- Email: [email protected]
Random bits & bytes
Computers
& Security,
11 (1992) 4-15
Random Bits & Bytes Dr. Harold Joseph Highland, FICS Editor-in-Chief Emeritus
Reader Queries
Wc
and E-mail
IFIP See’92
now start the severltll year of writing this column. (The first appcarcd in May 1986 in Volutnc 5, Number 1.) Over the years we have rcccived numerous lcttcrs and phone calls from rcadcrs intcrcstcd in obtaining information and assistance.
Well over a year ago WC “walked” a major organirccovcry of an zation through a step-by-step administrative LAN that had bccomc infcctcd. Bccausc they failed to prcparc for a possible computcr virus attack, the rccovcry procedure via tclcphone took a few hours. But they lost no data or cxccutablc programs. It was, howcvcr, ncccssary for thctn to do a low lcvcl format. To do so WC had to transmit via modctn the basic diagnostics disk because they had not rcccivcd one from their vendor. ’ Two months “go WC mtmbltd a col~~municatiolls package for an international company. The multiprogram packasc pcmittcd them to use low-lcvcl their data during tdcencryption to protect commttnications. It also compressed the nxssagcs to rcducc transmission time. It was based 011 an carlicr package WC had dcvclopcd as a consultant to
4
The Eighth International Information Security Conference and Exhibition will be held at Raffles Convention City in Singapore May 27-29, 1992. The theme for this conference is “Security and Control -- From Small Systems to Large. % There will be a series of workshops during the two days preceding the conference. For more information about the conference and workshops: fFlPDec ‘9.2
Singapore ~o~~ut~r Society 71 Singapore Science Park 7he NCB Building Singapore 0511 Telephone: [65] 778-3901 Telefbx: 1651 778-8221
a govwwwnt agncy about three years ago. A year after the agency started using the package, they rcportcd a 20% reduction in tralls~llissio~l costs.
Since WC bccamc Editor-in-Chief Emeritus WC have rcduccd our sccrctarial and support staffs. In order to continue to scrvc our rcadcrs, WC suggest a grcatcr USC of electronic mail. This will cnablc us to reply more rapidly to those who need assistance.
0~~7-4048/92/$5.~~
Q 1992, Elsevier Science Publishers
Ltd.
Computers & Security, Vol. 1 I, No. 1
Mail Addresses Priority e-mail:
HighlandQdockmaster.ncsc.mil
Internet:
Highlandaauvaxl
MCI Mail:
-CO65012
Telex:
[ + I] 650 106 5012 [via telephone
x.400
network:
[MCI]
.adclphi.edu
C = US/A = MCI/S = Highland/F [Internet
node]
[Dockmaster
can be reached
In order to reduce the volume of “junk fax” (press releases about personnel appointments, invitations to product introduction, appointment of new distributors, etc.), we do not publish our fax number. Anyone interested in using fax should first cithcr write or telcphonc; we will then provide the ncccssat-y “authorization code” and proccdurc.
Finally, for those who wish to avoid clcartcxt transmission over e-mail, WC will provide a simple encryption package to authorized users. At that time WC will establish the appropriate encryption keys.
Security
= Harold/D
= ID = 00040650
12
192.100.55.3
Readers may still write or telephone but since we arc on numerous networks, we suggest a greater Several telecommunications of c-mail. use addresses that can be used and are shown in the accompanying box, Mail Addresses.
Computer
transmission]
Policy Manuals
Too many corporations have inadcquatc, outdated cmploycc securiry policy manuals. An overwhelming number have a broad, gcncral statement that is inadequate in this day and age. A few large cor-
via Internet
or US milnct]
porations even fail to address the subject of information security in their employee manuals. l When was the last time that your updated its information security manual!
company
l Does it include any mention of privacy rights, security of data during transmission, storage and disposal of data, microcomputer operations?
Chances are that the corporate security manual is mainframe oricntcd. It probably has ignored the rapid growth of microcomputers within the organization and set up security politics for thcsc machines. Except in rare cases, the chances arc that the manual does not cover such topics as c-mail, backup proccdurcs, fax transmission, encryption or handling of down-loaded data. For years WC collcctcd company security manuals and related material in the hope of preparing guidclincs for computer security management. The task of organizing such data into a meaningful, usable form was momentous-enough to discourage us from undertaking the task. Bcsidcs it was not our first love. Znfornration Security Policies Made Easy: A Comprehensive Set of Information Security Policies, by Charles
5
H. J. HighlandlRandom
Bits & Bytes
Crcsson Wood’, is an cxccllcnt solution to this problem. This 109-page, 8; by 1 l-inch volume, is undoubtedly the best book printed in I WI. WC would have difficulty naming the top ten books that should bc on any computer security director’s bookshelf. But WC arc certain that Wood’s volume would be among them. The Guideline
The introduction to this book is concise and precise covering sonic 18 pages of helpful suggestions. It dcscribcs why politics arc critical to: 0 the success of information how to obtain
0 how and l
l
physical
security
of facilities
and cquipmcnt.
Part of the dctailcd scope of this politics manual, specifically so&are stwrrity and data recwity, is shown in Fig. 1. Each category and sub-category contains numerous related policy statcmcnts.
Manual
Unlike anything clsc available in print, this how-to reference guide contains a starting place for anyone conccrncd with information security policies. Version 3 of this volume, rclcascd late in 199 1, contains 535 policies which can be used to develop a wide variety of information security matcrialsmanuals, systems dcvelopmcnt proccdurcs, disaster rccovcry plans, outsourcing agreements, user training seminars and rcqucsts for proposals.
l
l managerial security (administrative security, personnel security and organizational structure), and
security,
managcmcnt
to write
policies
support,
to promote
how to format and customize
compliance,
politics.
Cut-and-Paste
The manual comes in both printed form and on a floppy disk. The user can sclcct those policy statcmcnts which one wishes to include in a company policy manual. Bccausc the material is available on a disk in ASCII format, it is a simple matter to sclcct individual policy statcmcnts for text editing using any word processor or text editor. One has an opportunity to modi$ the copy or clsc use it directly as is written in the manual. To make this manual simple to USC, Charles Crcsson Wood has used Company X which can bc replaced with the actual corporate name. Figure 2 shows the actual copy, pertaining to a brief information security policy statcmcnt, as it is obtained from the accompanying disk. Figure 3 shows the identical copy after the organization name has been substituted. It was not ncccssary to change each refcrcncc; that was done with a global starch and rcplacc statement of the word processor. Concluding
The ovcrwhclming specific information into:
part of this manual deals with security policies. It is divided
Operations
the book
useful chapters. One information
security
policy statcmcnts arc three is a comprchcnsive list of standards rcfcrcnccs, COlll-
plctc with organization name and address and related publications. The second is a substantial
l logical security (software security, system access control, privilcgc control, software dcvclopmcnt and change control, data security, and communications security),
bibliography of information security policy rcfcrcnccs. Finally thcrc is a basic, brief information security policy statcmcnt, a small part of which was shown in the accompanying figures. Final Note
‘Published
by Hasclinc
Y.+c)h(~, USA. Srarcs:
6
Software,
Telephone: +
P.O. Hex
I 415
I 800 82Y YY55). Fax numbcr:
332
1Z10.Sausalito.
