D. Farmer and E. H. Spa#ord. The COPS security checker system. In USENIX Summer, pages 165--170, 1990.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....in Section 3. The results of this analysis are presented in Section 4. Finally, concluding remarks appear in Section 5. 1.2 Related Work Research in vulnerability analysis has focused primarily on identification of configuration errors such as improper file permission settings. Existing works [2, 11, 23] employ a set of rules that enumerate known causes for vulnerabilities. We call these works collectively rule based. Widely used tools such as COPS and SATAN search for occurrences of such known vulnerabilities [11] However, the generation of the rules relies on expert knowledge about ....

....errors such as improper file permission settings. Existing works [2, 11, 23] employ a set of rules that enumerate known causes for vulnerabilities. We call these works collectively rule based. Widely used tools such as COPS and SATAN search for occurrences of such known vulnerabilities [11]. However, the generation of the rules relies on expert knowledge about interactions among many components of the system. Few experts have a complete understanding of the interactions among all components of a modern computer system. Issues such as race conditions, many possible interleavings, ....

D. Farmer and E. Spafford, The COPS Security Checker System, CSD-TR- 993, Department of Computer Science, Purdue University, 1991.

....oversees a network of hundreds of machines. Note that while many distributed nodes may share the same generic tw.config configuration file, each will have a unique baseline database computed from actual node file structure and contents. Other static anomaly detection systems exist, such as COPS [Farmer94], TAMU [Safford93] and ATP [Cotrozzi93] We chose Tripwire as representative of this class of systems. 3.1.2 Virus checkers Virus specific checkers [Skardhamar96] are another example of static anomaly checkers. They maintain a database of strings, each representing a telltale portion of virus ....

Farmer, D. and E. Spafford. "The COPS Security Checker Systems." Purdue Technical Report CSD-TR-993, January 1994.

....of various security tools has been promoted as one of many ways of increasing Unix system security. Until now, only freely available tools have been used, mainly because they cover most of the needs in this particular academic and research environment. The main set of tools used consists of COPS [FS90] TCP Wrappers [Ven92] Passwd [Bis95] Crack [Muf] TripWire [KS93, KS94a, KS94b] and SATAN [FV] although other tools (like Tiger [SSH93] S Key [Hal94, HA94] and the logdaemon suite [Ven] are also used. Experience has shown that, when need arises to diagnose a problem, the solution often ....

Daniel Farmer and Eugene H. Spafford. The COPS security checker system. In Proceedings of the Summer 1990 Usenix Conference, pages 165--170. Usenix, June 1990. Available at http: //www.cs.purdue.edu/homes/spaf/tech-reps/993.ps.

....he is at the mercy of this user. These examples show also that vulnerabilities can be identified by analyzing the system configuration, and in particular the file system: to each class of vulnerability corresponds some specific information in a file or a directory. Automatic tools, such as COPS [Farmer Spafford 1990], are able to enumerate such vulnerabilities by exploring Unix file systems. We have built a similar tool, called ASA, to create automatically the privilege graph, and to label each arc in the graph with the class of vulnerability it represents. Figure 1 gives an example of such a privilege ....

....2, we have developed a tool, named ASA for Automatic Security Advisor, to construct automatically the privilege graph related to a Unix system. Therefore, ASA looks for known vulnerabilities present in the system under study. So far, ASA is using many procedures included in the COPS package [Farmer Spafford 1990]. 2) Definition of the security policy: in this step, the security targets and the potential attackers are specified. In terms of the privilege graph, this comes to define two sets of conflicting nodes respectively representing the targets (what must be protected) and the attackers (against ....

D. Farmer and E. H. Spafford, "The COPS Security Checker System", in the Summer Usenix Conference, (Anaheim, CA, USA), 1990.

....little protection against error prone root programs. A variety of trusted UNIX systems have been implemented and evaluated against the Trusted Computer System Evaluation Criteria [20] These systems typically provide MLS security but lack the flexibility of DTE. Additionally, tools such as COPS [12] check 5 Sidewinder is a trademark of Secure Computing Corporation, Inc. for system miscofigurations but do not improve on the base UNIX security mechanisms themselves. The Trusted Systems Interoperability Group (TSIG) has developed Internet draft standards for NFS and other protocols that ....

