Your search keyword '"Unix security"' showing total 26 results

1. A New Method to Detect Intrusions Using System Calls.

Author

PAN Feng, OUYANG Ming-guang, and WANG Wei-nong

Abstract

This paper advanced a new algorithm to detect network intrusions using sequences of system calls. This algorithm uses a data structure called weight tree, first it uses normal system call trace to build weight tree forest, which have to be pruned periodically in order to learn new pattern and eliminate impurity. Then it scans abnormal trace using those trees and gets the corresponding weight sequences. Those weight sequences can tell us if something abnormal has happened or not. It acquired good results in experiment. [ABSTRACT FROM AUTHOR]

Published

2004

2. Comparing MVS and UNIX Security: The View from the Glass House

Author

Peter D. Goldis

Subjects

Information Systems and Management, IBM mainframe utility programs, ComputerSystemsOrganization_COMPUTERSYSTEMIMPLEMENTATION, Computer science, business.industry, Access control, Unix security, computer.software_genre, Computer Science Applications, Software, Operating system, IBM, business, computer

Abstract

For years, the mainstay of corporate computing has been the centralized mainframe—a behemoth caged in a climate-controlled glass house. In most cases, this mainframe is an IBM or IBM-compatible computer running the MVS operating system and operating as either a standalone system or as part of a limited, proprietary network of mainframes within the same organization. Security on these mainframe systems has improved over time, as management has come to understand its importance and as vendors have developed and marketed access control software that is both effective and easy to use. For example, most of these systems operate with one of the major access control packages (IBM's RACF or Computer Associates' CA=ACF2 or CA=Top Secret).

Published

1993

3. Unix Security Myths and Truths

Author

Tanya Candia

Subjects

Computer Networks and Communications, Computer science, Operating system, Mythology, Unix security, computer.software_genre, Safety Research, computer, Software

Published

1992

4. Practical unix security

Author

Harold Joseph Highland

Subjects

General Computer Science, Computer science, Operating system, computer.software_genre, Unix security, Law, computer

Published

1992

5. Reflections on UNIX Vulnerabilities

Author

Matt Bishop

Subjects

Unix, business.industry, Unix architecture, Computer science, Computer security, computer.software_genre, Security policy, Unix security, Robustness (computer science), Unix operating system, The Internet, business, computer, Secure coding

Abstract

The UNIX operating system was developed in a friendly, collaborative environment without any particular predefined objectives. As it entered less friendly environments, expanded its functionality, and became the basis for commercial, infrastructure, and home systems, vulnerabilities in the system affected its robustness and security. This paper presents a brief history of UNIX vulnerabilities, beginning with a report written in 1981-1983, but never published. It examines how the nature of vulnerabilities has (and has not) changed since then, and presents some thoughts on the future of vulnerabilities in the UNIX operating system and its variants and other UNIX-like systems.

Published

2009

6. Linux and Unix Security

Author

Mario Santana

Subjects

Unix, Software_OPERATINGSYSTEMS, Unix architecture, Computer science, Operating system, Open system (computing), Filesystem Hierarchy Standard, Standard Operating Environment, Everything is a file, Unix filesystem, computer.software_genre, Unix security, computer

Abstract

Publisher Summary This chapter is an introduction to Unix in general and to Linux in particular, presenting some historical context and describing some fundamental aspects of the operating system architecture. As an operating system designed to be flexible and robust, Unix lends itself to providing a wide array of host- and network-based services. Linux and other Unix-like operating systems are prevalent on the Internet for a number of reasons. Linux is a bit of an oddball in the Unix operating system lineup. That's because, unlike the Unix versions released by the major vendors, Linux did not reuse any existing source code. Unix also has a rich culture from its long history as a fundamental part of computing research in industry and academia. Unix and related operating systems play a key role as platforms for delivering the key services that make the Internet possible. It is important that information security practitioners understand fundamental Unix concepts in support of practical knowledge of how Unix systems might be securely operated.

