Access Restriction

Author Zerkle, Dan ♦ Levitt, Karl
Source CiteSeerX
Content type Text
File Format PDF
Language English
Subject Domain (in DDC) Computer science, information & general works ♦ Data processing & computer science
Subject Keyword Security Mechanism ♦ Multiple Host ♦ Simple Configuration Error ♦ Individual Host ♦ Fast Performance ♦ Modern Networked Computer System ♦ Wide Variety ♦ Production System ♦ Unix Computer ♦ File Permission ♦ Unintended Access ♦ Proper Configuration ♦ Multi-host Configuration Vulnerability Checker ♦ Operating System ♦ Poor System Configuration ♦ Backwards Goal-based Search ♦ Real Vulnerability
Description NetKuang is an extension to Baldwin's SU-Kuang. It runs on networks of computers using Unix and can find vulnerabilities created by poor system configuration. Vulnerabilities are discovered using a backwards goal-based search that is breadth-first on individual hosts and parallel when multiple hosts are checked. An implementation in C++ found real vulnerabilities on production systems. Tests show reasonably fast performance on an LAN. 1 Introduction The security of modern networked computer systems is dependent on more than just the integrity of the software and protection mechanisms their operating systems use; it is also dependent on the proper configuration and use of that software. Unix computers have a wide variety of security mechanisms such as file permissions, passwords, trusted hosts, and so forth. In practice, such mechanisms can quickly grow very complex. A simple configuration error can lead to users gaining unintended access. The problem has grown worse with the popularit...
Educational Role Student ♦ Teacher
Age Range above 22 year
Educational Use Research
Education Level UG and PG ♦ Career/Technical Study
Learning Resource Type Article
Publisher Date 1996-01-01
Publisher Institution in Proceedings of the 6th USENIX Unix Security Symposium