Showing papers on "Vulnerability (computing) published in 1992"

Foiling the cracker: A survey of, and improvements to, password security

Abstract: With the rapid burgeoning of national and international networks, the question of system security has become one of growing importance. High speed inter-machine communication and even higher speed computational processors have made the threats of system {open_quotes}crackers,{close_quotes} data theft, and data corruption very real. This paper outlines some of the problems of current password security by demonstrating the ease by which individual accounts may be broken. Various techniques used by crackers are outlined, and finally one solution to this point of system vulnerability, a proactive password checker, is proposed. 11 refs., 2 tabs.

Information Technology Security Evaluation Criteria (ITSEC) - a Contribution to Vulnerability?

Abstract: On initiative of the Commission of the European Communities, the Information Technology Security Evaluation Criteria (ITSEC) are designed to provide a yardstick for the evaluation and certification of the security of IT systems. To improve the usefulness of resulting evaluations and certificates for procurers, users, and manufacturers the ITSEC are intended to undergo further extensive review. We discuss weaknesses, remaining questions, and possible improvements concerning the current version 1.2 of ITSEC. Our criticism focusses on the intended scope, the functionality aspects, the assessment of effectiveness and correctness, and problems arising after the evaluation of IT systems. Additionally, the ITSEC development and the accompanying discussion are criticized and improvements are proposed.

Data security-threats and countermeasures

Abstract: The advances made by malicious hackers and some current and future means of prevention are examined. The various strains of computer viruses are described. Among these are new types such as stealth and polymorphic viruses, which are difficult to detect. The growing use of Virus Exchange Bulletin Boards, which promote the technology of writing difficult viruses, is discussed. The particular vulnerability of local area networks is examined. Protective measures, many of which cost little, are described. >

PC‐security Evaluation

Abstract: Reports on the evaluation of a set of commercial PC‐security products. Argues how, and why, this analysis differs from the kind of security evaluation described in the IT security evaluation criteria published recently by some national security agencies. Draws on an in‐depth examination down to the hardware level, based on the actual executable code and covers even attack scenarios where the attacker can manipulate the hardware of the PC. Summarizes the major findings, pointing out some frequent design faults in PC‐security systems.

Vulnerability Analyst's Guide to Geometric Target Description

Abstract: : Target vulnerability assessment requires accurate information about physical target parameters. This information allows the analyst to draw experimental conclusions or model phenomena which are deemed predictable. At the Ballistic Research Laboratory (BRL), computerized descriptions capture the geometry of the physical target and are constructed using the Multi-device Graphics Editor (MGED), allowing interactive manipulation of solid geometric primitives and their boolean combinations. This approach, using Constructive Solid Geometry (CSG), allows the analyst to create shapes and refinements to the accumulated geometric data to fulfill the requirements for a wide range of analysis tasks. Geometry created using MGED can be interrogated using many of the tools incorporated in BRL-CAD software package. This handbook prepares novice analysts to appropriately address a number of geometric description problems. Details of the MGED editor are explained, manipulation of the primitives is explored with reproducible examples provided, and description database organization issues are addressed. A fully integrated approach to target description for use in vulnerability analyses is presented in a prescriptive format to facilitate any analysis task. CSG, MGED, BRL-CAD, Vulnerability Assessment, Solids Modeling, Target Description, Targets, Vulnerability.

Fuzzy Measures in the Knowledge Based Diagnosis of Seismic Vulnerability of Masonry Buildings

Abstract: Rules based expert systems and fuzzy logic have been employed to increase the speed and the reliability of the survey of masonry buildings, to forecast their seismic vulnerability

An information-driven approach to network security

Abstract: Risk analysis must be used to help telecommunication managers to decide how much it is appropriate to spend on security countermeasures and where, within the network, this spending should be directed. Risk analysis is based on the concepts of threat, vulnerability, attack, risk and countermeasure. Structured risk analysis, a hybrid methodology developed by Hyperion Systems Limited in the UK, is discussed.