Baldwin Robert W. Kuang: Rule-based Security Checking. MIT, Lab for Computer Science Programming Systems Research Group. May 1994.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....a list of found flaws. A great deal of research efforts have been devoted to establishing the foundations of intrusion detection systems [1, 3, 4] and a few operational systems have been developed [2, 7, 8, 10] Many researchers have built effective access control configuration analysis systems [9, 13] and more recently, 14] analyzes network access control configuration. In the framework of intrusion detection, we developed ASAX (Advanced Security audit trail Analysis on uniX) a system for attack scenario detection that uses a rule based language RUSSEL (RUle baSed Sequence Evaluation ....

....constitute an effective way of preventing access to sensitive files and execution of privileged programs, an incorrect configuration of critical files may create security breaches. Such breaches may be especially difficult to prevent in large configurations of hundreds of users. As argued in [13], a possible way of addressing this complexity is to analyze the configuration from an attacker viewpoint. Clearly, a main goal of an attacker is to control execution of a highly privileged process. This can be done by adding some commands to the start up files of a privileged user. This way, the ....

Baldwin Robert W. Kuang: Rule-based Security Checking. MIT, Lab for Computer Science Programming Systems Research Group. May 1994.

....and security system (COPS) 3] reports a list of common vulnerabilities such as weak passwords, world writable user home directories, world writable security relevant files and directories, unexpected setUID files, improper exports of file systems, etc. A major component of COPS is the SU KUANG [1] system which is a rule based security checker system that adopts an attacker s reasoning in searching for security holes in the protection configuration. The administrator specifies an attacker goal (e.g. obtain root access to the system) and a set of initial privileges that are granted to the ....

....This simple rulebased system has proven very effective in finding security breaches in a Unix configuration and is periodically ran by many administrators to check their systems. NetKuang [24] is a multi host configuration vulnerability checker that extends the functionalities of SU KUANG [1] to a network environment. The security administrator tool for analyzing networks (SATAN) 22] and the internet scanner [9] have been developed to aid in identifying vulnerable network services in a network domain. Other similar systems have also been developed such as Miro [8] and Tripwire [11] ....

Robert W. Baldwin. Kuang: Rule-based Security Checking. Technical report, MIT, Lab for Computer Science Programming Systems Research Group, May 1994.

....scripts to check for likely misconfigurations in a Unix system. Among its simple but important checks are the permission modes of security relevant files and directories, such as etc passwd and etc group. COPS also determines if set user ID root files are world writable. The SU Kuang system [2] is a rule based expert system for checking the security of a Unix file system s configuration. The rule base captures approaches by which an attacker can extend his privileges by making system calls. Examples of such rule are if a user can write to a directory, then the user can replace any ....

....Administrator s Tool for Analyzing Networks (SATAN) 5] and the Internet Scanner [6] both scan networks to find vulnerable hosts. They can look for such suspicious states as use of faulty versions of network software and improper NFS exports. 3 NetKuang Netkuang is based on Baldwin s SU Kuang [2], It has all the functionality of SU Kuang, but also addresses the concerns of a networked environment. It is capable of searching a large number of hosts in parallel, and it also considers potential configuration vulnerabilities present in a networked environment. NetKuang and SU Kuang are named ....

Robert W. Baldwin. Kuang: Rule-based security checking. Documentation in ftp://ftp.cert.org/pub/tools/cops/1.04/cops.104.tar.

No context found.

R. Baldwin. "Kuang: Rule-Based Security Checking." COPS documentation, MIT,Lab For Computer Science Programming Systems Research Group, 1989.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC