A Taxonomy of Security Faults in the Unix Operating
Keywords: Unix, faults, vulnerabilities, intrusion
Abstract: Security in computer systems is important to ensure reliable operation and protect the integrity of stored information. Faults in the implementation can be exploited to breach security and penetrate an operating system. These faults must be identified, detected, and corrected to ensure reliability and safe-guard against denial of service, unauthorized modification of data, or disclosure of information. We define a classification of security faults in the Unix operating system. We state the criteria used to categorize the faults and present examples of the different fault types. We present the design and implementation details of a database to store vulnerability information collected from different sources. The data is organized according to our fault categories. The information in the database can be applied in static audit analysis of systems, intrusion detection, and fault detection. We also identify and describe software testing methods that should be effective in detecting different faults in our classification scheme.
A Secure Message Broadcast System (SMBS)
Abstract: This paper describes the design and implementation of a secure message broadcast system (SMBS). It is a secure, multi-party chat program that ensures privacy in communication and does not rely on shared secret keys. The system was built as a study of the feasibility of building effective communication tools using advanced cryptographic techniques like Zero Knowledge Proofs.
Authorship Analysis: Identifying The Author of a
Abstract: Authorship analysis on computer software is a difficult problem. In this paper we explore the classification of programmer's style, and try to find a set of characteristics that remain constant for a significant portion of the programs that this programmer might produce. Our goal is to show that it is possible to identify the author of a program by examining its programming style characteristics. Ultimately, we would like to find a signature for each individual programmer so that at any given point in time we could identify the author of any program. The results of this paper support the conclusion that within a closed environment, and for a specific set of programmers, it is possible to identify a particular programmer and the probability of finding two programmers that share exactly those same characteristics should be small.
Classification and Detection of Computer Intrusions
Keywords: intrusion detection
Abstract: Some computer security breaches cannot be prevented using access and information flow control techniques. These breaches may be a consequence of system software bugs, hardware or software failures, incorrect system administration procedures, or failure of the system authentication module. Intrusion detection techniques can have a significant role in the detection of computer abuse in such cases. This dissertation describes a pattern matching approach to representing and detecting intrusions, a hitherto untried approach in this field. We have classified intrusions on the basis of structural interrelationships among observable system events. The classification formalizes detection of specific exploitations by examining their manifestations in the system event trace. Thus, we can talk about intrusion signatures belonging to particular categories in the classification, instead of vulnerabilities that result in intrusions. The classification developed in this dissertation can also be used for developing computational models to detect intrusions in each category by exploiting the common structural interrelationships of events comprising the signatures in that category. We can then look at signatures of interest that can be matched efficiently, instead of attempting to devise a comprehensive set of techniques to detect any violation of the security policy. We define and justify a computational model in which intrusions from our classification can be represented and matched. We also present experimental results based on an implementation of the model tested against real-world intrusions.
Schuba, Bryan Lyles,
A Reference Model for Firewall Technology and its Implications
for Connection Signaling (A related
WWW homepage exists for this item)
Keywords: firewall, signaling
Abstract: This paper concentrates on one particular aspect of providing communication security: firewalls between domains of trust. We argue that signaling support for providing scalable security services is a design requirement. On this basis we outline a reference model for firewall technology. It captures the current state of the art and proves suitable for connection-oriented high-performance networks.The architecture is an improvement in network management and provides a controlled exposure of the internal network structure to the outside, and transparency to the user. Its components are endpoint authentication, call admission control, connection authentication, audit, and a distributed architecture with centralized policy. The paper discusses implications of this reference model for the design of signaling protocols.
Applying Genetic Programming to Intrusion Detection
Keywords: intrusion detection, genetic programming, artificial life, genetic algorithms, security, anomaly detection
Abstract: This paper presents a potential solution to the intrusion detection problem in computer security. It uses a combination of work in the fields of Artificial Life and computer security. It shows how an intrusion detection system can be implemented using autonomous agents, and how these agents can be built using Genetic Programming. It also shows how Automatically Defined Functions (ADFs) can be used to evolve genetic programs that contain multiple data types and yet retain type-safety. Future work arising from this is also discussed.
Built by Mark Crosbie and Ivan Krsul.
Security Archive Homepage.
COAST Project (CERIAS)Page.
Purdue CS Dept page.