7703
(In
4 I T-33-1 8031.
rhc
CA
United
Although used
many of the policy statcmcnts
verbatim,
others
have
recommendations
can bc for
Computers & Security, Vol. 7I, No. I
Software Security System Access Control Password Management Password Construction Design of Password System User Interface Password Related User Responsibilities Password System Internals Design I Log-In Process 0 Privilege Control Use of Systems Information Driven Access Control User Separation Special Privileges Other Privilege Restrictions Administrative Activities o Logging o
supplementary data to bc greatly expanded from the price
of the volume,
but it is only
US$-+95.00,
a fraction
o Intellectual 0
0
0
0
0
Property Rights Data Privacy Restrictions of Privacy Rights Collection of Specific Types of Private Data Disclosure of Private Data Handling Private Data Data Confidentiality Overall Data Confidentiality Policies Data Classification Categories Data Classification Marking Classification System Implementation Copying and Printing Shipping and Manual Handling Transmission by Fax and Phone Movement of Confidential Information Storage and Disposal Miscellaneous Policies Data Criticality Systems Design Contingency Planning Back-Up, Archival Storage and Disposal of Data Data Integrity Awareness of Integrity Status Relevant Policies
Version versions.
may
Unlike product
most software producers who in a shrink-wrapped package
sell their which is
makes the on a la-day book is well
its cost.
Comprehensive anti-virus resident
Anti-Virus
programs, scanning,
it can
and
offering
Program
a wide
including resident change dctcction
summing, virus removal, monitoring. The entire making it suitable for users,
high to hire
or rewriting of offers updates
non-returnable, Basclinc Software printed volume and the disk available trial period. WC believe that Wood’s worth
3 is The
appear
of the cost necessary
a consultant to assist in the writing company security politics. Basclinc at an annual fee of US$75.00.
Virus Buster2 is a potpouri Data Security
added. earlier
variety
of
and nonby chcck-
disk locking, and activity package is menu driven novices and ccpcricnccd
be used
by command
lint
if
required. The
program
is designed
PC/2 or compatible of memory. It will
to run
computer work with
on any
IBM
PC,
with at least 256K PC/MS DOS 2.1 or
higher as well as with Digital Rcscarch DOS or higher. It takes about 700K of disk space.
3.40
The Programs Buster, Doctor and the major part of this package.
A trio of programs, comprise
Watchdog,
l Busier is a generic (nonspecific) dctcction program which takes a checksum of the files on disk
zLcprccllaun Sot&arc Pty Ltd., P.O. Box 134. Lunuyche, Queensland 4030, Australia, also has offices in the United States: Leprechaun International, 2284 Pine Warbler Way, Marietta, GA 30062, USA. In Australia its phone number is (07) 252 4037 and in the States it is 40~ 971 8900. The fax numbers, respectively, are (07) 252 1071 and 404 971 8988.
7
Information and information systems are critical and important Company X assets. Without refiable information and information systems, Company X would quickly go out of business. Accordingly, Company X m~agement has a fiduciary duty to preserve, increase, and account for Company X information and information systems. This means that Company X management must take appropriate steps to ensure that information and information systems are properly protected from a variety of threats such as error, fraud, embezzlement, sabotage, terrorism, extortion, industrial espionage, privacy violation, and natural disaster. Company X management must additionally make sure that information and information systems are protected in a manner that is at least as secure as other org~i~tions in the same indust~ handling the same type of information. To achieve this objective, annual reviews of the risks to Company X information and information systems must be conducted. Similarly, whenever a major security incident indicates that the security of information or information systems is insufficient, management must take remedial action to reduce Company X’s exposure. Annual reports reflecting Company X’s information security status and progress must also be prepared and submitted to the President.
the first time it runs. When asked to cheek the disk, it is able to report any changes. It warns ofany changes in programs or disk system arcas which may indicate virus activity. o W’&&JJ is a memory-rcsidcnt program. It monitors all disk write operations and reports any suspicious activity such as initializing a fixed disk. It will report any attempt to format (BIOS forum operation), destroy a disk’s partition table or write to any disk d&cd as write-protcctcd. l Doctor scans nmnory and viruses. It rccognizcs nunlcrous offers three way of removal.
all files for known known viruses and
The additional programs in this package mcnt the basic programs of this package.
8
supplc-
l D6&k and I(eylok provide protection from unauthorized access to the PC and chc data and programs on tbc fixed disk. Disklok also provides automatic removal ot and rccovcry from, most viruses which infect the lnastcr boot record or tbc active boot record of fixed disks.
e V!mt’y, a command-line driven utility, performs most of the‘ functions of the DOS G>py and XCopy commands but siIllulta~~cously scans the files being copied for virus infections. o ~M~ic~lri is a small nmnory-rcsidcnt program to scan programs for known viruses bcforc it is loaded by DOS prior to cxccution. This will prcvcnt the activation of any known virus. It will not detect any new or unknown viruses.
Computers & Security, Vol. I I, No. 1
Information and information systems are critical and important MICRO-Set assets. Without reliable information and information systems, MICRO-Set would quickly go out of business. Accordingly, MICRO-Set management has a fiduciary duty to preserve, increase and account for MICRO-&c information and information systems. This means that MICRO-Set management must take appropriate steps to ensure that information and information systems are properly protected from a variety of threats such as error, fraud, embezzlement, sabotage, terrorism, extortion, industrial espionage, privacy violation, and natural disaster. MICRO-Set management must additionally make sure that information and information systems are protected in a manner that is at least as secure as other organizations
in the same industry
handling
the same type of information.
To
annual reviews of the risks to MICRO-Set information and information systems must be conducted. Similarly, whenever a major security incident indicates that the security of information or information systems is insufficient, management must take remedial action to reduce MICRO-Set’s exposure. Annual reports reflecting MICRO-Se& information security status and progress must also be prepared and submitted to the President.
achieve this objective
Fig 3.
l L&aver is a tiny device driver which is used by other Virus Buster programs (Buster and Doctor) to detect stealth viruses. It is added to the CONFIG.SYS file and takes only 200 bytes. l Protecr is used to add checksum information to the files. This information is used by the Watchdog program. l Fub (Fix and Rebuild) is a special purpose program designed to help users rccovcr from an attack by the Azusa virus. This virus attacks both the boot sector and the master book record (MBR) which contains the partition table. During installation this program makes a copy of both so that they arc easily rcstorcd in cast of the virus attack.
For those using Microsoft Windows 3, FIDO vides access to the Watchdog TSR program.
pro-
In addition to the Install short utilities.
program,
thcrc
arc two
l List can bc used to display and print text f&s. It is used to display the log files produced by the Virus Buster programs. l O~C&AI~, a task s&cd&r, is a batch cnhanccment utility which will run a nominated program cithcr once a day, or once a week on a nominated day.
Package Features Virus Buster has 15 lcvcls of protection since one method of dctcction will ncvc’r dctcct all viruses. Buster calculates two randomly encrypted chccksums for each cxccutablc file during installation. If
9
H. J. HighlandlRandom
Bits & Bytes
Performance
program has changed, the user will be informed before it is loaded. However, like other programs on the market Virus Buster cannot completely prevent a virus from cntcring a system and possibly destroying data but it really tries. a
In testing the product WC found that the Doctor program was not as fast as many of the recently tested scanner programs. It was particularly apparcnt
The manual is about one-half inch thick but after reading the simply written introduction one finds that it is well prepared and easy to follow. For those who are impatient to read through the manual, the manual starts with a quick start procedure which is all an expericnccd user needs to know.
About Docto Boot check Erase scree Full disk c Get disk in Memory chec Program the Virus info Zap virus
640K Memory check Press
10
Filespecs
system
with ahnost on a *normal” to be too slow.
XOO cxccutablc systcni the scan
WC did like the ability to run the program from a writeprotcctcd floppy disk. It is ncccssar);, however, to have BUSTER36.DA-T and DISKINFO.DAT on that disk.
To make the programs easy to use, Virus Buster has an intuitive, menu-driven interface with three lcvcls of “help” functions. The first level is a oncline status message which is shown on the bottom of the screen for all menu choices. The second is context scnsitivc, available for all menus. The third level is an index to “help” topics.
