Notes for October 20, 1999
- Greetings and Felicitations!
- Puzzle of the Day
- Flaw Hypothesis Methodology
- System analysis
- Hypothesis generation
- Hypothesis testing
- Generalization
- System Analysis
- Learn everything you can about the system
- Learn everything you can about operational procedures
- Compare to models like PA, RISOS
- Hypothesis Generation
- Study the system, look for inconsistencies in interfaces
- Compare to previous systems
- Compare to models like PA, RISOS
- Hypothesis testing
- Look at system code, see if it would work (live experiment may be unneeded)
- If live experiment needed, observe usual protocols
- Generalization
- See if other programs, interfaces, or subjects/objects suffer from the same problem
- See if this suggests a more generic type of flaw
- Peeling the Onion
- You know very little (not even phone numbers or IP addresses)
- You know the phone number/IP address of system, but nothing else
- You have an unprivileged (guest) account on the system.
- You have an account with limited privileges.
- Examples
- Go through Michigan Terminal System penetration
- Go through Burroughs B6700 penetration
- Intrusion Detection Systems
- Anomaly detectors: look for unusual patterns
- Misuse detectors: look for sequences known to cause problems
- Specification detectors: look for actions outside specifications
- Anomaly Detection
- Original type: used login times
- Can be used to detect viruses, etc. by profiling expected number of writes
- Basis: statistically build a profile of users' expected actions, and look for actions which do not fit into the profile
- Issue: periodically modify the profile, or leave it static?
- User vs. group profiles
- Problems
Send email to
[email protected].
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562
Page last modified on 10/22/99