Misuse Project Bibliography Sorted by First Author Last Name -------------------------------- Key Words: - intrusion, fraud, espionage, medical (these indicate the domain or goal of the article) - anomaly, rule, hybrid (these indicate the method of detection if the article proposes one) - auditing (for any article that addresses auditing, but not a detection method) - NT (for things related directly to Windows NT) - policy (a suggested policy or methodology for creating one) - typing (domain typing and role based access) - virus (anything virus related) - mechanics (articles which discuss mechanics which may be useful, but do not discuss security related issues) - applets, proof-code, tape-sys, fault-iso (applet security, proof-carrying code, tape systems, and fault isolation) ---------------------------------------------------------------------------- Allen, P., McKendrick, R., Scott, C. Buananno, M. et al. "Interactive anomaly detection in large transaction history databases". High-Performance Computing and Networking. International Conference and Exhibition HPCN EUROPE 1996. {fraud} alt.comp.virus Macro virus FAQ, http://www.datafellows.com/macro/faq.html. {virus} Anderson, J.P. "Computer Security Threat Monitoring and Surveillance". For Washington, PA. James P. Anderson Co, April 1980. Anderson, Kent E. "International Intrusions: Motives and Patterns". Proceedings of the 1994 Bellcore/Bell South Security Symposium, May 1994 {intrusion} Anderson, Ross J. Security in Clinical Information Systems Jan 1996 {medical} Anderson, R.J. "A security policy model for Clinical Information Systems". IEEE ?. 1996. {medical, policy} Annual Report to Congress: Foreign Economic Collection and Industrial Espionage 1996, National Counterintelligence Center, May 1996, http://www.nacic.gov/cind/econ96.htm {espionage} Arca Systems, Inc. Advanced Internet Incident Research Final Report. December 26, 1996. {virus, } Audit Commission; London: Her Majesty's Stationary Office. Computer Fraud Survey. 1985 {fraud} Barney, L. "Detecting trading fraud". Wall Street and Technology, March 1995, vol.12(11):40-42 {fraud} Bassham, L.J. Carnahan, W.T. Polk, J.P. Wack. "Anti-Virus Tools and Techniques for Computer Systems". Noyes Data Corporation, Park Ridge, NJ, 1995. {virus} Bishop, Matt Wee, Christopher Frank, Jeremy. "Goal-Oriented Auditing and Logging", Submitted to ACM Transactions on Computing Systems, 1997 {auditing} Bobis, K.G. "Implementing right to know security in the computer-based patient record". IN: 1994 IEEE 13th Annual International Phoenix Conference on Computers and Communications (Cat. No.94CH3399-3). (1994 IEEE 13th Annual International Phoenix Conference on Computers and Communications (Cat. No.94CH3399-3)Proceeding of 13th IEEE Annual International Phoenix Conference on Computers and Communications, Phoenix, AZ, USA, 12-15 April 1994). New York, NY, USA: IEEE, 1994. p. 156-60. Pub type: Practical. {medical, policy} Boebert, W.E. R.Y. Kain. "A Practical Alternative to Hierarchical Integrity Policies". 8th Proceedings of the National Computer Security Conference. 1985 {typing} Bontchev. Future Trends in Virus Writing. University of Hamburg, Hamburg, Germany. {virus} Buckwell. "The Spook Solution - Now Open for Business"; Computers & Security, volume 15(1), 1996, pp. 17-26. [Describes various security mechanisms that are available commercially for IBM AIX, including Stalker, password checkers, IBM CMW. Each mechanism is briefly motivated with a case study or scenarios. The case studies are brief and lacking in any substantial detail.] {mechanics} Carter, David Katz, Andrew "Computer Crime: An emerging challenge for law enforcement", FBI Law Enforcement Bulletin, December 1996, pp. 1-8 {} Cavnar, William B. "Using an N-Gram Based Document Representation With A Vector Processing Retrieval Model", ???? {mechanics} Cholvy, Laurence Cuppens, Frederic "Analyzing Consistency of Security Policies", 1997 IEEE Symposium on Security and Privacy, Oakland, CA, 1997 {policy} Chow, Randy Kao, I-Lung. "Modeling Complex Access Control Policies in Distributed Systems", 1995 IEEE, pp. 404-411.