Actions
on our
programs. Even process appeared
It is possible to obtain information vidual viruses when using Virus
about the indiRustcr’s Doctor
program. The user may starch through a comprchcnsivc list of- viruses by name, see Fig. 4. An example of the information about a specific virus is shown in Fig. 5.
Options
Paths
Quit
v3.70
I Azusa Bebe (1004) Beeper Beijing (512) Best Wishes (1024) Black Monday (1055 ) Blood (418) Bombay III Borderline Brain (Pakistani) Bugs Burger CIA Cancer (1480) Carioca (951) Cascade (Fallina Letters. 1701 Cascade i (blackjack, 1764-B) Cascade Family of virii complete, for
no
information
active
viruses
on the
found
highlighted
in memory virus
highland help on item
I
Computers & Security, Vol. I I, No. 1
Actions
Filespecs
Options
Quit
Paths
V3.70
I
About Docto Boot check
Azusa
. Virus information
Virus Name: : Type Infects : Origin : Comments : Activates September activated
L
Cascade (Falling Letters, 1701, 1704) infectious,resident,encrypted .COM programs Germany (-19188) with a CGA or VGA monitor in the months of to December in the years 1980 and 1988. When letters on the screen fall to the bottom.
L
Cascade (Fallin~701 Cascade B (blackjack, 1704-B) Cascade Family of virii
iii 111 7
L I 640K Memory check complete, no active viruses found in memory Leprecnaun n select iten
Yess when ready to continue
Fig. 5
Almost any known virus can be removed from a file with Virus Buster. However, removal of a virus does not ensure the user that the program will be executable. WC do not recommend using this option in any of the programs in which such an option is available unless one is aware that removal does not automatically rcstorc the program to usable form.
this drawback does Buster’s protection.
not
really
weaken
Virus
Virus Buster is an easy to install and easy to use program that offers a very high level of anti-viral protection. Apart from an integrity shell, which many find difficult to USC, this package probably offers the best anti-virus protection available at this time.
Final Comments Lcprcchaun Sofnvarc provides user support by telephone, fax and BBS in the United States and Australia. We found that support very good in the States; we did not try Australia. The Disklok p ro g ram and the wiping of files arc fmc added features for an anti-virus product. The Doctor scan program, like all other such programs, is limited unless kept up to date by company update disks and material on its bulletin board. Yet
NTIS Volumes
of Interest
The National Technical Information Scrvicc (NTIS) is a self-supporting agency of the U.S. Department of Commcrcc. It provides access to the results of both U.S. and foreign government-sponsored rcscarch and dcvelopmcnt and cnginccring activities. For topics of any of the publications we considcr of intcrcst to computer security directors and personnel, you can communicate with:
11
U.S. Department of Commerce National Technical Information 5285 Port Royal Road Springfield, VA 32 16 1, USA Orders: + 1 703 1874650 Tclcx: 89-9405 or 646 17
Service
Fax: + I 703 331-8547
Computer Security: Selected Articles M. Swanson and E. Lcnnon, National Inst. of Standards and Technology, Gaithersburg, MD, April 199 1,-M __ pp., PB9 1- 18774O/WCC. Contents: Is Your System Safe; Proper assignment of rcsponsibili~ for data sccuriq; Assessing Sccurity; NIST Group Explores Risk-Assessment Packages; Crackdown on sofnvarc pirates; Memo: and Personal Computers; Computer Viruses Kcflcctions on Trusting Trust; The Scicncc of Computing: The Internet Worm; and Sccrct - . Codes. Public-Key Oyptograpity, Computer Security J. Ncchvatal, National Inst. of Standards and Technology (CSL), Gaithcrsburg, MD, April 199 1. 172 pp., PB9 1- 187864iwCC. The paper surveys public-key cryptography. It discusses the theory of public-key cryptography and cxamincs several examples of public-key cryptosystems. It also treats the rclatcd topics of digital signatures, hash functions, and, more briefly. zcroknowlcdgc protocols. Modes of implcmcntation of public-key cryptosystcms are discussed, including implementation in networks. Exampics of existing or proposed implcnlcntations arc summarized. Comparisons with secret-key cryptography arc made. Rclcvant mathematics is covered in appcndices. An cxtcnsivc biblio~raplly is included. DOE’s Computer ~izcj~e??tAdvisory ratability (CUC, E. Schultz, Lawrence Livcrmorc National Lab., CA. Scptcmbcr 1990, 17 pp., UClUjC-105099. CONF-901030-c-2, DE9 1007 1%/WCC. is Computer security quality in the computer
12
csscntial in cnvironmcnt.
maintaining Computer
howcvcr. arc becoming more security incidents, sophisticated. The DOE Computer Incident Advisory Capability (CIAC) team was formed primarily to assist DOE sites in rtsponding to computer security incidents. Among CIAC’s other responsibilities arc gathering and distributing informarion to DOE sites, providing training with other agcncics, coordinating workshops, response teams and vendors, crcatinS guidclincs for incident handling, and dcvclopills software tools. CIAC has already provided consi g crablc assistance to DOE sites faced with virus infections and worm and hacker attacks, has issued over 40 information bulletins, and has dcvclopcd and prcscntcd a \?;orkshop on incident handling. CIAC’s cspcricncc in helping sites has produced scvcral lessons lcarncd. including the riced to foilow cffcctivc procedures to avoid virus infections in small systems and the need for sound password managcmcnt and system administration in nctworkcd systems. CIAC’s activity and scope will expand in the future. Conrptrter User? Glriffe fo the Protecfior~ clfiitf;)rrrlntic,iI Kesou rces C. Hcising, National inst. of Standards and Technology, Gaithcrsburg, MD, October 1989, 21 pp., ED-327 156. Computers have changed the way information rcsourccs arc handled. Large amounts of information arc stored in one central place and can bc acccsscd from rcmotc locations. Users have a pcrsonal responsibility for the security of the system and the data stored in it. This document outlines the user’s rcsponsibilitics and provides security and control guidclincs to bc implcmcntcd. Thcsc protective mcasurcs include: (I) protect user arca; (2) protect user password; (3) protect user f&s; (4) back up user data; (5) lock up storage tncdia containing scnsitivc data; and (6) report sccuriry violations. Secrrrity Aspects ofDatabase Manqment System S. E. Hicks and K. C. Evans, Oak Ridge K-25 Site TN, 8 March 1991, 132 pp., DE91010677/WCC. US salts only.
Computers & Security, Vol. 11, No. 1
Relational database managcmcnt systems (DBMS) bccamc available in the 1980s and remain the most widely used type of DBMS today. Emerging research is taking advantage of advances in artificial intclligcncc and programming languages. One result has been the advent of the object-oriented data model. Because of the cxtcnsive depcndcncc on database management systems by the majority of society, data security has become a growing conccrn. The purpose of this report is to provide an information baseline for the Department of Energy (DOE) on the current DBMS security technology. The document begins with an overview of DBMS USC and architccturcs, followed by a summary of security concepts. The remaining sections discuss DBMS security issues, rcscarch and vendor efforts, standards activities, and DOE security needs. The discussions in this report focus on the relational database model. NADIR: A Prototype Network Intrusion Detection System K. A. Jackson, D. H. DuBois, and C. A. Stalings, Los Alamos National Lab., NM, 1990,25 pp., DE9 1004823IWCC. The Network Anomaly Dctcction and Intrusion Reporter (NADIR) is an expert system which is intcndcd to provide real-time security auditing for intrusion and misuse detection at Los Alamos National Laboratory’s Integrated Computing Network (CN). It is based on three basic assumptions: that statistical analysis of computer system and user activities may be used to characterize normal system and user behavior, and that, given the resulting statistical profiles, behavior which dcviatcs beyond certain bounds can be dctcctcd, that cxpcrt system tcchniqucs can be applied to security auditing and intrusion detection, and that successful intrusion detection may take place while monitoring a limited set of network activities such as user authentication and access control, file movcmcnt and storage, and job scheduling. NADIR has been dcvclopcd to employ these basic concepts while monitoring the audited activities of more than 8000 ICN users.
