In this version, the CIRDB has been updated to import XML data from the National Vulnerability Database, and a few bug fixes were made (a library file was missing in the previous distribution to support RSS feeds of the status of each domain over SSL).
I am pleased to announce the availability of the first beta of my_cassandra.php, which can be downloaded from my home page
(change the extension from phps to php after you download it).
Because you get the source code and the custody of your profiles, this version of Cassandra should not generate the privacy concerns that the online version did. As it is under your control you can also run it at the intervals you choose. It is made available under an open source license so you can modify it. It runs under PHP so it should run on almost any platform by changing the path to PHP (from “#!/usr/bin/php -q” for MacOS X).
P.S.: I already received a patch from Benjamin Lewis from Purdue ITSP, improving robustness while reading a profile. Thanks Ben!
King and Chen (2005) write about their BackTracker software. The idea is interesting: let’s log everything needed to relate a sequence of events leading to an intrusion. Everything in this case is processes, files, and filenames. It can generate dependency graphs, once an anomalous process or event has been identified. That is, something else must raise an alert, and then BackTracker helps find the cause. It’s an interesting representation of an attack.
Taken one step further than they do, perhaps these dependency graphs could be used for intrusion detection?
Suh et al. (2004) propose a wonderful method for tracking taintedness, and denying dangerous operations. It’s elegant, easy to understand, cheap in terms of performance hit, and effective. The only problem is… it would require re-designing the hardware (CPUs) to support it.
I wish it would happen, but I’m not holding my breath. Perhaps virtual machines could help until it happens, and even make it happen?
No, not our esteemed director of research. It turned off my ELISA project, Enterprise-Level Information Security Assurance, due to lack of interest from the public at large. The idea for this web application was to keep track of patches and basically support NIST’s recommendation on managing patches to use such a system. I believe this indicates that the process was too heavy; people don’t like to spend so much effort and money managing patches.