Title: A Best-Case Network Performance Model
Authors: Steven M. Bellovin
Abstract:
- Network performance measures usually focus on average throughput.
We, however, were concerned with best-case behavior: how fast
could a packet traverse the network if there were no contention for
resources. By subtracting the path time to a node from the path time
through the node, we were able to develop a simple best-case delay
model. This model was sensitive enough to determine the board-level
configuration of a router 750 miles away.
Title: A Guide to Understanding Trusted Distribution in Trusted Systems
Authors: National Computer Security Center
File name: /pub/doc/network/trusted_network_interpretation.txt.Z
Abstract:
- This document is the latest in the series of technical guidelines that
are being published by the National Computer Security Center. These
publications are designed to provide insight to the Trusted Computer
Systems Evaluation Criteria requirements and guidance for meeting each
requirement.
Title: A Security Analysis of the NTP Protocol
Authors: Matt Bishop
Abstract:
- The Network Time Protocol is being used throughout the Internet to
provide an accurate time service. This paper examines the security
requirements of such a service, analyzes the NTP protocol to determine
how well it meets these requirements, and suggests improvements where
appropriate.
Title: A Unix Network Protocol Security Study: Network Information Service
Authors: David K. Hess David R. Safford Udo W. Pooch
Abstract:
- This paper is a study of the security weaknesses present in a widely
used Unix network protocol, Network Information Service(NIS).
Title: A Weakness in the 4.2BSD Unix TCP/IP Software
Authors: Robert T. Morris
Abstract:
- The 4.2 Berkeley Software Distribution Software of the Unix operating
system (4.2BSD for short) features an extensive body of software based
on the "TCP/IP" family of protocols. In particular, each 4.2BSD system
"trust" some set of other systems, allowing users logged into trusted
systems to execute commands via a TCP/IP network without supplying a
password. This paper describe how the design of TCP/IP and the 4.2BSD
implementation allow users on untrusted and possibly very distant hosts
to masquerade as users on trusted hosts.
Title: Addressing Weaknesses in the Domain Name System Protocol
Authors: Christoph L. Schuba Eugene H. Spafford
Abstract:
- This paper describes problems with the DNS and one of its
implementations that allow the abuse of name based authentication,
also outlines the current design and implementation of the DNS,
demonstrates these weaknesses by describing the necessary
modifications in authoritative DNS data and Domain Name System
code.
Title: Characteristics of Wide-Area TCP/IP Conversations
Authors: Ramon Caceres Peter B. Danzig Sugih Jamin Danny J. Mitzel
Abstract:
- In this paper, we characterize wide-area network applications that use the
TCP transport protocol. We also describe a new way to model the
wide-area traffic generated by a stub network. We believe the traffic model
presented here will be useful in studying congestion control, routing
algorithms, and other resource management schemes for exis
future networks.
Our model is based on trace analysis of TCP/IP wide area internetwork
traffic. We collected the data from USC, UCB and Bellcore networks at
the point they connect with their respective regional access networks.
We then wrote a handful of programs to analyze the traces.
Our model characterizes individual TCP conversations by the
distributions of: number of bytes transferred, duration, number of
packets transferred, packet size, and packet interarrival time.
Title: Countering Abuse of Name-Based Authentication
Authors: Christoph L. Schuba Eugene H. Spafford
Abstract:
- This paper describes problems of name-based authentication requiring
late binding such as that provided by the DNS for host-name-to-address
associations. It states the problem in an abstract way and in concrete
case of the DNS, also analyzes the conditions that facilitate the
exploitation of the problem and explains the weakness that are present
in the DNS, then explores some possible solutions to the
problem.
Title: NFS Tracing By Passive Network Monitoring
Authors: Matt Blaze
Abstract:
- Traces of filesystem activity have proven to be useful for a wide
variety of purposes, rang- ing from quantitative analysis of system
behavior to trace-driven simulation of filesystem algo- rithms. Such
traces can be difficult to obtain, however, usually entailing
modification of the filesystems to be monitored and runtime overhead
for the period of the trace. Largely because of these difficulties, a
surprisingly small number of filesystem traces have been conducted,
and few sample workloads are available to filesystem researchers.
This paper describes a portable toolkit for deriving approximate
traces of NFS [1] activity by non-intrusively monitoring the Ethernet
traffic to and from the file server. The toolkit uses a promiscuous
Ethernet listener interface (such as the Packetfilter[2]) to read and
reconstruct NFS-related RPC packets intended for the server. It
produces traces of the NFS activity as well as a plausible set of
corresponding client system calls. The tool is currently in use at
Princeton and other sites, and is available via anonymous ftp.