Computers at Risk: Safe Computing in the Information Axe National Research Council. Washington 1991,318 pp., N91-19721/O/WCC.
DC,
Computer systems need safeguards to prcvcnt intrusions and potential disasters that can cause economic and cvcn human losses. Momentum is building overseas for a new set of criteria and associated system evaluation schemes and standards. US response to these dcvclopmcnts will affect the compctitivencss of US vendors and the options available to users of commercial computer systems worldwide. This report characterizes the computer security problem and advances rccommcndarions for containing it. It examines technology ncccssary to achicvc system security and trustworthiness, and programming associated development issues, methodology, the design and USC of criteria for secure computer system dcvclopmcnt and cvaluation, and problems constraining the market for trustworthy systems. United States Copyfiqht Law and Sojiwcve Piracy on United States Air Force Microcomputers J. C. Sorcnscn, Air Force Inst. of Tcchnol., Wright-Pattcron AFB, OH, School of Systems and Logistics, September 1990, 102 pp., AFIT/GIR/LSY/9OD 11. This study looked at United States Copyright Law, its application to computer software, and at USAF policies and regulations governing the protection of copyrighted software. The literature rcvicw, including personal correspondcncc with inspectors general and computer and legal personnel, indicated that the Air Force has numerous politics concerning software copyright and the violation of thcsc copyrights (software piracy). Thcsc policies and regulations were compared with standards set by the software industry and the results suggested that the appropriate policies are in place but in some instances, cnforccment was lacking. An attitudinal survey was conducted with 125 cnlistcd pcrsonncl and 125 officers. with 58.1?4) and 60.0% usable return rates. Using a simple five-point
13
H. J. HighlandlRandom
Bits & Bytes
Likert scale and Yes/No questions, no overall significant diffcrcnccs of attitudes wcrc demonstrated bctwccn the two populations. While many of the rcspondcnts felt that thcrc was a problem with software piracy, few claimed to bc pcrsonnally involved. Understanding of copyright laws and what can and cannot be legally copied on microcomputers was lacking, cspccially in the junior ranks. Overall, it was detcrmincd that entry level education and enforcement of policies governing software piracy need to be increased. Toward a Testbedfor Malicious Code Detection R. Lo, P. Kcrchen, R. Crawford, W. Ho, and J. Crosslcy, Lawrence Livcrmorc National Lab., CA, 199 1, 19 pp., UCRLJC- 105792, CONF-9 10236-7. DE9 1007632/Wee. This paper proposes an cnviromnent for dctccting many types of malicious code, including computer viruses, Trojan horses, and time/logic bombs. This malicious code tcstbcd (MCT) is based on both static and dynamic analysis tools devclopcd at the University of California, Davis, which have been shown to bc effective against certain types of malicious codes. The tcstbed cxtcnds the uscfulncss of thcsc tools by using them in a complcmcntary fashion to detect more gcncral cases of malicious code. Perhaps more important, the MCT allows administrators and security analysts to cheek a program bcforc installation, thcrcby avoiding any damage a malicious program might inflict.
also acts as an example of the USCof Z in spc+ing secure systems. Howcvcr, it must bc noted that an appreciation of SERCUS, the model and modclling approach can usefully bc gained cvcn if the formal specifications are not read. The Terry-Wiscman Model and its intcrprctation arc given as an Annex to this report. SERCUS is csscntially an clcctronic registry system which controls the creation oc and access to, classified documents and mail mcssagcs. In the usual way, the users arc assigned clearances which limit their ability to observe and modify the information in the system. In addition to their clearances, the users have a designated role to play. The possible roles arc security off&r and ordinary user, although there arc also registry clerks in the original, longer specification. Certain operations may only be performed by users with the appropriate role. For cxamplc, only security officers may create new legal users or rcvicw journalled information and, in the original specification, only registry clerks could crcatc f&s or add docmiicnts to files. Although the model dots allow systems to be specified where individuals can have more than one role, this is not rcquircd in the SERCUS application, and each user is assigned a single fixed role. LogicfIr the Analysis c?f-Cryptograpllic I’rotoroh P. F. Syverson, Naval Research Lab., Washington DC, 199 1, 19 pp., NRL-930.5, AD-A230779/1/‘WCC.
&le Secure System Speci$ed Usir;f the Terry- Wiseman Approach C. L. Harrold, Royal Signals and Radar Establishment, Malvcrn (UK), July 1990.65 pp., RSRE-900 11, DRIC-BR- 113326, AD-A230 437/6/WCC.
A logic designed to analyze cryptographic protocols is presented in this report. The logic has distinct means for representing propositional knowlcdgc in the scnsc of familiarity with an individual, c.g. a particular key. It is argued that the introduction of a knowledge predicate is a useful and gcnuinc increase in expressive power. The semantics and mctalogic of the logic arc also cxplorcd.
This report presents the specification of operations for a secure document handling system (SERCUS). The specification uses the Terry-Wiseman Security Policy Model and thercforc acts as an example of the modelling approach. The specification uses the mathematical notation Z, and consequently
Datamaerkning: Att Paketera Ihop Data och Attribut (Data Marking: To Packet Data Together with Attributes) A. Bengtsson, Foersvarets Forskningsanstalt, Linkocping (Sweden), Huvudavdeining focr Informationsteknologi, November 1990,4 1 pp.,
14
Computers and Security, Vol. 77, No. 1
FOA-C-30593-3.4, Text in Swedish; summary English, PB9 l-l 6529O/wcc.
in
In order to maintain security within a distributed system, data should be marked with some sccurityrelated attributes, such as lcvcl of confidentiality, when and how data was gcncrated, digital signature, etc. These attributes and data should be held togcthcr in a package that is sealed to ensure that the package will remain unchanged for the lifetime
of the data. The report is a survey of methods and standards for marking of data, primarily text. Since the need to handle data as packages is similar to handling of objects, there is also a survey of objcctoriented methods. For the scaling of packages, digital signatures arc proposed. The conclusion of the report is that thcrc arc methods and standards that should bc possible to combine in a gcncral way to handle sealed objects in a distributed system.
Professor Harold Joseph Highland, FICS is Managing Direcror of Compulit, Inc. (Ehnont, NY, USA) and heads its Microcomputer Security Laborarory. He is Chairman of IFIP/ WGI 1.8on information security education and training and is also an Associate of the Information Security Rcscarch Ccntrc of (luecnsland Univcrsiry of Technology (Brisbane, Australia). He rctircd a dccadc ago as Disringulshcd Professor of the Stacc University of New York. Hc is also the founding editor and Editor-in-Chief Emeritus of Gmpurers nmf &wrrr~y. He is on the editorial board ofscvcral informarion security publications. Professor Highland is counsel to rhc Computer Security Tcchnical Comnitrcc of the Chinese Computer Federation (Hcijing, China) and to other government agencies in the USA and abroad. Hc scrvcs as the public Information Of&r of tbc International Fedcration for Informariou Prowssing’, Tcchnical Coniniirtcc 1 I on information security. A Fellow of the Irish Computrr So&r). Dr. Highland is also a mcmbcr of the Association for Computing (ACM), the IEEE’s the New York Academy of Scicnccs. Compurcr Socicr), Atncrican Association for tbc Advanccmcnt of’Scicncc, Computcr Profcssiouals for Social I~esponsibility and the Society for lrrcproduciblc
Results.
