E.H. Spafford, "Crisis and Aftermath." Communications of the ACM, Vol.32, No.6, June 1989, pp.678-687.  Home/Search   Document Not in Database   Summary   ACM   TOC   Related Articles   Check

....and electronic commerce, computer networks play an increasingly important role in many aspects of our lives. Security incidents like the Melissa macro virus [11] the smurf ICMP 1 denial of service attacks [9] the IP spoofing and TCP connection hijacking [8] and the Morris Internet worm [65], demonstrate how vulnerable current computer systems and networks are to attacks. The costs of security breaches can be very high: unauthorized information disclosure, loss of data integrity, and system degradation or unavailability. Thus network security becomes crucial. Most of the existing ....

E.H. Spafford, "Crisis and Aftermath." Communications of the ACM, Vol.32, No.6, June 1989, pp.678-687.

....therapy to convince skeptical managers of their vulnerability to attack threats. It has been used in University teaching of systems security engineering [HEBB80, WILK81] It was important in identification of Introduction 3 generic weaknesses of a system architecture that lead to improved designs [ATTA76, BELA74, MCPH74, SPAF89]. Penetration testing is not a game between employees and management, students and teachers, citizens and government, though such examples by hackers are rampant in the popular press. Penetration testing should not be part of Navy System Acceptance Tests. Acceptance Tests show that a product ....

....methods; planting bogus code in the run time package of the most popular compiler and or editor. Recent attacks on the Internet were exploitations of poor configuration control. Known flaws in UNIX were not fixed with the free vendor patches. The hacker used the flaws to obtain unauthorized access [SPAF89]. Among the more colorful attacks against human frailty in controlling bogus code, is the Santa Claus attack. It is a classic example of an unauthorized code import, achieved by spoofing the human operator of a secure system. A penetrator prepared an attractive program for the computer operator, ....

Spafford, E.H., "Crisis and Aftermath," Communications of the Security Penetration Testing Guideline 58 ACM, Vol. 32, No. 6, June 1989, pp. 678-687.

....that resist failure. Petroski [1] makes this point eloquently in the context of engineering design, and although software failures may be less visible than those of the bridges he describes, they can be equally damaging. But the history of software failures, apart from a few highly visible ones, [2,3] is relatively undocumented. This report collects and organizes a number of actual security flaws that have caused failures, so that designers may do their work with a more precise knowledge of what has gone before. Computer security flaws are any conditions or circumstances that can result in ....

.... by creating new processes or files to contain its code, instead of modifying existing storage entities, is often called a worm [23] Denning [26] provides a general discussion of these terms; differences of opinion about the term applicable to a particular flaw or its exploitations sometimes occur [22,3]. A trapdoor is a hidden piece of code that responds to a special input, allowing its user access to resources without passing through the normal security enforcement mechanism (see case U1) For example, a programmer of automated teller machines (ATMs) might be required to check a personal ....

[Article contains additional citation context not shown here]

E.H. Spafford, "Crisis and Aftermath," Comm. ACM 32(6), 678-687 (June 1989).

....their safety requirements be exposed A fungus covering several acres underground in upper Michigan has been touted as the worlds largest organism. In this case, surely the Internet qualifies as the worlds largest computing system. What hidden safety requirements may it have The Internet worm[34] provided a dramatic example of a denial of service attack. But society is not (yet) dependent enough on the Internet for a denial of service attack on it to raise the same safety concerns that an attack on, for example, an emergency telephone response system (e.g. a 911 system in the U.S. would ....

Spafford, E.H. Crisis and aftermath. Comm. ACM 32(6):678-687 (June 89).

....The flaw was caused by an overflow of the buffer which holds some of the input data. Portions of the stack were overwritten, which allowed the user of the program to execute code which had been entered as part of the input argument. Before this flaw was extensively exploited by the Internet Worm [16], fingerd was run setuid root, and so the flaw allowed system penetration. This flaw is a violation of a wellbehavedness property, which is found by testing for well behavedness requirements. ftpd Some versions of ftpd contained a flaw which allowed any user to read or write any file on the ....

Eugene H. Spafford. Crisis and aftermath. Communications of the ACM, 32(6):678--687, 1989.

....being used in government and commerce are proprietary, schools would need to establish non disclosure agreements with vendors so that thorough investigations would be possible. Research could result in papers analyzing specific incidents of flaw exploitation such as the Internet Worm of 1988 [10]; categorization of flaws in various systems, e.g. 7] identification of flaws in specific products, e.g. 4] and techniques for remedying these flaws. The second approach is to build security into our systems ab initio using an engineering oriented approach based on fundamental principles. Here ....

Eugene H. Spafford. Crisis and Aftermath. Communications of the A.C.M., 32(6):678--687, 1989.

....spread to systems of varying architectures. On November 2, 1988, a program combining elements of a computer worm and a computer virus targeting Berkeley and Sun UNIX based computers entered the Internet; within hours, it had rendered several thousand computers unusable [46] 47] 109] 117] 118][122][123] 125] Among other techniques, this program used a virus like attack to spread: it inserted some instructions into a running process on the target machine and arranged for those instructions to be executed. To recover, these machines had to be disconnected from the network, rebooted, and ....

E. Spafford, "Crisis and Aftermath," CACM 32(6) (June 1989) pp. 678-687. of 32

....Misuse intrusion detection has traditionally been understood in the literature as the detection of specific, precisely representable techniques of computer system abuse. For example, the detection of the Internet worm attack by monitoring for its exploitation of the fingerd and sendmail bugs [Spa89] would fall under misuse detection. Several approaches to misuse detection have been tried in the past. They include language based approaches to represent and detect intrusions [HCMM92] developing an API 1 for the same [Sma95] expert systems [SSHW88, Sma88, BK88] and high level state machines ....

Eugene Spafford. Crisis and Aftermath. Communications of the ACM, 32(6):678--687, June 1989.

.... use several levels of indirection before breaking into target systems and rarely indulge in sudden bursts of suspicious or anomalous activity, for example in [Sto88] If an account on a target system is compromised, intruders may carefully cover their tracks so as not to arouse suspicion, as in [Spa89] Furthermore, threats like viruses and worms do not need human supervision and are capable of replicating and traveling to connected computer systems. Unleashed at one computer, by the time they are discovered, it is almost impossible to trace their origin or the extent of infection. Tools are ....

Eugene Spafford. Crisis and Aftermath. Communications of the ACM, 32(6):678--687, June 1989.

No context found.

Eugene H. Spafford. Crisis and Aftermath. Communications of the ACM, 32(6):678--687, June 1989.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC