Citations: The Internet Worm Program: An Analysis

53 citations found. Retrieving documents...

Eugene H. Spafford, The Internet worm program: an analysis, Tech. Report CSD-TR823, Department of Computer Science, Purdue University, 1988.

Home/Search Document Details and Download Summary Related Articles Check

This paper is cited in the following contexts:

First 50 documents Next 50

Analysis of Distribution Structures: State of the Art - Boreale, De Nicola.. (2002) (1 citation) (Correct)

....However, exploiting mobility raises new problems because executable code is inherently architecture and system dependent. Security Global applications rely on network communications thus, apart from being potential victims of computer viruses, can be tampered and eavesdropped in many ways [Che91, Spa89, VJ99], and for this reason they are basically vulnerable and insecure [Ord96] In general, mobile code and communications may need to cross administrative domains and firewalls, and untrusted sites as well. Techniques such as cryptography may solve some problems related to data communications, but, ....

Eugene H. Spa#ord. The Internet Worm Program: An Analysis. Computer Communication Review, 19(1):17--57, January 1989. Also Purdue Technical Report, Department of Computer Science, Purdue University, Number CSD-TR-823.

Data Mining Methods for Detection of New Malicious.. - Schultz, Eskin, Zadok.. (5 citations) (Correct)

....created. Experts were typically employed to analyze suspicious programs by hand. Using their expertise, signatures were found that made a malicious executable example different from other malicious executables or benign programs. One example of this type of analysis was performed by Spafford [24] who analyzed the Internet Worm and provided detailed notes on its spread over the Internet, the unique signatures in the worm s code, the method of the worm s attack, and a comprehensive description of system failure points. Although accurate, this method of analysis is expensive, and slow. If ....

Eugene H. Spafford. The Internet worm program: an analysis. Tech. Report CSD--TR--823, 1988. Department of Computer Science, Purdue University.

A Physiological Decomposition Of Virus And Worm Programs - Singh (2002) (Correct)

....during the attack, if a copy of the worm program is already running on the remote host. This avoids the remote machine to pass through a duplicate replication loop. This property of remotely determining whether a copy of worm is running on the target host was observed in the Internet worm [Spafford 89] A worm characterized by a missing surveyor is prone to early detection due to anomalous side effects in the infected system. These anomalies can occur in the form of frequent 27 crashing of the worm program or a large number of incomplete TCP sessions due to replication attempts to IP ....

....on a system. The intent of the concealment is to increase the complexity of analysis and thus increase the difficulty of detection of a virus attack. Concealment of virus structure involves camouflaging its code to prevent its detection or analysis. As seen in the case of the Internet Worm [Spafford 89] once the worm code was disassembled and analyzed and the software vulnerabilities (in fingerd and sendmail) used for its propagation were 30 patched, the worm propagation halted. The analysis phase took considerable time . In contemporary worms, analysis time can be a deciding factor in ....

[Article contains additional citation context not shown here]

E. H. Spafford. The Internet Worm Program: An Analysis. ACM Computer 19(1). pages 17-57. 1989.

Global Programming and Mobile Code - Bettini, Ferrari (Correct)

....However, exploiting mobility raises new problems: executable code is inherently architecture and system dependent. Security: global applications rely on network communications thus, apart from being potential victims of computer viruses, can be tampered with and eavesdropped in many ways [12, 13], and for this reason they are basically vulnerable and insecure [14] In general, mobile code and communications may need to cross administrative domains and rewalls, and untrusted sites as well. Techniques such as cryptography may solve some problems related to data communications, but, when ....

Eugene H. Spaord. The Internet Worm Program: An Analysis. Computer Communication Review, 19(1):17-57, January 1989. Also Purdue Technical Report, Department of Computer Science, Purdue University, Number CSD-TR-823.

Data Mining Methods for Detection of New Malicious.. - Schultz, Eskin, Zadok, al. (5 citations) (Correct)

Data Mining Methods for Detection of New Malicious.. - Schultz, Eskin, Zadok.. (5 citations) (Correct)

....Experts were typically employed to analyze suspicious programs by hand. Using their expert knowledge signatures were found that made a malicious executable example different from other malicious executables or benign programs. One example of this type of analysis was performed by Spafford in 1988 [22]. He used his expertise to analyze the Internet Worm and provided detailed notes on the spread of it over the Internet, the unique signatures in the worm s code, the method of the worm s attack, and a comprehensive description of system failure points. Although accurate, this method of analysis ....

Eugene H. Spafford. The Internet worm program: an analysis. Tech. Report CSD--TR--823, 1988. Department of Computer Science, Purdue University.