15
& Security,
11 (1992) 4-15
Random Bits & Bytes Dr. Harold Joseph Highland, FICS Editor-in-Chief Emeritus
Reader Queries
Wc
and E-mail
IFIP See’92
now start the severltll year of writing this column. (The first appcarcd in May 1986 in Volutnc 5, Number 1.) Over the years we have rcccived numerous lcttcrs and phone calls from rcadcrs intcrcstcd in obtaining information and assistance.
Well over a year ago WC “walked” a major organirccovcry of an zation through a step-by-step administrative LAN that had bccomc infcctcd. Bccausc they failed to prcparc for a possible computcr virus attack, the rccovcry procedure via tclcphone took a few hours. But they lost no data or cxccutablc programs. It was, howcvcr, ncccssary for thctn to do a low lcvcl format. To do so WC had to transmit via modctn the basic diagnostics disk because they had not rcccivcd one from their vendor. ’ Two months “go WC mtmbltd a col~~municatiolls package for an international company. The multiprogram packasc pcmittcd them to use low-lcvcl their data during tdcencryption to protect commttnications. It also compressed the nxssagcs to rcducc transmission time. It was based 011 an carlicr package WC had dcvclopcd as a consultant to
4
The Eighth International Information Security Conference and Exhibition will be held at Raffles Convention City in Singapore May 27-29, 1992. The theme for this conference is “Security and Control -- From Small Systems to Large. % There will be a series of workshops during the two days preceding the conference. For more information about the conference and workshops: fFlPDec ‘9.2
Singapore ~o~~ut~r Society 71 Singapore Science Park 7he NCB Building Singapore 0511 Telephone: [65] 778-3901 Telefbx: 1651 778-8221
a govwwwnt agncy about three years ago. A year after the agency started using the package, they rcportcd a 20% reduction in tralls~llissio~l costs.
Since WC bccamc Editor-in-Chief Emeritus WC have rcduccd our sccrctarial and support staffs. In order to continue to scrvc our rcadcrs, WC suggest a grcatcr USC of electronic mail. This will cnablc us to reply more rapidly to those who need assistance.
0~~7-4048/92/$5.~~
Q 1992, Elsevier Science Publishers
Ltd.
Computers & Security, Vol. 1 I, No. 1
Mail Addresses Priority e-mail:
HighlandQdockmaster.ncsc.mil
Internet:
Highlandaauvaxl
MCI Mail:
-CO65012
Telex:
[ + I] 650 106 5012 [via telephone
x.400
network:
[MCI]
.adclphi.edu
C = US/A = MCI/S = Highland/F [Internet
node]
[Dockmaster
can be reached
In order to reduce the volume of “junk fax” (press releases about personnel appointments, invitations to product introduction, appointment of new distributors, etc.), we do not publish our fax number. Anyone interested in using fax should first cithcr write or telcphonc; we will then provide the ncccssat-y “authorization code” and proccdurc.
Finally, for those who wish to avoid clcartcxt transmission over e-mail, WC will provide a simple encryption package to authorized users. At that time WC will establish the appropriate encryption keys.
Security
= Harold/D
= ID = 00040650
12
192.100.55.3
Readers may still write or telephone but since we arc on numerous networks, we suggest a greater Several telecommunications of c-mail. use addresses that can be used and are shown in the accompanying box, Mail Addresses.
Computer
transmission]
Policy Manuals
Too many corporations have inadcquatc, outdated cmploycc securiry policy manuals. An overwhelming number have a broad, gcncral statement that is inadequate in this day and age. A few large cor-
via Internet
or US milnct]
porations even fail to address the subject of information security in their employee manuals. l When was the last time that your updated its information security manual!
company
l Does it include any mention of privacy rights, security of data during transmission, storage and disposal of data, microcomputer operations?
Chances are that the corporate security manual is mainframe oricntcd. It probably has ignored the rapid growth of microcomputers within the organization and set up security politics for thcsc machines. Except in rare cases, the chances arc that the manual does not cover such topics as c-mail, backup proccdurcs, fax transmission, encryption or handling of down-loaded data. For years WC collcctcd company security manuals and related material in the hope of preparing guidclincs for computer security management. The task of organizing such data into a meaningful, usable form was momentous-enough to discourage us from undertaking the task. Bcsidcs it was not our first love. Znfornration Security Policies Made Easy: A Comprehensive Set of Information Security Policies, by Charles
5
H. J. HighlandlRandom
Bits & Bytes
Crcsson Wood’, is an cxccllcnt solution to this problem. This 109-page, 8; by 1 l-inch volume, is undoubtedly the best book printed in I WI. WC would have difficulty naming the top ten books that should bc on any computer security director’s bookshelf. But WC arc certain that Wood’s volume would be among them. The Guideline
The introduction to this book is concise and precise covering sonic 18 pages of helpful suggestions. It dcscribcs why politics arc critical to: 0 the success of information how to obtain
0 how and l
l
physical
security
of facilities
and cquipmcnt.
Part of the dctailcd scope of this politics manual, specifically so&are stwrrity and data recwity, is shown in Fig. 1. Each category and sub-category contains numerous related policy statcmcnts.
Manual
Unlike anything clsc available in print, this how-to reference guide contains a starting place for anyone conccrncd with information security policies. Version 3 of this volume, rclcascd late in 199 1, contains 535 policies which can be used to develop a wide variety of information security matcrialsmanuals, systems dcvelopmcnt proccdurcs, disaster rccovcry plans, outsourcing agreements, user training seminars and rcqucsts for proposals.
l
l managerial security (administrative security, personnel security and organizational structure), and
security,
managcmcnt
to write
policies
support,
to promote
how to format and customize
compliance,
politics.
Cut-and-Paste
The manual comes in both printed form and on a floppy disk. The user can sclcct those policy statcmcnts which one wishes to include in a company policy manual. Bccausc the material is available on a disk in ASCII format, it is a simple matter to sclcct individual policy statcmcnts for text editing using any word processor or text editor. One has an opportunity to modi$ the copy or clsc use it directly as is written in the manual. To make this manual simple to USC, Charles Crcsson Wood has used Company X which can bc replaced with the actual corporate name. Figure 2 shows the actual copy, pertaining to a brief information security policy statcmcnt, as it is obtained from the accompanying disk. Figure 3 shows the identical copy after the organization name has been substituted. It was not ncccssary to change each refcrcncc; that was done with a global starch and rcplacc statement of the word processor. Concluding
The ovcrwhclming specific information into:
part of this manual deals with security policies. It is divided
Operations
the book
useful chapters. One information
security
policy statcmcnts arc three is a comprchcnsive list of standards rcfcrcnccs, COlll-
plctc with organization name and address and related publications. The second is a substantial
l logical security (software security, system access control, privilcgc control, software dcvclopmcnt and change control, data security, and communications security),
bibliography of information security policy rcfcrcnccs. Finally thcrc is a basic, brief information security policy statcmcnt, a small part of which was shown in the accompanying figures. Final Note
‘Published
by Hasclinc
Y.+c)h(~, USA. Srarcs:
6
Software,
Telephone: +
P.O. Hex
I 415
I 800 82Y YY55). Fax numbcr:
332
1Z10.Sausalito.
