The Information systems Security Association (ISSA)-sponsored Committee to Develop Generally Accepted Systems Security Principles (GSSP) solicits your comments on the attached GSSP Exposure Draft 2.0. An earlier Exposure Draft (1.0) was circulated over 4,000 individuals. Comments received were tabulated and addressed individually by a GSSP Committee (GSSPC) working group last fall, resulting in this Exposure Draft 2.0, which was voted out of committee for comment at the GSSPC metting held October 13, 1995, co-located with the National Information Systems Security Conference (formerly the NCSC), hosted by NIST and NSA, in Baltimore, MD.

We propose an intrusion detection approach based on predefined attack scenarios and using a genetic algorithm. This paper presents a simplified vision of the security audit trail analysis problem and some experiments (on simulated users and attacks) showing the validity of this approach. It proposes future work for building a prototype usable in a real environment

This paper presents a technique for deriving audit requirements from security policy, with examples for informal specifications. Augmenting these requirements with a system model allows an analyst to determine specific functions within the system that must be audited. We demonstrate the effectiveness of this technique by deriving audit criteria for the Network File System, and show that the results would detect numerous well-known attacks upon implementations of that protocol.

An intrusion-tolerant distributed system is a system which is designed so that any intrusion into a part of the system will not endanger confidentiality, integrity and availability. This approach is suitable for distributed systems, because distribution enables isolation of elements so that an intrusion gives physical access to only a part of the system. By intrusion, we mean not only computer break-ins by non-registered people, but also attemps by registered users to exceed or to abuse their privileges. In particular, possible malice of security administrators is taken into account. This paper describes how some functions of distributed systems can be designed to tolerate intrusions, in particular security functions such as user authentication and authorization, and application functions such as file management.

Despite recent improvements in analytic techniques for attacking the Data Encryption Standards (DES), exhaustive key search remains the most practical and efficient attack. Key search is becoming alarmingly practical. We show how to build an exhaustive DES key search machine for $ 1 million that can find a key in 3.5 hours on average. The design for such a machine is described in detail for the purpose of assessing the resistance of DES to an exhaustive attack. This design is based on mature technology to avoid making guesses about future capabilities. With this approach, DES keys can be found one to two orders of magnitude faster than other recetnly proposed designs. The basic machine design can be adapted to attack the standard DES modes of operation for a small penalty in running time. The issues of development cost and machine reliability are examined as well. In light of this work, it would be prudent in many applications to use DES in a triple-encryption mode.

This document, which is in two volumes, presents the Software Engineering Institute (SEI) strategy and one-year implementation plan for calendar year (CY) 1996, together with the SEI five-year program plan. It is submitted in response to the Contract Data Requirements list item A001. Volume 1 describes the five-year strategic plan, and Volume 2 describes the one-year tactical plan. This document is, in essence, a proposal. It describes the strategic directions and offers detailed options for the coming year. Until the proposed options are selected and budgeted allocations are approved by the sponsor, the SEI can not commit to specific work or supporting schedules.

This document, which is in two volumes, presents the Software Engineering Institute (SEI) strategy and one-year implementation plan for calendar year (CY) 1996, together with the SEI five-year program plan. It is submitted in response to the Contract Data Requirements list item A001. Volume 1 describes the five-year strategic plan, and Volume 2 describes the one-year tactical plan. This document is, in essence, a proposal. It describes the strategic directions and offers detailed options for the coming year. Until the proposed options are selected and budgeted allocations are approved by the sponsor, the SEI can not commit to specific work or supporting schedules.