Published

2009

7. Unix and Linux Security

Author

Gerald Beuchelt

Subjects

Computer science, Vendor, Control (management), Access control, Directory, Audit, Computer security, computer.software_genre, Filesystem Hierarchy Standard, Confidentiality, TMPDIR, Unix, Class (computer programming), Unix architecture, business.industry, Everything is a file, Unix filesystem, Unix security, Security controls, Variable (computer science), Terminal (electronics), Operating system, Physical access, Line (text file), business, computer, fstab, Scope (computer science)

Abstract

Publisher Summary Unix was originally conceived as a multiuser system, and as such, security could not be added on as an afterthought. In this respect, Unix was different from a whole class of computing machinery that had been targeted at single-user environments. It is vitally important to emphasize the need to keep Unix systems up to date. No operating system or other program can be considered safe without being patched up. Having a system with the latest security patches is the first and most often the best line of defense against intruders. All Unix systems have a patching mechanism; this is a way to get the system up to date. Depending on the vendor and the mechanism used, it is possible to “back out” the patches. Unix security has a long tradition, and though many concepts of the earliest Unix systems still apply, there have been a large number of changes that fundamentally altered the way the operating system implements these security principles. Most Unix systems allow restricting root logins to special terminals, typically the system console. This approach is quite effective, especially if the console or the allowed terminals are under strict physical access control. The obvious downside of this approach is that remote access to the system can be very limited. Using this approach, access through any TCP/IP-based connection cannot be configured, thus requiring a direct connection, such as a directly attached terminal or a modem.

Published

2009

8. Managing Unix Security

Author

Ramon Montanon

Subjects

Unix, Computer Networks and Communications, Computer science, Unix architecture, Operating system, Unix security, computer.software_genre, Safety Research, computer, Software

Published

1999

9. General Virtual Hosting via Lightweight User-Level Virtualization

Author

Yasushi Shinjo, S. Peter, T. Hirotsu, Kazuhiko Kato, and H. Abe

Subjects

Unix, business.industry, Computer science, Virtual hosting, Internet hosting service, computer.software_genre, Unix security, Virtual machine, Middleware (distributed applications), Operating system, The Internet, Superuser, business, computer, Computer network

Abstract

The abundance of computing resources in current systems makes it technically feasible to run services for multiple Internet sites on a single machine. However, in the UNIX security model, a vast majority of services must be run with superuser privileges. This increases security risks considerably when numerous services are running in parallel, making the isolation of services a critical issue. Virtual hosting systems have been implemented at the application level and at the operating system (OS) level and by running services in isolated full-scale virtual machines. We present a middleware approach to general virtual hosting that does not require modifications to the OS or the application. While completely implementable in the user-level in UNIX-like OSes, our system allows secure deployment of services, even when they are executed with superuser privileges.

Published

2005

10. Property-based testing of privileged programs

Author

Karl Levitt and G. Fink

Subjects

Unix, business.industry, Computer science, Process (engineering), Unix security, Computer security, computer.software_genre, Security testing, Software, Formal specification, Daemon, business, computer, setuid

Abstract

Addresses the problem of testing security-relevant software, especially privileged (typically, setuid root) and daemon programs in UNIX. The problem is important, since it is these programs that are the source of most UNIX security flaws. For some programs, such as the UNIX sendmail program, new security flaws are still being discovered, despite being in use for many years. For special-purpose systems with fewer users, flaws are likely to remain undiscovered for even longer. Our testing process is driven by specifications we create for the privileged programs. These specifications simultaneously define the allowed behavior far these programs and identify problematic system calls, regions where the program is vulnerable, and generic security flaws. The specifications serve three roles in our testing methodology: as criteria against which a program is sliced, as oracles against which it is tested, and as a basis for generating useful tests. Slicing is employed to significantly reduce the size of the program to be tested. We show that a slice of a privileged program (rdist) with respect to its security specifications is quite small. We introduce the Tester's Assistant, a collection of tools to mechanize the process of testing security-related C programs. >

Published

2002

11. Web-Based ITS for Training System Managers on the Computer Intrusion

Author

Jin-woo Choi, Chong-Woo Woo, and Martha Evens

Subjects

World Wide Web, Unix, Intrusion, business.industry, Computer science, Training system, Web application, business, Unix security, Curriculum

Abstract

Recently, unauthorized computer access has become becomes a big social problem. Of course, there are many commercial solutions for protecting systems against the intruder. But mostly we tend to rely on the system manager's field experience for maintaining the system. Therefore, the manager needs to keep up with the existing knowledge, along with any new threats. In the research described here, we have designed and implemented a simulated training environment to combat computer intrusions. The system begins with a menu outlining a curriculum focused on UNIX security, which is generated from the knowledge base dynamically. The selected topic (a goal) from the curriculum is then expanded into several missions (subgoals). The student can complete each mission by entering a sequence of UNIX commands that together provide an appropriate solution to the problem at hand. Since the system keeps track of the solution paths, the student's problem solving steps can easily be monitored and interrupted with appropriate hints, as needed. The tutor is designed as a client/server system, so the student needs only a web browser to access the system. Moreover, the student can manipulate the tasks in this virtual OS environment, according to the learning scenario.

