Applying the take-grant protection model

The Take-Grant Protection Model has in the past been used to model multilevel security hierarchies and simple protection systems. The models are extended to include theft of rights and sharing information, and additional security policies are examined. The analysis suggests that in some cases the basic rules of the Take-Grant Protection Model should be augmented to represent the policy properly; when appropriate, such modifications are made and their efforts with respect to the policy and its Take-Grant representation are discussed

A security analysis of version 2 of the Network Time Protocol (NTP): A report to the privacy and security research group

The Network Time Protocol is being used throughout the Internet to provide an accurate time service. The security requirements are examined of such a service, version 2 of the NTP protocol is analyzed to determine how well it meets these requirements, and improvements are suggested where appropriate

The sharing of rights and information in a capability-based protection system

The question of sharing of rights and information in the Take-Grant Protection Model is examined by concentrating on the similarities between the two; in order to do this, new theorems are stated and proven for each that specifically show the similarities. The proof for one of the original theorems is also provided. These statements of necessary and sufficient conditions are contrasted to illustrate the proposition that transferring rights and transferring information are fundamentally the same, as one would expect in a capability-based system. Directions are then discussed for future research in light of these results

Implementation notes on bdes(1)

This note describes the implementation of bdes, the file encryption program being distributed in the 4.4 release of the Berkeley Software Distribution. It implements all modes of the Data Encryption Standard program

A proactive password checker

Password selection has long been a difficult issue; traditionally, passwords are either assigned by the computer or chosen by the user. When the computer does the assignment, the passwords are often hard to remember; when the user makes the selection, the passwords are often easy to guess. This paper describes a technique, and a mechanism, to allow users to select passwords which to them are easy to remember but to others would be very difficult to guess. The technique is site, user, and group compatible, and allows rapid changing of constraints imposed upon the password. Although experience with this technique is limited, it appears to have much promise

Profiling under UNIX by patching

Profiling under UNIX is done by inserting counters into programs either before or during the compilation or assembly phases. A fourth type of profiling involves monitoring the execution of a program, and gathering relevant statistics during the run. This method and an implementation of this method are examined, and its advantages and disadvantages are discussed

The RIACS Intelligent Auditing and Categorizing System

The organization of the RIACS auditing package is described along with how to installation instructions and how to interpret the output. How to set up both local and remote file system auditing is given. Logging is done on a time driven basis, and auditing in a passive mode

A model of security monitoring

A model of security monitoring is presented that distinguishes between two types of logging and auditing. Implications for the design and use of security monitoring mechanisms are drawn from this model. The usefulness of the model is then demonstrated by analyzing several different monitoring mechanisms

A Security Analysis of Version 2 of the Network Time Protocol NTP: A Report to the Privacy and Security Research Group

The Network Time Protocol is being used throughout the Internet to provide an accurate time service. This paper examines the security requirements of such a service, analyzes version 2 of the NTP protocol to determine how well it meets these requirements, and suggests improvements where appropriate

Administrator\u27s Guide to the Digital Signature Facility Rover

This document describes the installation and maintenance of the rover utility, which provides a digital signature capability for internet messages