Quantitative Assessment of Operational Security: Models .. - Dacier, Deswarte.. (1996) (5 citations) (Correct)

....of successful or unsuccessful intrusions in operational systems. Unfortunately, as far as we know, this kind of data is not available. Nevertheless, valuable information can be obtained from the analysis of some well known intrusions described for instance in [Reid 1986, Stanley 1986, Spafford 1988, Stoll 1988, Rochlis Eichin 1989, Seeley 1989, Cheswick 1991, Stanley 1991, Bellovin 1992] Unfortunately, these intrusions are rare and cannot be considered as a representative sample. These data can be complemented by additional information provided by security experts concerning the ....

....few attackers may have this information. For instance, some intrusions can be achieved by memory modifications; these intrusions are not well known since they are specific to the operating system of the target (this is also the case of intrusions via daemon fingerd in Unix systems described in [Spafford 1988]) Other attacks require the availability of complex, expensive hardware that only few attackers may possess; for example, some passwords may be catched by the analysis of electro magnetic radiation from screens or keyboards by a specific hardware. Moreover, the implementation of some attacks is ....

E. H. Spafford, The Internet Worm Program: An Analysis, Purdue University, Technical Report, NCSD-TR-823, November 1988.

Secure Network Objects - van Doorn, Abadi, Burrows, Wobber (1996) (7 citations) (Correct)

.... 1 Introduction Object oriented communication has become popular in distributed systems [2, 22, 8] With objects or without them, distributed systems typically rely on networks with no low level support for security; the vulnerability of distributed systems is by now evident and worrisome [23, 4]. A need exists therefore for secure objectoriented communication. We describe the design and implementation of secure network objects. Secure network objects extend Modula 3 network objects [19, 2] with security guarantees. When a client invokes a method of a secure network object over the ....

Eugene H. Spafford. The Internet worm program: An analysis. Computer Communication Review, 19(1):17--57, January 1989.

Observations on Information Security Crisis - Leiwo (Correct)

....in proving cryptosystems secure may lead to wide applications and standardisation of primitives later proven insecure. Software security problems Early examples of attacking hosts connected to the Internet through software vulnerabilities include those exploited by the so called Internet Worm (Spafford 1989). Among guessing passwords and exploiting poor security administration, the Internet Worm exploited weaknesses in application design, causing buffer overflows in the program execution stack. Since the program execution stack is usually executable memory, the overflow can be engineered to cause ....

Spafford, E. H. (1989) The Internet Worm Program: An Analysis. Computer Communications Review 19(1):17-57.

A Self-Deploying Election Service for Active Networks - Tschudin (1999) (3 citations) (Correct)

....to retract all versions of a WEB browser because of a newly discovered security bug. 5. 1 Related Work Probably the two oldest and at the same time most famous large scale selfdeploying services are the CHRISTMAS program propagated through e mail in 1987 and Morris Internet worm in 1988 [10]. Active networks clearly use the same propagation principle but want to harness the power of network wide replication. A notable difference of our approach compared to other active network environments is that we deliberately have no per packet resource limitations. ANTS [11] for example, uses ....

E. Spafford. The Internet Worm Program: An Analysis. SIGCOMM, Jan 1989, pp. 17--59.

An Analysis of Some Software Vulnerabilities - Krsul, Spafford, Tripunitara (1998) Self-citation (Spafford) (Correct)

....the failure and they normally result in violation of [expected] policies. Detailed analysis of the factors that contribute to the existence of these vulnerabilities is mostly limited to cryptic articles posted to hacker newsgroups or web sites. There are a few notable exceptions [Lin75, Spa89a, Spa89b, Sto90, Kum95, DFW96, MF97, DW95] and this report attempts to add to these with a detailed analysis of five common computer vulnerabilities. The analysis of each vulnerability attempts to identify its characteristics, the [expected] policies violated by its exploitation, and contributes to the ....

Eugene H. Spafford. The Internet Worm Program: An Analysis. Computer Communication Review, 19(1), January 1989.

Computer Vulnerability Analysis - Krsul, Spafford, Tripunitara (1998) (5 citations) Self-citation (Spafford) (Correct)

....the failure and they normally result in violation of [expected] policies. Detailed analysis of the factors that contribute to the existence of these vulnerabilities is mostly limited to cryptic articles posted to hacker newsgroups or web sites. There are a few notable exceptions [Lin75, Spa89a, Spa89b, Sto90, Kum95, DFW96, MF97, DW95] and this report attempts to add to these with a detailed analysis of four common computer vulnerabilities. The analysis of each vulnerability identifies its characteristics, the [expected] policies violated by its exploitation, and contributes to the ....

Eugene H. Spafford. The Internet Worm Program: An Analysis. Computer Communication Review, 19(1), January 1989.

An Approach for Detecting Self-Propagating Email Using Anomaly .. - Gupta, Sekar (2003) (6 citations) (Correct)

No context found.

Eugene H. Spafford, The Internet worm program: an analysis, Tech. Report CSD-TR823, Department of Computer Science, Purdue University, 1988.

Countering Network Worms through Automatic Patch Generation - Sidiroglou, Keromytis (2003) (12 citations) (Correct)