7703
(In
4 I T-33-1 8031.
rhc
CA
United
Although used
many of the policy statcmcnts
verbatim,
others
have
recommendations
can bc for
Computers & Security, Vol. 7I, No. I
Software Security System Access Control Password Management Password Construction Design of Password System User Interface Password Related User Responsibilities Password System Internals Design I Log-In Process 0 Privilege Control Use of Systems Information Driven Access Control User Separation Special Privileges Other Privilege Restrictions Administrative Activities o Logging o
supplementary data to bc greatly expanded from the price
of the volume,
but it is only
US$-+95.00,
a fraction
o Intellectual 0
0
0
0
0
Property Rights Data Privacy Restrictions of Privacy Rights Collection of Specific Types of Private Data Disclosure of Private Data Handling Private Data Data Confidentiality Overall Data Confidentiality Policies Data Classification Categories Data Classification Marking Classification System Implementation Copying and Printing Shipping and Manual Handling Transmission by Fax and Phone Movement of Confidential Information Storage and Disposal Miscellaneous Policies Data Criticality Systems Design Contingency Planning Back-Up, Archival Storage and Disposal of Data Data Integrity Awareness of Integrity Status Relevant Policies
Version versions.
may
Unlike product
most software producers who in a shrink-wrapped package
sell their which is
makes the on a la-day book is well
its cost.
Comprehensive anti-virus resident
Anti-Virus
programs, scanning,
it can
and
offering
Program
a wide
including resident change dctcction
summing, virus removal, monitoring. The entire making it suitable for users,
high to hire
or rewriting of offers updates
non-returnable, Basclinc Software printed volume and the disk available trial period. WC believe that Wood’s worth
3 is The
appear
of the cost necessary
a consultant to assist in the writing company security politics. Basclinc at an annual fee of US$75.00.
Virus Buster2 is a potpouri Data Security
added. earlier
variety
of
and nonby chcck-
disk locking, and activity package is menu driven novices and ccpcricnccd
be used
by command
lint
if
required. The
program
is designed
PC/2 or compatible of memory. It will
to run
computer work with
on any
IBM
PC,
with at least 256K PC/MS DOS 2.1 or
higher as well as with Digital Rcscarch DOS or higher. It takes about 700K of disk space.
3.40
The Programs Buster, Doctor and the major part of this package.
A trio of programs, comprise
Watchdog,
l Busier is a generic (nonspecific) dctcction program which takes a checksum of the files on disk
zLcprccllaun Sot&arc Pty Ltd., P.O. Box 134. Lunuyche, Queensland 4030, Australia, also has offices in the United States: Leprechaun International, 2284 Pine Warbler Way, Marietta, GA 30062, USA. In Australia its phone number is (07) 252 4037 and in the States it is 40~ 971 8900. The fax numbers, respectively, are (07) 252 1071 and 404 971 8988.
7
Information and information systems are critical and important Company X assets. Without refiable information and information systems, Company X would quickly go out of business. Accordingly, Company X m~agement has a fiduciary duty to preserve, increase, and account for Company X information and information systems. This means that Company X management must take appropriate steps to ensure that information and information systems are properly protected from a variety of threats such as error, fraud, embezzlement, sabotage, terrorism, extortion, industrial espionage, privacy violation, and natural disaster. Company X management must additionally make sure that information and information systems are protected in a manner that is at least as secure as other org~i~tions in the same indust~ handling the same type of information. To achieve this objective, annual reviews of the risks to Company X information and information systems must be conducted. Similarly, whenever a major security incident indicates that the security of information or information systems is insufficient, management must take remedial action to reduce Company X’s exposure. Annual reports reflecting Company X’s information security status and progress must also be prepared and submitted to the President.
the first time it runs. When asked to cheek the disk, it is able to report any changes. It warns ofany changes in programs or disk system arcas which may indicate virus activity. o W’&&JJ is a memory-rcsidcnt program. It monitors all disk write operations and reports any suspicious activity such as initializing a fixed disk. It will report any attempt to format (BIOS forum operation), destroy a disk’s partition table or write to any disk d&cd as write-protcctcd. l Doctor scans nmnory and viruses. It rccognizcs nunlcrous offers three way of removal.
all files for known known viruses and
The additional programs in this package mcnt the basic programs of this package.
8
supplc-
l D6&k and I(eylok provide protection from unauthorized access to the PC and chc data and programs on tbc fixed disk. Disklok also provides automatic removal ot and rccovcry from, most viruses which infect the lnastcr boot record or tbc active boot record of fixed disks.
e V!mt’y, a command-line driven utility, performs most of the‘ functions of the DOS G>py and XCopy commands but siIllulta~~cously scans the files being copied for virus infections. o ~M~ic~lri is a small nmnory-rcsidcnt program to scan programs for known viruses bcforc it is loaded by DOS prior to cxccution. This will prcvcnt the activation of any known virus. It will not detect any new or unknown viruses.
Computers & Security, Vol. I I, No. 1
Information and information systems are critical and important MICRO-Set assets. Without reliable information and information systems, MICRO-Set would quickly go out of business. Accordingly, MICRO-Set management has a fiduciary duty to preserve, increase and account for MICRO-&c information and information systems. This means that MICRO-Set management must take appropriate steps to ensure that information and information systems are properly protected from a variety of threats such as error, fraud, embezzlement, sabotage, terrorism, extortion, industrial espionage, privacy violation, and natural disaster. MICRO-Set management must additionally make sure that information and information systems are protected in a manner that is at least as secure as other organizations
in the same industry
handling
the same type of information.
To
annual reviews of the risks to MICRO-Set information and information systems must be conducted. Similarly, whenever a major security incident indicates that the security of information or information systems is insufficient, management must take remedial action to reduce MICRO-Set’s exposure. Annual reports reflecting MICRO-Se& information security status and progress must also be prepared and submitted to the President.
achieve this objective
Fig 3.
l L&aver is a tiny device driver which is used by other Virus Buster programs (Buster and Doctor) to detect stealth viruses. It is added to the CONFIG.SYS file and takes only 200 bytes. l Protecr is used to add checksum information to the files. This information is used by the Watchdog program. l Fub (Fix and Rebuild) is a special purpose program designed to help users rccovcr from an attack by the Azusa virus. This virus attacks both the boot sector and the master book record (MBR) which contains the partition table. During installation this program makes a copy of both so that they arc easily rcstorcd in cast of the virus attack.
For those using Microsoft Windows 3, FIDO vides access to the Watchdog TSR program.
pro-
In addition to the Install short utilities.
program,
thcrc
arc two
l List can bc used to display and print text f&s. It is used to display the log files produced by the Virus Buster programs. l O~C&AI~, a task s&cd&r, is a batch cnhanccment utility which will run a nominated program cithcr once a day, or once a week on a nominated day.
Package Features Virus Buster has 15 lcvcls of protection since one method of dctcction will ncvc’r dctcct all viruses. Buster calculates two randomly encrypted chccksums for each cxccutablc file during installation. If
9
H. J. HighlandlRandom
Bits & Bytes
Performance
program has changed, the user will be informed before it is loaded. However, like other programs on the market Virus Buster cannot completely prevent a virus from cntcring a system and possibly destroying data but it really tries. a
In testing the product WC found that the Doctor program was not as fast as many of the recently tested scanner programs. It was particularly apparcnt
The manual is about one-half inch thick but after reading the simply written introduction one finds that it is well prepared and easy to follow. For those who are impatient to read through the manual, the manual starts with a quick start procedure which is all an expericnccd user needs to know.
About Docto Boot check Erase scree Full disk c Get disk in Memory chec Program the Virus info Zap virus
640K Memory check Press
10
Filespecs
system
with ahnost on a *normal” to be too slow.
XOO cxccutablc systcni the scan
WC did like the ability to run the program from a writeprotcctcd floppy disk. It is ncccssar);, however, to have BUSTER36.DA-T and DISKINFO.DAT on that disk.
To make the programs easy to use, Virus Buster has an intuitive, menu-driven interface with three lcvcls of “help” functions. The first level is a oncline status message which is shown on the bottom of the screen for all menu choices. The second is context scnsitivc, available for all menus. The third level is an index to “help” topics.