Published

2002

12. First Steps in Improving Unix Security

Author

Mikel Lechner

Subjects

Computer Networks and Communications, Unix architecture, Computer science, Operating system, computer.software_genre, Unix security, Safety Research, computer, Software

Published

1992

13. Introduction to UNIX Security for Security Practitioners

Author

Jeffery Lowder

Subjects

Cloud computing security, Computer science, Operating system, Information security, Computer security, computer.software_genre, Unix security, computer

Published

2000

14. UNIX Security Features

Author

Allen Lum

Subjects

Unix, Environment variable, Unix architecture, Computer science, Operating system, STREAMS, computer.software_genre, TMPDIR, Unix security, Unix filesystem, computer

Published

1999

15. Auditing UNIX

Author

Dan Schultes

Subjects

Information security audit, Computer science, Disaster recovery, Audit, Computer security, computer.software_genre, Unix security, computer, Change control

Published

1999

16. A soft real time scheduling server in UNIX operating system

Author

Hao-Hua Chu and Klara Nahrstedt

Subjects

Unix, Page fault, Unix architecture, Computer science, business.industry, Application server, computer.software_genre, Unix security, Scheduling (computing), AppleShare, Client–server model, Server farm, Operating system, The Internet, Daemon, business, computer

Abstract

We present a soft real-time CPU server for Continuous Media processing in the UNIX environment. The server is a daemon process from which applications can request and acquire soft real-time QoS (Quality of Service) Guarantees. Our server is an extension of the URsched scheduler. It provides (1) protection among real-time(RT) processes (2) fairness among RT and non-RT processes, (3) rate monotonic scheduling, (4) a fix to the UNIX security problem. We have implemented our protocol in the SUN Solaris 2.5 Operating System, and we have shown through experiments that our soft RT server provides predictable QoS for continuous media applications. We also discuss how we will fit the real-time server into our general Resource Broker Architecture in our future work.

Published

1997

17. Unix security & Kerberos

Author

Bart De Decker

Subjects

Unix, Authentication, Computer science, computer.internet_protocol, Unix architecture, business.industry, computer.software_genre, Unix security, Unix filesystem, Operating system, Kerberos, Single UNIX Specification, business, computer, De facto standard, Computer network

Abstract

This paper discusses some security issues related to the UNIX operating system, which is today the de facto standard Operating System. The authentication mechanisms have been focused on, both in a central system and in a network environment. It is shown that networking makes UNIX vulnerable if no special measurements are taken. One of these could be the introduction of the Kerberos authentication system which is also becoming a “standard” in open network environments. The Kerberos protocols are described, and their merits and limitations in a possibly hostile environment are discussed.

Published

1993

18. Computer security education: training, scholarship, and research

Author

Matt Bishop

Subjects

Critical security studies, General Computer Science, Education training, Computer science, Information security, Unix security, Computer security, computer.software_genre, Training (civil), Security engineering, Scholarship, ComputingMilieux_COMPUTERSANDEDUCATION, eLearnSecurity, computer

Abstract

Traditionally, computer security education falls into two distinct classes. The first is training, marked by an emphasis on particular systems, situations, or environments rather than broad principles. The second is scholarly (or scholarship), marked by an emphasis on underlying principles, concepts, and their application. The paper discusses a training course on Unix security, a scholarly course on computer security and the role of research in training education and scholarly education.

Published

2002

19. W3C security sesources and Matt's Unix security page

Author

Berni Dwan

Subjects

Unix, General Computer Science, Computer science, Operating system, computer.software_genre, Unix security, Law, computer

Published

1999

20. Computer security education: training, scholarship, and research.

Author

Bishop, M.