D. Farmer, "The COPS Security Checker System, " Proceedings of the Summer 1990 USENIX Conference, Anaheim, CA, p. 165.

....10, 12, 13, 14] as a retrofit approach to secure existing systems. 1.2 Vulnerability Analysis: State of Art vs. New Approach Research efforts in vulnerability analysis have focussed primarily on identification of configuration errors such as improper file permission settings. Existing approaches [11, 4, 21] can be broadly characterized as rule based, i.e. they employ a set of rules that enumerate known causes for vulnerabilities. The tools then systematically check the system configuration to identify if these causes are present in the system. For instance, a world or group writable .login file is ....

....identify if these causes are present in the system. For instance, a world or group writable .login file is a well known vulnerability that enables one user to gain all access privileges of another user. Widely used tools, such as COPS and SATAN search for occurrences of such known vulnerabilities [11]. However, the generation of the rules relies on expert knowledge about interactions among many components of the system. Unfortunately, few experts have a complete understanding of the interactions among all components of modern computer system. Issues such as race conditions, many possible ....

D. Farmer and E. Spafford, The COPS Security Checker System, CSD-TR- 993, Department of Computer Science, Purdue University, 1991.

....are not applicable. We propose a solution to these problems in this paper. We demonstrate, using a simple model of UNIX system, that nontrivial vulnerabilities can be detected automatically using our approach. 1.1 Vulnerability Analysis: State of Art vs. New Approach Existing approaches [8, 3, 16] for analyzing configuration vulnerabilities can be broadly characterized as rulebased, i.e. they employ a set of rules that enumerate known causes for vulnerabilities. The tools then systematically check the system configuration to identify if these causes are present in the system. For ....

....identify if these causes are present in the system. For instance, a worldor group writable .login file is a well known vulnerability that enables one user to gain all access privileges of another user. Widely used tools, such as COPS and SATAN search for occurrences of such known vulnerabilities [8]. Generation of the rules relies on expert knowledge about interactions among many components of the 1 system. Unfortunately, few experts have a complete understanding of the interactions among all components of modern computer system. Issues such as race conditions, many possible interleavings ....

D. Farmer and E. Spafford, The COPS Security Checker System, CSD-TR- 993, Department of Computer Science, Purdue University, 1991.

....2 Related Work An Intrusion Detection System (IDS) continuously monitors some dynamic behavioral characteristics of a computer system to determine if an intrusion has occurred. This definition excludes many useful computer security methods. Security analysis tools, such as SATAN [12] and COPS [13] are used to scan a system for weaknesses and possible security holes. They are not IDS because they do not monitor some dynamic characteristic of the system for intrusions or evidence of intrusions, rather they scan the system for weaknesses such as configuration errors or poor password choices ....

Daniel Farmer and Eugene H. Spafford. The COPS security checker system. In Proceedings of the Summer Usenix Conference, pages 165--170, June 1990.

....the firewall perimeter) Then, firewall maintainers have to continuously keep themselves up to date about new security bugs [3, 2] in order to understand if the integrity of their system is in danger and to deploy the required patches in a short time. During the system life time, tools like COPS [8] or Tripwire [12] have to be used in order to check the configuration (e.g. files and devices permissions) of the hosts composing the firewall system. In addition, facilities like the UNIX syslog system, should be used in order to collect traces of the security relevant events in the system. ....

D. Farmer and E. H. Spafford. The COPS Security Checker System. Technical report, Purdue University, October 1993.

....or guest which may not require passwords. ISS also has the capability to exploit an old bug in Sun s Network Information System (NIS) to retrieve a password file remotely. ISS is reportedly used often by crackers in breaking into computer systems [7] The Computer Oracle and Password System (COPS) [4] is a collection of about a dozen programs and shell scripts that each attempt to detect different problem areas in Unix security (e.g. system directories with loose permissions and poor password files, among others) A similar tool developed by Texas A M University and called Tiger Scripts is ....

D. Farmer and E.H. Spafford. The cops security checker system. In USENIX Conference Proceedings, pages 165--170, Anaheim, CA, Summer 1990.

....the views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the defense advanced research projects agency or the u.s. government. level vulnerabilities for a given site [2, 3, 9, 5]. These tools do not provide an assessment of an organization s vulnerability to novel threats against vulnerable software. Recognizing that 90 of military systems use commercial architectures [10] the problem of untrusted software becomes of critical importance to those concerned with ....

D. Farmer and E.H. Spafford. The cops security checker system. In USENIX Conference Proceedings, pages 165--170, Anaheim, CA, Summer 1990.