Actions
on our
programs. Even process appeared
It is possible to obtain information vidual viruses when using Virus
about the indiRustcr’s Doctor
program. The user may starch through a comprchcnsivc list of- viruses by name, see Fig. 4. An example of the information about a specific virus is shown in Fig. 5.
Options
Paths
Quit
v3.70
I Azusa Bebe (1004) Beeper Beijing (512) Best Wishes (1024) Black Monday (1055 ) Blood (418) Bombay III Borderline Brain (Pakistani) Bugs Burger CIA Cancer (1480) Carioca (951) Cascade (Fallina Letters. 1701 Cascade i (blackjack, 1764-B) Cascade Family of virii complete, for
no
information
active
viruses
on the
found
highlighted
in memory virus
highland help on item
I
Computers & Security, Vol. I I, No. 1
Actions
Filespecs
Options
Quit
Paths
V3.70
I
About Docto Boot check
Azusa
. Virus information
Virus Name: : Type Infects : Origin : Comments : Activates September activated
L
Cascade (Falling Letters, 1701, 1704) infectious,resident,encrypted .COM programs Germany (-19188) with a CGA or VGA monitor in the months of to December in the years 1980 and 1988. When letters on the screen fall to the bottom.
L
Cascade (Fallin~701 Cascade B (blackjack, 1704-B) Cascade Family of virii
iii 111 7
L I 640K Memory check complete, no active viruses found in memory Leprecnaun n
Yess
Fig. 5
Almost any known virus can be removed from a file with Virus Buster. However, removal of a virus does not ensure the user that the program will be executable. WC do not recommend using this option in any of the programs in which such an option is available unless one is aware that removal does not automatically rcstorc the program to usable form.
this drawback does Buster’s protection.
not
really
weaken
Virus
Virus Buster is an easy to install and easy to use program that offers a very high level of anti-viral protection. Apart from an integrity shell, which many find difficult to USC, this package probably offers the best anti-virus protection available at this time.
Final Comments Lcprcchaun Sofnvarc provides user support by telephone, fax and BBS in the United States and Australia. We found that support very good in the States; we did not try Australia. The Disklok p ro g ram and the wiping of files arc fmc added features for an anti-virus product. The Doctor scan program, like all other such programs, is limited unless kept up to date by company update disks and material on its bulletin board. Yet
NTIS Volumes
of Interest
The National Technical Information Scrvicc (NTIS) is a self-supporting agency of the U.S. Department of Commcrcc. It provides access to the results of both U.S. and foreign government-sponsored rcscarch and dcvelopmcnt and cnginccring activities. For topics of any of the publications we considcr of intcrcst to computer security directors and personnel, you can communicate with:
11
U.S. Department of Commerce National Technical Information 5285 Port Royal Road Springfield, VA 32 16 1, USA Orders: + 1 703 1874650 Tclcx: 89-9405 or 646 17
Service
Fax: + I 703 331-8547
Computer Security: Selected Articles M. Swanson and E. Lcnnon, National Inst. of Standards and Technology, Gaithersburg, MD, April 199 1,-M __ pp., PB9 1- 18774O/WCC. Contents: Is Your System Safe; Proper assignment of rcsponsibili~ for data sccuriq; Assessing Sccurity; NIST Group Explores Risk-Assessment Packages; Crackdown on sofnvarc pirates; Memo: and Personal Computers; Computer Viruses Kcflcctions on Trusting Trust; The Scicncc of Computing: The Internet Worm; and Sccrct - . Codes. Public-Key Oyptograpity, Computer Security J. Ncchvatal, National Inst. of Standards and Technology (CSL), Gaithcrsburg, MD, April 199 1. 172 pp., PB9 1- 187864iwCC. The paper surveys public-key cryptography. It discusses the theory of public-key cryptography and cxamincs several examples of public-key cryptosystems. It also treats the rclatcd topics of digital signatures, hash functions, and, more briefly. zcroknowlcdgc protocols. Modes of implcmcntation of public-key cryptosystcms are discussed, including implementation in networks. Exampics of existing or proposed implcnlcntations arc summarized. Comparisons with secret-key cryptography arc made. Rclcvant mathematics is covered in appcndices. An cxtcnsivc biblio~raplly is included. DOE’s Computer ~izcj~e??tAdvisory ratability (CUC, E. Schultz, Lawrence Livcrmorc National Lab., CA. Scptcmbcr 1990, 17 pp., UClUjC-105099. CONF-901030-c-2, DE9 1007 1%/WCC. is Computer security quality in the computer
12
csscntial in cnvironmcnt.
maintaining Computer
howcvcr. arc becoming more security incidents, sophisticated. The DOE Computer Incident Advisory Capability (CIAC) team was formed primarily to assist DOE sites in rtsponding to computer security incidents. Among CIAC’s other responsibilities arc gathering and distributing informarion to DOE sites, providing training with other agcncics, coordinating workshops, response teams and vendors, crcatinS guidclincs for incident handling, and dcvclopills software tools. CIAC has already provided consi g crablc assistance to DOE sites faced with virus infections and worm and hacker attacks, has issued over 40 information bulletins, and has dcvclopcd and prcscntcd a \?;orkshop on incident handling. CIAC’s cspcricncc in helping sites has produced scvcral lessons lcarncd. including the riced to foilow cffcctivc procedures to avoid virus infections in small systems and the need for sound password managcmcnt and system administration in nctworkcd systems. CIAC’s activity and scope will expand in the future. Conrptrter User? Glriffe fo the Protecfior~ clfiitf;)rrrlntic,iI Kesou rces C. Hcising, National inst. of Standards and Technology, Gaithcrsburg, MD, October 1989, 21 pp., ED-327 156. Computers have changed the way information rcsourccs arc handled. Large amounts of information arc stored in one central place and can bc acccsscd from rcmotc locations. Users have a pcrsonal responsibility for the security of the system and the data stored in it. This document outlines the user’s rcsponsibilitics and provides security and control guidclincs to bc implcmcntcd. Thcsc protective mcasurcs include: (I) protect user arca; (2) protect user password; (3) protect user f&s; (4) back up user data; (5) lock up storage tncdia containing scnsitivc data; and (6) report sccuriry violations. Secrrrity Aspects ofDatabase Manqment System S. E. Hicks and K. C. Evans, Oak Ridge K-25 Site TN, 8 March 1991, 132 pp., DE91010677/WCC. US salts only.
Computers & Security, Vol. 11, No. 1
Relational database managcmcnt systems (DBMS) bccamc available in the 1980s and remain the most widely used type of DBMS today. Emerging research is taking advantage of advances in artificial intclligcncc and programming languages. One result has been the advent of the object-oriented data model. Because of the cxtcnsive depcndcncc on database management systems by the majority of society, data security has become a growing conccrn. The purpose of this report is to provide an information baseline for the Department of Energy (DOE) on the current DBMS security technology. The document begins with an overview of DBMS USC and architccturcs, followed by a summary of security concepts. The remaining sections discuss DBMS security issues, rcscarch and vendor efforts, standards activities, and DOE security needs. The discussions in this report focus on the relational database model. NADIR: A Prototype Network Intrusion Detection System K. A. Jackson, D. H. DuBois, and C. A. Stalings, Los Alamos National Lab., NM, 1990,25 pp., DE9 1004823IWCC. The Network Anomaly Dctcction and Intrusion Reporter (NADIR) is an expert system which is intcndcd to provide real-time security auditing for intrusion and misuse detection at Los Alamos National Laboratory’s Integrated Computing Network (CN). It is based on three basic assumptions: that statistical analysis of computer system and user activities may be used to characterize normal system and user behavior, and that, given the resulting statistical profiles, behavior which dcviatcs beyond certain bounds can be dctcctcd, that cxpcrt system tcchniqucs can be applied to security auditing and intrusion detection, and that successful intrusion detection may take place while monitoring a limited set of network activities such as user authentication and access control, file movcmcnt and storage, and job scheduling. NADIR has been dcvclopcd to employ these basic concepts while monitoring the audited activities of more than 8000 ICN users.