Subjects

*COMPUTER security, *DATA protection research, *ELECTRONIC data processing, *COMPUTER security software, *COMPUTER viruses, *EDUCATION

Abstract

Traditionally, computer security education falls into two distinct classes. The first is training, marked by an emphasis on particular systems, situations, or environments rather than broad principles. The second is scholarly (or scholarship), marked by an emphasis on underlying principles, concepts, and their application. The paper discusses a training course on Unix security, a scholarly course on computer security and the role of research in training education and scholarly education [ABSTRACT FROM PUBLISHER]

Published

2002

21. Specification and verification of the UCLA Unix security kernel

Author

Richard A. Kemmerer, Bruce J. Walker, and Gerald J. Popek

Subjects

Unix, General Computer Science, Computer science, Unix architecture, Programming language, Security kernel, Unix security, computer.software_genre, Formal methods, Formal specification, Operating system, Verification, Formal verification, computer

Published

1980

22. Design and Implementation of Secure Xenix

Author

Wen-Der Jiang, R.S. Chapman, N. Vasudevan, G.L. Luckenbaugh, C.S. Chandersekaran, Virgil D. Gligor, L.J. Dotterer, A. Johri, and M.S. Hetch

Subjects

Unix, Workstation, Computer science, business.industry, Secure attention key, computer.software_genre, Unix security, Security policy, law.invention, Trusted path, law, Embedded system, IBM PC compatible, Personal computer, Operating system, business, computer, Software

Abstract

Secure Xenix™ is an experimental system designed to run on IBM PC/AT workstations. Like Xenix, it is a Unix™ System V implementation on the PC/AT workstation; unlike Xenix, it eliminates the Unix security deficiencies and it enhances security policies. In this paper, we present the design features of Secure Xenix, their integration within Xenix, and some of the lessons learned from this experiment to date.

Published

1987

23. UNIX security in a supercomputing environment

Author

Matt Bishop

Subjects

Cloud computing security, Security service, Computer science, Unix architecture, Network Access Control, Principle of least privilege, Operating system, Computer security model, computer.software_genre, Unix security, computer, Vulnerability (computing)

Abstract

@ operating system is designed for collaborative work and not for security. Vendors have modified this operating system (in some cases, radically) to provide levels of security acceptable to their customers, but the versions used in supercomputing environments would benefit from enhancements present in so-called secure versions. This paper discusses the need for security in a supercomputing environment and suggests modifications to the UNIX operating system that would decrease the vulnerability of those sites to attacks. Among the issues are additional auditing controls, changes to network programs, improved user authentication, and better application of the principle of least privilege.

Published

1989

24. Specification and verification of the UCLA Unix security kernel (Extended Abstract)

Author

Richard A. Kemmerer, Gerald J. Popek, and Bruce J. Walker

Subjects

Unix, High-level verification, Functional verification, Computer science, Operating system, Verification, Software system, Unix security, computer.software_genre, computer, Software verification, Intelligent verification

Abstract

Data Secure Unix, a kernel structured operating system, was constructed as part of an ongoing effort at UCLA to develop procedures by which operating systems can be produced and shown secure. Program verification methods were extensively applied as a constructive means of demonstrating security enforcement.Here we report the specification and verification experience in producing a secure operating system. The work represents, to our knowledge, the first significant attempt to verify a large-scale, production level software system including all aspects from initial specification to verification of implemented code.

Published

1979

25. On the Design and the Implementation of Secure Xenix Workstations

Author

M.S. Hecht, L.J. Dotterer, G.S. Chandersekaran, V.D. Gligor, Wen-Der Jiang, E.L. Burch, G.L. Luckenbaugh, R.S. Chapman, and N. Vasudevan

Subjects

Unix, Emulation, Workstation, Computer science, business.industry, Access control, Unix security, computer.software_genre, Security policy, law.invention, law, IBM PC compatible, Operating system, Security management, business, computer

Abstract

Secure Xenix * is an experimental system designed to run on IBM PC/AT workstations. Like Xenix, it is a Unix implementation on the PC/AT workstation; unlike Xenix, it eliminates the Unix security deficiencies and it enhances security policies. In this paper, we present the design features of Secure Xenix, their integration within Xenix, and some of the lessons learned from this experiment to date. In addition, we address some of the problems specific to workstations in the security management area. The major design differences between Secure Xenix and other experiments with Unix security enhancements, such as LINUS IV, are also presented. In a companion paper, we present the important problems that arise in the testing of Secure Xenix and their solutions.

Published

1986

26. New emphasis given to UNIX security problems

Author

Esther H. Highland

Subjects

General Computer Science, Unix architecture, Computer science, Emphasis (telecommunications), Operating system, Unix security, computer.software_genre, Law, computer

Published

1988