From spaf@cerias.purdue.edu Fri May 29 23:48:19 1998 Received: from dorsai.cs.purdue.edu (0@dorsai.cs.purdue.edu [128.10.2.20]) by newman.cs.purdue.edu (8.8.7/8.8.7/PURDUE_CS-2.0) with ESMTP id XAA10340 for ; Fri, 29 May 1998 23:48:19 -0500 (EST) Received: from localhost (142@localhost [127.0.0.1]) by dorsai.cs.purdue.edu (8.8.7/8.8.7/PURDUE_CS-2.0) with SMTP id XAA06579 for ; Fri, 29 May 1998 23:48:18 -0500 (EST) Message-Id: <199805300448.XAA06579@dorsai.cs.purdue.edu> X-Authentication-Warning: dorsai.cs.purdue.edu: 142@localhost [127.0.0.1] didn't use HELO protocol To: coastwatch@cs.purdue.edu Subject: New PhD Thesis available, and some news From: Gene Spafford Reply-to: coastwatch-request@cs.purdue.edu X-URI: http://www.cs.purdue.edu/coast Organization: COAST, Department of Computer Sciences, Purdue Univ. Approved: spaf@cs.purdue.edu Date: Fri, 29 May 1998 23:48:17 -0500 Sender: spaf@cs.purdue.edu I'll start with a brief apology for the spotty traffic on this list. We have been a bit understaffed here at COAST over the last year, and I have been hindered by a repetitive stress injury problem with my hands. Thus, we haven't been quite as good at keeping you all up to date with our progress as we might like. With the formation of the CERIAS, we are finally hiring some staff. We hope this helps the situation. In the meantime, we will continue to make various papers and reports available via our WWW pages, and make occasional announcements here in this list. Coming up in the next few months: * CERIAS/COAST cosponsoring a workshop on security in large-scale distributed systems (October, at Purdue) * CERIAS/COAST sponsoring a workshop on use and distribution of vulnerability databases (probably December, at Purdue) * A public beta release of our AAFID distributed intrusion detection system (written in Perl). (Probably August) A few other things are in the works, but we don't want to announce them until we are more certain of their outcome. And, May saw the graduation of several of our students, including our most recent Ph.D.: Dr. Ivan Krsul. Ivan was one of the founding students of the COAST Lab. After many years study, that included some groundbreaking MS thesis work in software forensics, Ivan defended his thesis, entitled "Software Vulnerability Analysis." Included in his work, Ivan performed an in-depth study of several hundred known security vulnerabilities, and constructed a formal classification scheme based on his observations. We hope that others will adopt his characterization of vulnerabilities so that the community can begin to use a common terminology. Copies of Dr. Krsul's dissertation may be downloaded from the COAST archive server at: ftp://coast/pub/COAST/papers/ivan-krsul/krsul-phd-thesis.pdf ftp://coast/pub/COAST/papers/ivan-krsul/krsul-phd-thesis.ps.Z Currently, Ivan is back home in Bolivia, taking a break before deciding what to do next. You may address questions and comments on his work to (and also to ). Enjoy your summer. --gene spafford COAST Director CERIAS Director