Title: OARnet Security Procedures
Authors: Kannan Varadhan
Abstract:
- This document discusses a variety of possible measures to enhance
network security for an organization intending to connect to a
regional network. These are just general principles for building
firewalls and security. Absolute solutions are possible only when
exact configurations are available, and are outside the scope of this
document.
Title: Open System Security - an Architectural Framework
Authors: Arto T.Karila
Abstract:
- This Ph.D Dissertation bring a semi-formal model for the security of
communications between peer entities within an OSI layer and between
entire application instances.
Title: Packets Found on an Internet
Authors: Steven M. Bellovin
Abstract:
- As part of our security measures, we spend a fair amount
of time and effort looking for things that might otherwise be
ignored. Apart from assorted attempted penetrations, we have also
discovered many examples of anomalous behavior. These range from
excessive ICMP messages to nominally local broadcast packets that have
reached us from around the world.
Title: Paving the Road To Network Security or the Value of Small Cobblestones
Authors: Hiarie Orman Sean O'Malley Richard Schroeppel David Schwartz
Abstract:
- The methods demonstrated in this paper illustrate how configuration
flexibility can be achieved and how complex services can be
constructed, all using the same building block modules.
Title: Pseudo-Network Drivers and Virtual Networks
Authors: S. M. Bellovin
Abstract:
- Many operating systems have long had persudo-teletypes, inter-process
communication channels that provide terminal semantics on one end, and
a smart server program on the other. This paper describes an analogous
concept, pseudo-network drivers. One end of the driver appears to be a
real network device, with the appropriate inerface and semantics: data
writen to it goes to a program, however, rather than to a physical medium.
Using this and some auxiliary mechanisms, the author present a variety of
applications, including system test, network monitoring, dail-up TCP/IP,
and ways to both improve and subvert network security.
Title: Security Problems in the TCP/IP Protocol Suite
Authors: S.M. Bellovin
Abstract:
-
- The TCP/IP protocol suite, which is very widely used today, was
developed under the sponsorship of the Department of Defense. Despite
that, there are a number of serious security flaws inherent in the
protocols, regardless of the correctness of any implementations. This
paper describes a variety of attacks based on these flaws, including
sequence number spoofing, routing attacks, source address spoofing,
and authentication attacks. It also presents defense against these
attacks, and conclude with a discussion of broad-spectrum defenses
such as encryption.
Title: The Architecture and Implementation of Network-Layer Security Under Unix
Authors: Matt Blaze John Ioannidis
Abstract:
- swIPe is a network-layer security protocol for the IP
protocol suite. This paper presents the architecture, design
philosophy, and performance of an implementation of swIPe under
several variants of Unix. swIPe provides authentication, integrity,
and confidentiality of IP datagrams, and is completely compatible
with the existing IP infrastructure. To maintain this compatibility,
swIPe is implemented using an encapsulation protocol. Mechanism
(the details of the protocol) is decoupled from policy (what
and when to protect and key management). swIPe under Unix is
implemented using a virtual network interface. The parts of the
implementation that process incoming and outgoing packets are entirely
in the kernel; parameter setting and exception handling, however, are
managed by user-level processes. The performance of swIPe on modern
workstations is primarily limited only by the speed of the
underlying authentication and encryption algorithms; the mechanism
overhead is negligible in our prototype.
Title: The "Session Tty" Manager
Authors: S. M. Bellovin
Abstract:
- In many Unix systems, it is possible for a program to retain access to
the login terminal after the user has logged out. THis poses obvious security
rishs and can also confuse the modem control signals. People solve this for
System V by adding a layer of indirection known as the session tty driver.
At login time, a session device is linked to the physical terminal. User
program have access to the session device only, and may not open the physical
line. Upon logout or carrier drop, the link is servered. New login sessions are
given new session devices is controlled by a new system process known as
the session manager, by means of suitable plumbing primitives, a 'reconnect
after line drop' facility can easily be implemented.
Title: Trusted Distribution
Authors: National Computer Security Center
Abstract:
- This publication is issued by the National Computer Security
Center(NCSC) as part of its program to promulgate technical computer
security guidelines. The interpretations extend the evaluation
classes of the Trusted Systems Evaluation Criteria (DOD 5200.28-STD)
to trusted network systems and components.
|