Geoffrey S. Steward, David Sylvester,
Abstract: Memo of CSRC. In recent years the Internet has been used to spread computer viruses to many of its host computers, it used email services to send copies of itself to network users, it displayed the holiday message on the receivers screen and then mailed itself to others. The virus caused both the denial of services and systems shutdown. In view of these matters, some Internet users are developing Computer Security Response Centers(CSRC) to establish emergency and preventative measures.
EFF Papers on Issues in Computing and Cyberspace
Abstract: EFF Papers on a variety of topics. These range from profiles of Hackers to James Joyce on Cyberspace. An eclectic mix - use at your peril!
Improving the Security of Your Site by Breaking Into
Abstract: In this paper we will take an unusual approach to system security. Instead of merely saying that something is a problem, we will look through the eyes of a potential intruder, and show "why" it is one. We will illustrate that even seemingly harmless network services can become valuable tools in the search for weak points of a system, even when these services are operating exactly as they are intended to. In an effort to shed some light on how more advanced intrusions occur, this paper outlines various mechanisms that crackers have actually used to obtain access to systems and, in addition, some techniques we either suspect intruders of using, or that we have used ourselves in tests or in friendly/authorized environments.
Information About NIST
Abstract: This directory contains the general information about NIST.
NIST Interagency Reports
Abstract: This directory contains computer security-related Interagency Reports.
Paul Holbrook, Joyce K. Reynolds,
RFC 1244: Site Security Handbook
Abstract: This FYI RFC is a first attempt at providing Internet users guidance on how to deal with security issues in the Internet. As such, this document is necessarily incomplete. There are some clear shortfalls; for example, this document focuses mostly on resources available in the United States. In the spirit of the Internet's "Request for Comments" series of notes, we encourage feedback from users of this handbook. In particular, those who utilize this document to craft their own policies and procedures. This handbook is meant to be a starting place for further research and should be viewed as a useful resource, but not the final authority. Different organizations and jurisdictions will have different resources and rules. Talk to your local organizations, consult an informed lawyer, or consult with local and national law enforcement. These groups can help fill in the gaps that this document cannot hope to cover.
Alan Solomon, Barry Nielson and Simon
about the AIDS diskette trojan
Abstract: On Monday, 11th December, several thousand diskettes were mailed out containing a program that purported to give you information about AIDS. These diskettes actually contained a trojan - do not install the program. If you have installed it, you must remove it - see Appendix 3 below for how.
Compromise: What if your Machines are Compromised by an
Abstract: This FAQ deals with some suggestions for securing your Unix machine after it has already been compromised. Even if your machines have not been compromised, there are many helpful tips on securing machine in this paper. I would appreciate any suggestions. This FAQ will be posted monthly.
G. Pernul G. Luef,
A Bibliography on Database Security
Abstract: A lot of discussion about literature on Computer Security has been taken place recently in news group. The author have compiled a bibliography on the security aspect in databases.
Barton P. Miller, David Koski, Cjin Pheow Lee, Vivekananda Maganty, Ravi Murthy, Ajitkumar Natarajan, Jeff Steidl,
Fuzz Revisited: A Re-examination of the Reliability of UNIX
Utilities and Services
Keywords: testing, debugging, programs, utilities, random testing, reliability
Abstract: e have tested the reliability of a large collection of basic UNIX utility programs, X-Window applications and servers, and network services. We used a simple testing method of subjecting these programs to a random input stream. Our testing methods and tools are largely automatic and simple to use. We tested programs on nine versions of the UNIX operating system, including seven commercial systems and the freely-available GNU utilities and Linux. We report which programs failed on which systems, and identify and categorize the causes of these failures.
Barton P. Miller, Lars Fredriksen, Bryan So, An
Empirical Study of the Reliability of UNIX
Keywords: testing, debugging, programs, utilities, reliability
Abstract: Operating system facilities, such as the kernel and utility programs, are typically assumed to be reliable. In our recent experiments, we have been able to crash 25-33 of the utility programs on any version of UNIX that were tested. This report describes these tests and an analysis of the program bugs that caused the crashes.
B. Clifford Neuman,
and Security Issues for Future Systems
Abstract: We are becoming increasingly dependent on computers in daily life. This dependence brings with it a heightened need for security in the computer systems we use. The distributed nature of recent systems has made it difficult to apply many of the security techniques used in centralized systems. Additionally, many of the services which are becoming available by computer are placing new demands on the protection and security mechanisms of the systems on which they run. These services require interaction between parties that are mutually suspicious of one another; the servers require protection from users, while at the same time the users require protection from malicious or incompetent service providers. This paper examines the problems of protection and security as applied to future com- puter systems.
Richard D. Pethia, Kenneth R. van Wyk,
Computer Emergency Response - An International
Abstract: Computer security incidents during the past few years have illustrated that unauthorized computer activity does not obey traditional boundaries (e.g., national, network, computer architecture). Instead, such activity frequently crosses these boundaries not just once, but several times per incident [Stoll89]. International cooperation among computer security response groups can be an effective means of dealing with computer security issues faced today by the computer user community. This paper addresses the need for such cooperation and suggests methods by which individual computer security response groups can work together internationally to cope with computer security incidents.
Built by Mark Crosbie and Ivan Krsul.
Security Archive Homepage.
COAST Project (CERIAS)Page.
Purdue CS Dept page.