Computer security professionals and researchers do not have a history of sharing and analyzing computer vulnerablility information. Scientists and engineers from older or more established fields have long understood that publicizing, analyzing, and learning from other people’s mistakes is essential to the stepwize refinement of complex systems. Computer scientists, however, have not followed suit. Programmers reinvent classical programming mistakes, contributing to the reappearance of known vulnerabilities. In the recent past, computer systems have come to be a part of critical systems that have a direct effect on the safety and well-being of human beings and hence we must have lower tolerance for software failures. In the dissertation I will attempt to show that computer vulnerability information presents important regularities and these can be detected, and possibly visualized, providing important insight about the reason of their prevalence and existence. The information derived from these observations could be used to improve on all phases of the development of software systems, as could be in the design, development, debugging, testing and maintenance of complex computer systems that must implement a set of policies defined by security analysis. A significant portion of the work that must be performed will concentrate on the development of classifications and taxonomies that will permit the visualizations and analysis of computer vulnerability information. I hope that these classifications and taxonomies applied to a collection of vulnerabilities will provide a set of features whose analysis will show that there are clear statistical clusterings and patterns caused because developers and programmers are not learning from each others mistakes. This analysis may be performed by applying statistical analysis and knowledge discovery tools.

Encryption plays an essential role in protecting the privacy of electronic information against threats from a variety of potential attackers. In so doing, modern cryptography employs a combination of conventional or symmetric cryptographic systems for encrypting data and public key or asymmetric systems for managing the keys used by the symmetric systems. Assessing the strength required of the symmetric cryptographic systems is therefore an essential step in employing cryptography for computer and communication security. Technology readily available today (late 1995) makes brute-force attacks against crypto- graphic systems considered adequate for the past several years both fast and cheap. General purpose computers can be used, but a much more efficient approach is to employ commercially available Field Programmable Gate Array (FPGA) technology. For attackers prepared to make a higher initial investment, custom-made, special-purpose chips make such calculations much faster and significantly lower the amortized cost per solution. As a result, cryptosystems with 40-bit keys offer virtually no protection at this point against brute-force attacks. Even the U.S. Data Encryption Standard with 56-bit keys is increasingly inadequate. As cryptosystems often succumb to ‘smarter’ attacks than brute force key search, it is also important to remember that the keylengths discussed here are the minimum needed for security against the computational threats considered. Fortunately, the cost of very strong encryption is not significantly greater than that of weak encryption. Therefore, to provide adequate protection against the most serious threats - well-funded commercial enterprises or government intelligence agencies - keys used to protect data today should be at least 75 bits long. To protect information adequately for the next 20 years in the face of expected advances in computing power, keys in the newly-deployed systems should be at least 90 bits long.

We present a service for locating and retrieving files from an untrusted network such that the integrity of the retrieved files can be verified. This service enables groups of people in geographically remote locations to share files using an untrusted network. For example, distribution of an organization’s software to all the organization’s sites can be accomplished using the service. Distribution of files in an untrusted network is complicated by two issues: (1) location of files and (2) verification of file integrity. Ftp and World-Wide-Web (WWW) services require some user intervention to locat a file, so they cannot be embedded in automated systems. Distributed systems have mechanisms for automated file location and retrieval, but they require trust in all system principals and do not provide an appropriate balance between availability of files and retrieval cost for our applications. Verification of the integrity of a file retrieved from an untrusted network is necessary because the file is subject to malicious modification attacks. Our service provides the capability to automatically locate, retrieve, and verify files specified by a client using a single trusted principal. We demonstrate our service by building a system when needed.

We propose a simple scheme, based on secret sharing over large-scale networks, for assuring recoverability of sensitive archived data(e.g., cryptographic keys). In our model anyone can request a copy of the archived data but it is very difficult to keep the existence of a request secret or to subvert the access policy of the data “owner”. We sketch an architecture for such a system that might be suitable for deplyment over very large-scale networks such as the Internet.

The TCP/IP protocol suite, which is very widely used today, was developed under the sponsorship of the Department of Defense. Despite that, there are a number of serious security flaws inherent in the protocols, regardless of the correctness of any implementations. We describe a variety of attacks based on these flaws, including sequence number spoofing, routing attacks, source address spoofing, and authentication attacks. We also present defenses against these attacks, and conclude with a discussion of broad-spectrum defenses such as encryption.