....Automatic Security Advisor, which looks for known vulnerabilities in the Unix system under study and builds the related privilege graph. The tool runs with extended privileges in order to be able to analyze all parts of the system. So far, ASA is using many procedures included in the COPS package [8]. More precisely, like in COPS, some Unix scripts scan the Unix file system, gathering information about the access permissions of several files either for each user or for specific directories. A crack program is run to guess user passwords using a standard dictionary. Each time a vulnerability ....

D. Farmer and E.H. Spafford, "The COPS Security Checker System", in the Summer Usenix Conference, Anaheim, CA, USA, 1990.

....methods, or a validation tool [9] then the program can be re compiled and installed without benefit of StackGuard. StackGuard offers powerful protection of any program compiled withthe StackGuard compiler, but does nothing for programs that have not been thus compiled. However, tools such as COPS [7], which search for programs that should not be SUID root, can be configured to look for programs that are SUID root, and have not been compiled using StackGuard or some other security verification tool [9] If COPS reports that all SUID root programs on a machine have been protected, then one can ....

D. Farmer. The COPS Security Checker System. In Summer 1990 USENIX Conference, page 165, Anaheim, CA, June 1990. http://www.trouble.org/cops/.

No context found.

Daniel Farmer and Eugene H. Spafiord. The COPS security checker system. In Proceedings of the S'ummer 1990.

....determine which files have been added or deleted, and to find which files have conflicting modification times, ownership, or sizes. An added level of security could be added by augmenting these lists with information from sum(8) or cksum(8) as is done by the crc check program included with COPS [3]. However, numerous shortcomings in these simple checklisting schemes prevent them from being completely trustworthy and useful. First, the list of files and associated checksums may be tedious to maintain because of its size and lack of locality (files are located all over the disk) Second, ....

Daniel Farmer and Eugene H. Spafford. The COPS security checker system. In Proceedings of the Summer Conference, pages 165--190, Berkely, CA, 1990. Usenix Association.

....10, 12, 13, 14] In 1991, COAST director Gene Spafford coauthored the award winning book Practical UNIX and Internet Security[17] now considered the standard reference in the field. He has also been involved in work on static audit and analysis tools. An initial result of this work was the COPS[5] security audit tool for UNIX systems, used worldwide on tens of thousands of computer systems. This tool runs on several dozen varieties of UNIX, and detects scores of configuration and management problems that may lead to security problems. It is still viewed by many as the standard of its type. ....

Daniel Farmer and Eugene H. Spafford. The COPS security checker system. In Proceedings of the Summer Conference, Berkeley, CA, June 1990. Usenix. Also available as http://www.cs.purdue.edu/homes/spaf/tech-reps/993.ps.

....code including viruses (e.g. 30, 29, 33, 34, 35] In 1991, Spaf coauthored the award winning book Practical UNIX Security[13] now considered the standard reference in the field. He has also been involved in work on static audit and analysis tools. An initial result of this work was the COPS[12] security audit tool for UNIX systems, used worldwide on tens of thousands of computer systems. This tool runs on several dozen varieties of UNIX, and detects scores of configuration and management problems that may lead to security problems. It is still viewed as the standard of its type. Another ....

Daniel Farmer and Eugene H. Spafford. The COPS security checker system. In Proceedings of the Summer Conference, Berkeley, CA, June 1990. Usenix Association. Also available as http://www.cs.purdue.edu/homes/spaf/tech-reps/993.ps.

No context found.

D. Farmer and E. H. Spa#ord. The COPS security checker system. In USENIX Summer, pages 165--170, 1990.

No context found.

D. Farmer and E. Spafford. The cops security checker system. In Proceedings Summer Usenix Conference, 1990.

No context found.

D. Farmer and E. H. Spa#ord. The COPS security checker system. In USENIX Summer, pages 165--170, 1990.

No context found.

D. Farmer and E. H. Spafford. The COPS Security Checker System. In Proc. Summer USENIX Conference, pages 165--170, Anaheim, 1990.

No context found.

Daniel Farmer and Eugene H. Spaord. The COPS Security Checker System. In Proceedings of the Summer USENIX Conference, Anaheim, CA.

No context found.

D. Farmer and E. H. Spafford, The COPS Security Checker System, in Proc. Summer Usenix Conference, Berkeley, CA, USA, pp. 165-170, 1990.

No context found.

Farmer, D., Spafford, E. H., 'The COPS Security Checker System', Proceedings of the summer 1990 USENIX Conference, June 1990.

No context found.

Dan Farmer and E. Spafford, "The COPS Security Checker System", source available from ftp to coast.cs.purdue.edu, 1991.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC