CRYPTO '89 Proceedings on Advances in cryptology
Model-based analysis of configuration vulnerabilities
Journal of Computer Security
On a Pattern-Oriented Model for Intrusion Detection
IEEE Transactions on Knowledge and Data Engineering
Network vulnerability analysis using text mining
ACIIDS'12 Proceedings of the 4th Asian conference on Intelligent Information and Database Systems - Volume Part II
| Hi-index | 0.00 |
Computers are rarely as secure as they could be. Users are lax or inconsistent in the way they configure a computer''s protection system, and these user mistakes often lead to serious security holes. For example, a privileged user might accidentally make his login initialization file publicly writable and that mistake could allow ordinary users to acquire super-user privileges. This sort of operational security problem is not caused by software bugs. It can happen even if all the computer''s trusted programs behave according to their specifications. Operational security problems arise from complex interactions between the pieces of a computer''s protection system. This report describes a tool for improving the operational security of discretionary access control systems. The tool is a rule based system that knows about the behavior of the computer''s software and the tricks used by attackers. The tool uses this knowledge to deduce the set of privileges directly or indirectly accessible to each user. Once the set of accessible privileges has been deduced, that set can be compared against a site specific access policy and any differences can be reported. A prototype of this tool has been used at MIT to improve the security of its UNIX computers. About twice each month the prototype identifies a database entry or file access mode that has been changed incorrectly and accidentally allows untrusted users to acquire super-user privileges.