Information system attacks: A preliminary classification scheme

Computers and Security

Volumn 16, Issue 1, 1997, Pages 29-46

  Cohen, Fred ^a  

^a SANDIA NATIONAL LABORATORIES   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ENGINEERING RESEARCH; INFORMATION TECHNOLOGY; RISK ASSESSMENT; SECURITY OF DATA; SECURITY SYSTEMS;

INFORMATION PROTECTION; INFORMATION SYSTEM ATTACK METHODS;

COMPUTER CRIME;

EID: 0030701247     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/S0167-4048(97)85785-9     Document Type: Article

References (62)

1. Agudo, 1996. Assessment of Electric Power Control Systems Security, Joint Program Office for Special Technology Countermeasures, September 30, 1996.
2. Bell, D.E. and LaPadula, L.J., 1973. Secure Computer Systems: Mathematical Foundations and Model. The Mitre Corporation, 1973.
3. Bellovin, S.M., 1989. Security Problems in the TCP/IP Protocol Suite. ACM SIGCOMM. Computer Communications Review, April 1989, pp. 32-48.
4. Bellovin, S.M., 1992. There Be Dragons, Proceedings of the Third Usenix UNIX Security Symposium. Baltimore, September 1992.
5. Biba, K.J., 1977. Integrity Considerations for Secure Computer Systems, USAF Electronic Systems Division, 1977.
6. Bishop, M. and Dilger, M., 1996. Checking for Race Conditions in File Access.
7. Bochmann, G.V. and Gecsei, J., 1977. A Unified Method for the Specification and Verification of Protocols, IFIP Congress, Toronto, 1977, pp. 229-234.
8. Cheswick, W. and Bellovin, S.M., 1994. Firewalls and Internet Security - Repelling the Wiley Hacker, Addison-Wesley, 1994.
9. Cohen, F., 1984. Computer Viruses - Theory and Experiments, IFIP TC-11 Conference, Toronto, 1984.
10. Cohen, F., 1985. Algorithmic Authentication of Identification, Information Age, January 1985, pp. 35-41, 7, 1.
11. Cohen, F., 1985b . A Secure Computer Network Design, IFIP, TC-11, Computers & Security, Vol. 4, No. 3, 1985, pp. 189-205.
12. Cohen, F., 1986. Computer Viruses, ASP Press, 1986.
13. Cohen, F., 1987. Protection and Administration of Information Networks under Partial Orderings, IFIP-TC11, Computers & Security, Vol. 6, 1987, pp. 118-128.
14. Cohen, F., 1987B. Introductory Information Protection, ASP Press, 1987.
15. Cohen, F., 1988. A New Integrity-Based Model for Limited Protection Against Computer Viruses, Masters Thesis, The Pennsylvania State University, College Park, PA, 1988.
16. Cohen, F., 1988b. Models of Practical Defenses Against Computer Viruses, IFIP-TC11, Computers & Security, Vol. 7, No. 6, 1988.
17. Cohen, F., 1991. A Short Course on Systems Administration and Security Under Unix, ASP Press, 1991.
18. Cohen, F., 1994. A Short Course on Computer Viruses, 2nd Ed. New York: John Wiley, 1994.
19. Cohen, F., 1994b. Operating Systems Protection Through Program Evolution, IFIP-TC11, Computers & Security, 1994.
20. Cohen, F., 1994c. It's Alive!!!, John Wiley and Sons, 1994.
21. Cohen, F., 1995. Protection and Security on the Information Superhighway, Wiley and Sons, New York, 1995.
22. Cohen, F. et al., 1993. Defensive Information Warfare -Information Assurance, Task Order 90-SAIC-019, DoD Contract No. DCA 100-90-C-0058, December, 1993.
23. Cohen, F., and Mishra, S., 1994. Experiments on the Impact of Computer Viruses on Modern Computer Networks, IFIP-TC11, Computers & Security, 1994.
24. Cohen, F. et al., 1994. National Info-Sec Technical Baseline -Intrusion Detection and Response, Lawrence Livermore National Laboratory Sandia National Laboratories, December, 1996.
25. Cohen, F., 1997. A Secure World-Wide-Web Server, IFIP-TC11, Computers & Security, 1997, in press.
26. Dagle, J. et al., 1996. Assessment of Information Assurance for the Utility Industry, Electric
27. Power Research Institute, Draft, December 5, 1996, Palo Alto, California, USA.
28. Danthine, A.A.S., 1982. Protocol Representation with Finite State Machines, Computer Network Architectures and Protocols, P.E. Green, Jr. Editor, Plenum Press, 1982.
29. Denning, D.E., 1975. Secure Information Flow in Computer Systems, Ph.D. dissertation, Purdue Univ., West Lafayette, Indiana, USA, 1975.
30. Denning, D.E., 1976. A Lattice Model of Secure Information Flow, Communications of the ACM, Vol. 19, No. 5, 1976, pp. 236-243.
31. Denning, D.E., 1982. Cryptography and Data Security, Addison Wesley, Reading, Masachusetts, USA, 1982.
32. Dunnigan, J.F. and Nofi, A.A., 1995. Victory and Deceit - Dirty Tricks at War, William Morrow and Co., 1995.
33. Feustal, E.A., 1973. On the Advantages of Tagged Architecture, IEEE Trans. on Computers C-22, No. 7, July 1973, pp. 644-656.
34. GASSP, 1995. Generally Accepted System Security Principles, Prepared by the GSSP Draft Sub-committee.
35. Hailpern, B.T. and Owicki, S.S., 1983. Modular Verification of Computer Communication Protocols, IEEE Communications, Vol. 31, No. 1, January 1983.
36. Harrison, M. et al., 1976. Protection in Operating Systems. CACM, Vol.19, No. 8, August 1976, pp. 461-471.
37. Hecht, H., 1993. Rare Conditions - An Important Cause of Faults, IEEE 0-7803-1251-1/93, 1993.
38. Hoffman, L.J., 1990. Rogue Programs: Viruses, Worms, and Trojan Horses, Von Noisted, Reinhold, 1990.
39. Knight, G., 1978. Cryptanalysts Corner, Cryptologia, Vol. 1, January 1978, pp. 68-74.
40. Lampson, B.W., 1973. A Note on the Confinement Problem, CACM, 16(1), October 1973, pp. 613-615.
41. Landwehr, C.E., 1983. The Best Available Technologies for Computer Security, IEEE Computer, Vol. 16, No. 7, July 1983.
42. Linde, R., 1975. Operating System Penetration, AIFIPS National Computer Conference, 1975, pp. 361-368.
43. Liepins, G.E. and Vaccaro, H.S., 1982. Intrusion Detection: Its Role and Validation, Computers & Security, Vol. 11, 1992, pp. 347-355.
44. Lyu, M., 1995. Handbook of Software Reliability Engineering.
45. Merlin, P.M., 1979. Specification and Validation of Protocols, IEEE Communications, Vol. 27, No. 11, November 1979.
46. Neumann, P.G., 1995. Computer Related Risks. Addison Wesley, ACM Press, 1995. Neumann, E and Parker, D., 1989. A Summary of Computer Misuse Techniques, Proceedings of the 12th National Computer Conference, October 1989.
47. Neumann, P.G., 1995. Computer Related Risks. Addison Wesley, ACM Press, 1995. Neumann, E and Parker, D., 1989. A Summary of Computer Misuse Techniques, Proceedings of the 12th National Computer Conference, October 1989.
48. NSTAC, 1996. National Security Telecommunication Advisory Committee, Information Assurance Task Force - Electric Power Information Assurance Risk Assessment, November 1996 draft.
49. Palmer, J.W. and Sabnani, K.K., 1986. A Survey of Protocol Verification Techniques, MilCom, September 1986.
50. Pekarske, R., 1990. Restoration in a Flash - Using DS3 Cross-connects, Telephony, September 10, 1990.
51. Sabnani, K.K. and Dahbura, A., 1985. A New Technique for Generating Protocol Tests, Computer Communications Review, 1985.
52. SAIC-IW, 1995. Information Warfare - Legal, Regulatory, Policy, and Organizational Considerations for Assurance, July 4, 1995.
53. Sarikaya, B and Bochmann, G.V., 1982. Some Experience with Test Sequence Generation for Protocols, Protocol Specification, Testing, and Verification II, C. Sunshine editor, North-Holland Publishing, 1982.
54. Shannon, C., 1949. Communications Theory of Secrecy Systems, Bell Systems Technical Journal, 1949, pp. 656-715.
55. Spafford, E., 1992. Common System Vulnerabilities, Software Engineering Research Center, Computer Science Department, Purdue University, March 1992.
56. Sunshine, C., 1979. Formal Techniques for Protocol Specification and Verification, IEEE Computer, 1979.
57. Thyfault, M.E. et al., 1992. Weak Links, Information Week, August 10, 1992, pp. 26-31.
58. Turing, A., 1936. On Computable Numbers, with an Application to the Entscheidungs Problem, London Math Soc. Ser 2., Vol 42, November 12, 1936, pp. 230-265.
59. van Eck, W., 1985. Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk?, Computers & Security, Vol 4, 1985, pp. 269-286.
60. Voas, J. et al., 1993. A Model for Detecting the Existence of Software Corruptions in Real-Time, IFIP-TC11, Computers & Security, Vol. 12, No. 3, 1993, pp. 275-283.
61. Winkelman, 1995. Misdirected phone call shuts down local power, ACM SIGSOFT Software Engineering Notes, Vol. 20, No. 3; July 1995, pp. 7-8.
62. WSCC, 1996. Western Systems Coordinating Council, WSCC Preliminary System Disturbance Report, August 10, 1996, draft.