Co-word analysis is a content analysis technique that is effective in mapping the strength of ass... more Co-word analysis is a content analysis technique that is effective in mapping the strength of association between keywords in textual data. Co-word analysis reduces a space of descriptors (or keywords) to a set of network graphs that effectively illustrate the strongest associations between descriptors [29, 30]. Co-word analysis is an example of a graphical modeling technique that applies some of the ideas of association analysis [27, 28]. Graphical modeling is a variant of statistical modeling that uses graphs to display models. “In contrast to most other types of statistical graphics, the graphs do not display data, but rather and interpretation of the data, in the form of a model … Graphs have long been used informally … to visualize relations between variables. ” [27]. This technique illustrates associations between keywords by constructing multiple networks that highlight associations between keywords, and where associations between networks are possible. 2 Co-Word Analysis Alg...
Security in computer systems is impodant so as to ensure reliable operation and to protect the in... more Security in computer systems is impodant so as to ensure reliable operation and to protect the integrity of stored information. Faults in the implementation of critical components can be exploited to breach se-
Computer security professionals and researchers do not have a history of sharing and analyzing co... more Computer security professionals and researchers do not have a history of sharing and analyzing computer vulnerability information. Scientists and engineers from older or more established fields have long understood that publicizing, analyzing, and learning from other people's mistakes is essential to the stepwise refinement of complex systems. Computer scientists, however, have not followed suit. Programmers reinvent classical programming mistakes, contributing to the reappearance of known vulnerabilities. In the recent past, computer systems have come to be a part of critical systems that have a direct effect on the safety and well-being of human beings and hence we must have lower tolerance for software failures. In the dissertation I will attempt to show that computer vulnerability information presents important regularities and these can be detected, and possibly visualized, providing important insight about the reason of their prevalence and existence. The information deri...
Security in computer systems is important soasto ensure reliable operation and to protect the int... more Security in computer systems is important soasto ensure reliable operation and to protect the integrity of stored information. Faults in the implementation of critical components can be exploited to breach security and penetrate a system. These faults must be identi ed, detected, and corrected to ensure reliability and safeguard against denial of service, unauthorized modi cation of data, or disclosure of information. We define a classification of security faults in the Unix operating system. We state the criteria used to categorize the faults and present examples of the di erent fault types. We present the design and implementation details of a prototype database to store vulnerability information collected from different sources. The data is organized according to our fault categories. The information in the database can be applied in static audit analysis of systems, intrusion detection, and fault detection. We also identify and describe software testing methods that should be ef...
Authorship analysis on computer software is a difficult problem. In this paper we explore the cla... more Authorship analysis on computer software is a difficult problem. In this paper we explore the classification of programmers ’ style, and try to find a set of characteristics that remain constant for a significant portion of the programs that this programmer might produce. Our goal is to show that it is possible to identify the author of a program by examining programming style characteristics. Within a closed environment, the results of this paper support the conclusion that, for a specific set of programmers, it is possible to identify the author of any individual program. Also, based on previous work and our observations during the experiments described herein we believe that the probability of finding two programmers who share exactly those same characteristics should be very small. 1
Security in computer systems is important soasto ensure reliable operation and to protect the int... more Security in computer systems is important soasto ensure reliable operation and to protect the integrity of stored information. Faults in the implementation of critical components can be exploited to breach security and penetrate a system. These faults must be identified, detected, and corrected to ensure reliability and safeguard against denial of service, unauthorized modification of data, or disclosure of information. We define a classification of security faults in the Unix operating system. We state the criteria used to categorize the faults and present examples of the different fault types. We present the design and implementation details of a prototype database to store vulnerability information collected from different sources. The data is organized according to our fault categories. The information in the database can be applied in static audit analysis of systems, intrusion detection, and fault detection. We also identify and describe software testing methods that should be...
Software systems for governmental organizations are mostly defined by procedures and policies tha... more Software systems for governmental organizations are mostly defined by procedures and policies that are, in some contexts, dynamic, seldom formally defined or even documented. Furthermore, changes in policy can be rapid and frequently antagonistic to those previously defined. Current development methods are not resilient or adaptive under change and software systems developed in dynamic and antagonistic environments exhibit significant problems that cannot be prevented using traditional software engineering methods. Software for governmental organizations needs to be secure and security, in its most general definition, can only be provided when the logic used for the requirements analysis matches closely that of the logic in place by the time the software is deployed. In this paper we show that during the implementation of the ASYCUDA++ system in the Bolivian National Customs Agency, we found that current software development practices, though technologically sound per se, are not ti...
Many engineering fields have recognized the need to analyze past mistakes and failures in the hop... more Many engineering fields have recognized the need to analyze past mistakes and failures in the hope of learning from them. In computer science this realization has resulted in the development of software testing techniques that attempt to detect known problems from software systems and in improved compilers and development tools. However, there exists a series of software failures where detailed analysis is rarely published, mainly for fear that the information could be used against active systems. These software failures, commonly referred to as computer vulnerabilities, have special properties that set them apart from traditional software failures. Detailed analysis of the factors that contribute to the existence of these vulnerabilities is mostly limited to cryptic articles posted to hacker newsgroups or web sites. There are a few notable exceptions, and this report attempts to add to these with a detailed analysis of four common computer vulnerabilities. The analysis of each vuln...
This manual gives a detailed technical description of the IDIOT intrusion detection system from t... more This manual gives a detailed technical description of the IDIOT intrusion detection system from the COAST Laboratory at Purdue University. It is intended to help anyone who wishes to use, extend or test the IDIOT system. Familiarity with security issues, and intrusion detection in particular, is assumed.
Authorship analysis on computer software is a difficult problem. In this paper we explore the cla... more Authorship analysis on computer software is a difficult problem. In this paper we explore the classification of programmers’ style, and try to find a set of characteristics that remain constant for a significant portion of the programs that this programmer might produce. Our goal is to show that it is possible to identify the author of a program by examining programming style characteristics. Within a closed environment, the results of this paper support the conclusion that, for a specific set of programmers, it is possible to identify the author of any individual program. Also, based on previous work and our observations during the experiments described herein we believe that the probability of finding two programmers who share exactly those same characteristics should be very small.
Many engineering fields have recognized the need to analyze the past in hope of learning from pas... more Many engineering fields have recognized the need to analyze the past in hope of learning from past mistakes and failures. In computer science this realization has resulted in the development of software testing techniques that attempt to detect known problems from software systems and in improved compilers and development tools. However, there exists a series of software failures where detailed analysis is rarely published, mainly for fear that the information could be used against active systems. These software failures, commonly referred to as computer vulnerabilities, have special properties that set them apart from traditional software failures. Detailed analysis of the factors that contribute to the existence of these vulnerabilities is mostly limited to cryptic articles posted to hacker newsgroups or web sites. There are a few notable exceptions, and this report attempts to add to these with a detailed analysis of five common computer vulnerabilities. The analysis of each vuln...
The consequences of a class of system failures, commonly known as software vulnerabilities, viola... more The consequences of a class of system failures, commonly known as software vulnerabilities, violate security policies. They can cause the loss of information and reduce the value or usefulness of the system. An increased understanding of the nature of vulnerabilities, their manifestations, and the mechanisms that can be used to eliminate and prevent them can be achieved by the development of a uni ed de nition of software vulnerabilities, and the development of a framework for the creation of taxonomies for vulnerabilities. This paper provides a unifying de nition of software vulnerability based on the notion that it is security policies that de ne what is allowable or desirable in a system. It also includes a framework for the development of classi cations and taxonomies for software vulnerabilities. This paper presents a classi cation of software vulnerabilities that focuses on the assumptions that programmers make regarding the environment in which their application will be execu...
Computer security professionals and researchers do not have a history of sharing and analyzing co... more Computer security professionals and researchers do not have a history of sharing and analyzing computer vulnerability information. Scientists and engineers from older or more established fields have long understood that publicizing, analyzing, and learning from other people's mistakes is essential to the stepwise refinement of complex systems. Computer scientists, however, have not followed suit. Programmers reinvent classical programming mistakcs, contributing to the reappearance of known vulnerabilities. In the recent past, complltcr systems have come to be a part of critical systems that have a direct effect on the safety and well-being of human beings and hence we must have lower tolerance for software failures. In the dissedation I will attempt to show that computer vulnerability information presents important regularities and these can be detected, and possibly visualized, providing important insight about the reason of their prevalence and existence. The information deriv...
The notion of Computer Policy is fundamental to the study of computer security models, the analys... more The notion of Computer Policy is fundamental to the study of computer security models, the analysis of computer vulnerabilities, the development of intrusion detection tools, and the development of misuse detection tools. Security only makes sense in relation to security policies that specify what is being protected, how it must be protected, who has access to what is being protected, etc. Policies are, however, difficult to write, normally ambiguous, and difficult to understand. Existing policy specification models are not suitable for most commercial off the shelf (COTS) systems. The source code for the system may not be available, they operate under constantly changing environments, and the policy requirements may change frequently. Also existing policy models do not capture the temporal characteristics of many real-world computer security policies. In this paper we present a functional approach to the specification of policies that allows their stepwise refinement, such that at ...
Co-word analysis is a content analysis technique that is effective in mapping the strength of ass... more Co-word analysis is a content analysis technique that is effective in mapping the strength of association between keywords in textual data. Co-word analysis reduces a space of descriptors (or keywords) to a set of network graphs that effectively illustrate the strongest associations between descriptors [29, 30]. Co-word analysis is an example of a graphical modeling technique that applies some of the ideas of association analysis [27, 28]. Graphical modeling is a variant of statistical modeling that uses graphs to display models. “In contrast to most other types of statistical graphics, the graphs do not display data, but rather and interpretation of the data, in the form of a model … Graphs have long been used informally … to visualize relations between variables. ” [27]. This technique illustrates associations between keywords by constructing multiple networks that highlight associations between keywords, and where associations between networks are possible. 2 Co-Word Analysis Alg...
Security in computer systems is impodant so as to ensure reliable operation and to protect the in... more Security in computer systems is impodant so as to ensure reliable operation and to protect the integrity of stored information. Faults in the implementation of critical components can be exploited to breach se-
Computer security professionals and researchers do not have a history of sharing and analyzing co... more Computer security professionals and researchers do not have a history of sharing and analyzing computer vulnerability information. Scientists and engineers from older or more established fields have long understood that publicizing, analyzing, and learning from other people's mistakes is essential to the stepwise refinement of complex systems. Computer scientists, however, have not followed suit. Programmers reinvent classical programming mistakes, contributing to the reappearance of known vulnerabilities. In the recent past, computer systems have come to be a part of critical systems that have a direct effect on the safety and well-being of human beings and hence we must have lower tolerance for software failures. In the dissertation I will attempt to show that computer vulnerability information presents important regularities and these can be detected, and possibly visualized, providing important insight about the reason of their prevalence and existence. The information deri...
Security in computer systems is important soasto ensure reliable operation and to protect the int... more Security in computer systems is important soasto ensure reliable operation and to protect the integrity of stored information. Faults in the implementation of critical components can be exploited to breach security and penetrate a system. These faults must be identi ed, detected, and corrected to ensure reliability and safeguard against denial of service, unauthorized modi cation of data, or disclosure of information. We define a classification of security faults in the Unix operating system. We state the criteria used to categorize the faults and present examples of the di erent fault types. We present the design and implementation details of a prototype database to store vulnerability information collected from different sources. The data is organized according to our fault categories. The information in the database can be applied in static audit analysis of systems, intrusion detection, and fault detection. We also identify and describe software testing methods that should be ef...
Authorship analysis on computer software is a difficult problem. In this paper we explore the cla... more Authorship analysis on computer software is a difficult problem. In this paper we explore the classification of programmers ’ style, and try to find a set of characteristics that remain constant for a significant portion of the programs that this programmer might produce. Our goal is to show that it is possible to identify the author of a program by examining programming style characteristics. Within a closed environment, the results of this paper support the conclusion that, for a specific set of programmers, it is possible to identify the author of any individual program. Also, based on previous work and our observations during the experiments described herein we believe that the probability of finding two programmers who share exactly those same characteristics should be very small. 1
Security in computer systems is important soasto ensure reliable operation and to protect the int... more Security in computer systems is important soasto ensure reliable operation and to protect the integrity of stored information. Faults in the implementation of critical components can be exploited to breach security and penetrate a system. These faults must be identified, detected, and corrected to ensure reliability and safeguard against denial of service, unauthorized modification of data, or disclosure of information. We define a classification of security faults in the Unix operating system. We state the criteria used to categorize the faults and present examples of the different fault types. We present the design and implementation details of a prototype database to store vulnerability information collected from different sources. The data is organized according to our fault categories. The information in the database can be applied in static audit analysis of systems, intrusion detection, and fault detection. We also identify and describe software testing methods that should be...
Software systems for governmental organizations are mostly defined by procedures and policies tha... more Software systems for governmental organizations are mostly defined by procedures and policies that are, in some contexts, dynamic, seldom formally defined or even documented. Furthermore, changes in policy can be rapid and frequently antagonistic to those previously defined. Current development methods are not resilient or adaptive under change and software systems developed in dynamic and antagonistic environments exhibit significant problems that cannot be prevented using traditional software engineering methods. Software for governmental organizations needs to be secure and security, in its most general definition, can only be provided when the logic used for the requirements analysis matches closely that of the logic in place by the time the software is deployed. In this paper we show that during the implementation of the ASYCUDA++ system in the Bolivian National Customs Agency, we found that current software development practices, though technologically sound per se, are not ti...
Many engineering fields have recognized the need to analyze past mistakes and failures in the hop... more Many engineering fields have recognized the need to analyze past mistakes and failures in the hope of learning from them. In computer science this realization has resulted in the development of software testing techniques that attempt to detect known problems from software systems and in improved compilers and development tools. However, there exists a series of software failures where detailed analysis is rarely published, mainly for fear that the information could be used against active systems. These software failures, commonly referred to as computer vulnerabilities, have special properties that set them apart from traditional software failures. Detailed analysis of the factors that contribute to the existence of these vulnerabilities is mostly limited to cryptic articles posted to hacker newsgroups or web sites. There are a few notable exceptions, and this report attempts to add to these with a detailed analysis of four common computer vulnerabilities. The analysis of each vuln...
This manual gives a detailed technical description of the IDIOT intrusion detection system from t... more This manual gives a detailed technical description of the IDIOT intrusion detection system from the COAST Laboratory at Purdue University. It is intended to help anyone who wishes to use, extend or test the IDIOT system. Familiarity with security issues, and intrusion detection in particular, is assumed.
Authorship analysis on computer software is a difficult problem. In this paper we explore the cla... more Authorship analysis on computer software is a difficult problem. In this paper we explore the classification of programmers’ style, and try to find a set of characteristics that remain constant for a significant portion of the programs that this programmer might produce. Our goal is to show that it is possible to identify the author of a program by examining programming style characteristics. Within a closed environment, the results of this paper support the conclusion that, for a specific set of programmers, it is possible to identify the author of any individual program. Also, based on previous work and our observations during the experiments described herein we believe that the probability of finding two programmers who share exactly those same characteristics should be very small.
Many engineering fields have recognized the need to analyze the past in hope of learning from pas... more Many engineering fields have recognized the need to analyze the past in hope of learning from past mistakes and failures. In computer science this realization has resulted in the development of software testing techniques that attempt to detect known problems from software systems and in improved compilers and development tools. However, there exists a series of software failures where detailed analysis is rarely published, mainly for fear that the information could be used against active systems. These software failures, commonly referred to as computer vulnerabilities, have special properties that set them apart from traditional software failures. Detailed analysis of the factors that contribute to the existence of these vulnerabilities is mostly limited to cryptic articles posted to hacker newsgroups or web sites. There are a few notable exceptions, and this report attempts to add to these with a detailed analysis of five common computer vulnerabilities. The analysis of each vuln...
The consequences of a class of system failures, commonly known as software vulnerabilities, viola... more The consequences of a class of system failures, commonly known as software vulnerabilities, violate security policies. They can cause the loss of information and reduce the value or usefulness of the system. An increased understanding of the nature of vulnerabilities, their manifestations, and the mechanisms that can be used to eliminate and prevent them can be achieved by the development of a uni ed de nition of software vulnerabilities, and the development of a framework for the creation of taxonomies for vulnerabilities. This paper provides a unifying de nition of software vulnerability based on the notion that it is security policies that de ne what is allowable or desirable in a system. It also includes a framework for the development of classi cations and taxonomies for software vulnerabilities. This paper presents a classi cation of software vulnerabilities that focuses on the assumptions that programmers make regarding the environment in which their application will be execu...
Computer security professionals and researchers do not have a history of sharing and analyzing co... more Computer security professionals and researchers do not have a history of sharing and analyzing computer vulnerability information. Scientists and engineers from older or more established fields have long understood that publicizing, analyzing, and learning from other people's mistakes is essential to the stepwise refinement of complex systems. Computer scientists, however, have not followed suit. Programmers reinvent classical programming mistakcs, contributing to the reappearance of known vulnerabilities. In the recent past, complltcr systems have come to be a part of critical systems that have a direct effect on the safety and well-being of human beings and hence we must have lower tolerance for software failures. In the dissedation I will attempt to show that computer vulnerability information presents important regularities and these can be detected, and possibly visualized, providing important insight about the reason of their prevalence and existence. The information deriv...
The notion of Computer Policy is fundamental to the study of computer security models, the analys... more The notion of Computer Policy is fundamental to the study of computer security models, the analysis of computer vulnerabilities, the development of intrusion detection tools, and the development of misuse detection tools. Security only makes sense in relation to security policies that specify what is being protected, how it must be protected, who has access to what is being protected, etc. Policies are, however, difficult to write, normally ambiguous, and difficult to understand. Existing policy specification models are not suitable for most commercial off the shelf (COTS) systems. The source code for the system may not be available, they operate under constantly changing environments, and the policy requirements may change frequently. Also existing policy models do not capture the temporal characteristics of many real-world computer security policies. In this paper we present a functional approach to the specification of policies that allows their stepwise refinement, such that at ...
Uploads
Papers by Ivan Krsul