clifford Neuman, Protection and Security Issues for Future Systems
Abstract: We are becoming increasingly dependent on computers in daily life. This dependence brings with it a heightened need for security in the computer systems we use. The distributed nature of recent systems has made it difficult to apply many of the security techniques used in centralized systems. Additionally, many of the services which are becoming available by computer are placing new demands on the protection and security mechanisms of the systems on which they run. These services require interaction between parties that are mutually suspicious of one another; the servers require protection from users, while at the same time the users require protection from malicious or incompetent service providers. This paper examines the problems of protection and security as applied to future com- puter systems.

Richard D. Pethia, Kenneth R. van Wyk, Computer Emergency Response - An International Problem
Abstract: Computer security incidents during the past few years have illustrated that unauthorized computer activity does not obey traditional boundaries (e.g., national, network, computer architecture). Instead, such activity frequently crosses these boundaries not just once, but several times per incident [Stoll89]. International cooperation among computer security response groups can be an effective means of dealing with computer security issues faced today by the computer user community. This paper addresses the need for such cooperation and suggests methods by which individual computer security response groups can work together internationally to cope with computer security incidents.


O Built by Mark Crosbie and Ivan Krsul.

Security Archive Page Security Archive Homepage.

COAST Homepage COAST Project (CERIAS)Page.

Purdue CS Homepage Purdue CS Dept page. (COAST Security Archive)