The Public Switched Network (PSN) provides National Security and Emergency Preparedness (NS / EP) telecommunications.  SErvice vendors, equipment manufacturers, and the federal government are concerned that vulnerabilities in the PSN could be exploited and result in disruptions or degradation of service.  To address these threats, NIST is assisting the Office Manager, National COmmunications System (OMNCS), in the areas of computer and network security issues that result from the use of open system platforms, i.e. products based on open standards such as POSIX and OSI, in the telecommunications industry. This report is intended to provide information for the practicing involved in development of telecommunications application software.  In short, it provides answers to the questions \“How do I Build security into software based on open system platforms?\”  It is not intended to be tutorial in nature and assumes some knowledge of open systems and Unix.  Many of the references cited are tutorial and may be used to obtain any background information required. For each topic in open system security, the goal of this report is to locate in one place the most informed exposition possible for that topic.  Consequently, this report is the result of the efforts of several individuals who possess the expertise to author the various chapters.  The author(s) of each chapter is identified after the chapter title.

Two problems of importance in computer security are to 1) detect the presence of an intruder masquerading as the valid user and 2) detect the perpetration of abusive actions on the part of an otherwise innocuous user. We have developed an approach to these problems that examines sequences of user actions (UNIX commands) to classify behavior as normal or anomalous. In this paper we explore the matching function needed to compare a current behavioral sequence to a historical profile. We discuss the difficulties of performing matching in human-generated data and show that exact string matching is insufficient to this domain. We demonstrate a number of partial matching functions and examine their behaviors on user command data. In particular, we explore two methods for weighting scores by adjacency of matches as well as two growth functions (polynomial and exponential) for scoring similarities. We find, empirically, that a partial matching function, biased toward adjacent matches, with a polynomial growth rate is superior for this domain.

The Database Language SQL (SQL) is a standard interface for accessing and manipulating relational databases. AN SQL-compliant database management system (DBMS) will include a minimum level of functionality in a variety of areas.  However, many additional areas are left unspecified by the SQL standard; the functionality will vary according to the particular version. This document examines the security functionality that might be required of relational DBMS\‘s and compares them with the requirements and options of the SQL specifications. THe comparison will show that the security functionality of an SQL compliant DBMS may vary greatly.  A variety of security policies are considered which can be supported by SQL.  The document ends by showing which types of functions are required by the examined security policies.