Computers at Risk: Safe Computing in the Information Axe National Research Council. Washington 1991,318 pp., N91-19721/O/WCC.
DC,
Computer systems need safeguards to prcvcnt intrusions and potential disasters that can cause economic and cvcn human losses. Momentum is building overseas for a new set of criteria and associated system evaluation schemes and standards. US response to these dcvclopmcnts will affect the compctitivencss of US vendors and the options available to users of commercial computer systems worldwide. This report characterizes the computer security problem and advances rccommcndarions for containing it. It examines technology ncccssary to achicvc system security and trustworthiness, and programming associated development issues, methodology, the design and USC of criteria for secure computer system dcvclopmcnt and cvaluation, and problems constraining the market for trustworthy systems. United States Copyfiqht Law and Sojiwcve Piracy on United States Air Force Microcomputers J. C. Sorcnscn, Air Force Inst. of Tcchnol., Wright-Pattcron AFB, OH, School of Systems and Logistics, September 1990, 102 pp., AFIT/GIR/LSY/9OD 11. This study looked at United States Copyright Law, its application to computer software, and at USAF policies and regulations governing the protection of copyrighted software. The literature rcvicw, including personal correspondcncc with inspectors general and computer and legal personnel, indicated that the Air Force has numerous politics concerning software copyright and the violation of thcsc copyrights (software piracy). Thcsc policies and regulations were compared with standards set by the software industry and the results suggested that the appropriate policies are in place but in some instances, cnforccment was lacking. An attitudinal survey was conducted with 125 cnlistcd pcrsonncl and 125 officers. with 58.1?4) and 60.0% usable return rates. Using a simple five-point
13
H. J. HighlandlRandom
Bits & Bytes
Likert scale and Yes/No questions, no overall significant diffcrcnccs of attitudes wcrc demonstrated bctwccn the two populations. While many of the rcspondcnts felt that thcrc was a problem with software piracy, few claimed to bc pcrsonnally involved. Understanding of copyright laws and what can and cannot be legally copied on microcomputers was lacking, cspccially in the junior ranks. Overall, it was detcrmincd that entry level education and enforcement of policies governing software piracy need to be increased. Toward a Testbedfor Malicious Code Detection R. Lo, P. Kcrchen, R. Crawford, W. Ho, and J. Crosslcy, Lawrence Livcrmorc National Lab., CA, 199 1, 19 pp., UCRLJC- 105792, CONF-9 10236-7. DE9 1007632/Wee. This paper proposes an cnviromnent for dctccting many types of malicious code, including computer viruses, Trojan horses, and time/logic bombs. This malicious code tcstbcd (MCT) is based on both static and dynamic analysis tools devclopcd at the University of California, Davis, which have been shown to bc effective against certain types of malicious codes. The tcstbed cxtcnds the uscfulncss of thcsc tools by using them in a complcmcntary fashion to detect more gcncral cases of malicious code. Perhaps more important, the MCT allows administrators and security analysts to cheek a program bcforc installation, thcrcby avoiding any damage a malicious program might inflict.
also acts as an example of the USCof Z in spc+ing secure systems. Howcvcr, it must bc noted that an appreciation of SERCUS, the model and modclling approach can usefully bc gained cvcn if the formal specifications are not read. The Terry-Wiscman Model and its intcrprctation arc given as an Annex to this report. SERCUS is csscntially an clcctronic registry system which controls the creation oc and access to, classified documents and mail mcssagcs. In the usual way, the users arc assigned clearances which limit their ability to observe and modify the information in the system. In addition to their clearances, the users have a designated role to play. The possible roles arc security off&r and ordinary user, although there arc also registry clerks in the original, longer specification. Certain operations may only be performed by users with the appropriate role. For cxamplc, only security officers may create new legal users or rcvicw journalled information and, in the original specification, only registry clerks could crcatc f&s or add docmiicnts to files. Although the model dots allow systems to be specified where individuals can have more than one role, this is not rcquircd in the SERCUS application, and each user is assigned a single fixed role. LogicfIr the Analysis c?f-Cryptograpllic I’rotoroh P. F. Syverson, Naval Research Lab., Washington DC, 199 1, 19 pp., NRL-930.5, AD-A230779/1/‘WCC.
&le Secure System Speci$ed Usir;f the Terry- Wiseman Approach C. L. Harrold, Royal Signals and Radar Establishment, Malvcrn (UK), July 1990.65 pp., RSRE-900 11, DRIC-BR- 113326, AD-A230 437/6/WCC.
A logic designed to analyze cryptographic protocols is presented in this report. The logic has distinct means for representing propositional knowlcdgc in the scnsc of familiarity with an individual, c.g. a particular key. It is argued that the introduction of a knowledge predicate is a useful and gcnuinc increase in expressive power. The semantics and mctalogic of the logic arc also cxplorcd.
This report presents the specification of operations for a secure document handling system (SERCUS). The specification uses the Terry-Wiseman Security Policy Model and thercforc acts as an example of the modelling approach. The specification uses the mathematical notation Z, and consequently
Datamaerkning: Att Paketera Ihop Data och Attribut (Data Marking: To Packet Data Together with Attributes) A. Bengtsson, Foersvarets Forskningsanstalt, Linkocping (Sweden), Huvudavdeining focr Informationsteknologi, November 1990,4 1 pp.,
14
Computers and Security, Vol. 77, No. 1
FOA-C-30593-3.4, Text in Swedish; summary English, PB9 l-l 6529O/wcc.
in
In order to maintain security within a distributed system, data should be marked with some sccurityrelated attributes, such as lcvcl of confidentiality, when and how data was gcncrated, digital signature, etc. These attributes and data should be held togcthcr in a package that is sealed to ensure that the package will remain unchanged for the lifetime
of the data. The report is a survey of methods and standards for marking of data, primarily text. Since the need to handle data as packages is similar to handling of objects, there is also a survey of objcctoriented methods. For the scaling of packages, digital signatures arc proposed. The conclusion of the report is that thcrc arc methods and standards that should bc possible to combine in a gcncral way to handle sealed objects in a distributed system.
Professor Harold Joseph Highland, FICS is Managing Direcror of Compulit, Inc. (Ehnont, NY, USA) and heads its Microcomputer Security Laborarory. He is Chairman of IFIP/ WGI 1.8on information security education and training and is also an Associate of the Information Security Rcscarch Ccntrc of (luecnsland Univcrsiry of Technology (Brisbane, Australia). He rctircd a dccadc ago as Disringulshcd Professor of the Stacc University of New York. Hc is also the founding editor and Editor-in-Chief Emeritus of Gmpurers nmf &wrrr~y. He is on the editorial board ofscvcral informarion security publications. Professor Highland is counsel to rhc Computer Security Tcchnical Comnitrcc of the Chinese Computer Federation (Hcijing, China) and to other government agencies in the USA and abroad. Hc scrvcs as the public Information Of&r of tbc International Fedcration for Informariou Prowssing’, Tcchnical Coniniirtcc 1 I on information security. A Fellow of the Irish Computrr So&r). Dr. Highland is also a mcmbcr of the Association for Computing (ACM), the IEEE’s the New York Academy of Scicnccs. Compurcr Socicr), Atncrican Association for tbc Advanccmcnt of’Scicncc, Computcr Profcssiouals for Social I~esponsibility and the Society for lrrcproduciblc
Results.
15