{mechanics} Cohen, R. A Short Course on Computer Viruses, John Wiley & Sons, Inc., New York, NY, 1994. {virus} Counterintelligence News and Developments, National Counterintelligence Center, 1995, http://www.nacic.gov/cind/cind195.htm {espionage} Counterintelligence News and Developments, National Counterintelligence Center, March 1997, http://www.nacic.gov/cind/cind197.htm {espionage} Crowder, Grace Nicholas, Charles. "An Approach to Large Scale Distributed Information Systems Using Statistical Properties of Text to Guide Agent Search", Sept 1995 {mechanics} Cuppens, Frederic Saurel, Claire. "Specifying a Security Policy: A Case Study", Proceedings, 9th IEEE Computer Security Foundations Workshop, Los Alamos, CA, IEEE Computer Society Press, 1996 {policy} Curet, O. Jackson, M. Tarar, A. "Designing and evaluating a case-based learning and reasoning agent in unstructured decision making". 1996 IEE International Conference on Systems, Man and Cybernetics. Beijing, China. Oct 1996 {fraud, } Dean, D., Felten, E.W., Wallach, D.S., "Java Security: From HotJava to Netscape and Beyond". Proceedings of the 1996 IEEE Symposium on Security and Privacy, pages 190-200, 1996. {applets} Denning, Dorothy, "An Intrusion-Detection Model," IEEE Transaction on Software Engineering, vol. SE-13, No, 2, February 1987. {mechanism, audit} Dryfuss, Robert. "Spy vs. No-Spy", The new Republic, December 23, 1996, pp 9-10 {espionage} Economic Espionage: Information on Threat from U.S. Allies (Testimony 02/28/96, GAO/T-NSIAD-96-114) {espionage} Engler, Natalie. "Lax Security: is it negligence?", Open Computing, July 1995 {} Fanning, K.Cogger, K.O., Srivastava, R. "Detection of management fraud: a neural network approach". Internationa Journal of Intelligent Systems in Accounting, Finance and Management, June 1995. Vol.4(2):113-26 {fraud, } Fast, William R. "Knowledge Strategies: Balancing ends, ways, and means in the information age", Institute for National Strategic Studies {} Fawcett, T. Provost, F. "Combining Data Mining and Machine Learning for Effective User Profiling". Proceedings , Second International Conference on Knowledge Discovery and Data Mining. Portland, OR. 1996 {fraud} Fayyad, U., Piatetsky-Shapiro, G., Smyth, P. "From Data Mining to Knowledge Discovery in Databases". AAAI Magazine, Fall 1996. {mechanics} Fayyad, U., Piatetsky-Shapiro, G., Smyth, P., Uthurusamy, R. "Advances in Knowledge Discovery and Data Mining". Menlo Park, Calif: AAAI Press. 1996. {mechanics} Ferraiolo, David F. Cugini, Janet A. Kuhn, D. Richard "Role-Based Access Control (RBAC): Features and Motivations" National Institute of Standards and Technology; 1995 http://hissa.ncsl.nist.gov/rbac/newpaper/rbac.html {typing} Fink. Ph.D. dissertation, University of California at Davis, 199 . {virus} Fischer, Lynn F. "Espionage: Why does it happen", Security Awareness Bulletin 1-94, DOD Security Institute {espionage} Fritzinger, J.S. Mueller, M. Java Security. Available at http://www.javasoft.com/security/whitepaper.ps Gives a brief overview of Java and the security implications. Gives a brief overview of security in general involving networks and common fallacies. Gives a breif overview of how Java security is implemented and extensions being made to the model with the release of JDK 1.1, such as signatures and JAR files. {applets} Furnell, S.M., Sanders, P.W., Warren, M.J. "Development of security guidelines for existing healthcare systems". Medical Informatics. v20(2). 1995. {medical, policy} Furnell, S.M.; Gaunt, P.N.; Pangalos, G.; Sanders, P.W.; and others. "A generic methodology for health care data security". Medical Informatics, July-Sept. 1994, vol.19, (no.3):229-45. Pub type: Practical. {medical, policy} Gabrieli, E. "Guidelines for minimal data security measures for the protection of computer-based patient records". Journal of Clinical Computing, 1993, vol.21, (no.6):141-82. Pub type: Practical. {medical, policy} Gabrieli, E. "Guidelines for minimal data security measures for the protection of computer-based patient records. II". Journal of Clinical Computing, 1993,vol.22, (no.1):1-48. Pub type: Practical. {medical, policy} Garner, Rochelle "The Growing Professional Menace", Open Computing, July 1995 {} Gaunti, A. "Windows NT security and auditing". IS Audit & Control Journal, 1995, vol.4:42, 44-7. [Discusses how the Microsoft Windows NT operating system architecture includes many built-in security features and a set of administrative tools useful to the auditor in analyzing system access and usage. Windows NT security features include: allowing file owners to restrict access; requiring User ID and password for logon; logging of system usage automatically protecting areas for system files; providing crash resistant architecture; providing printer security; providing built in backup management; providing for UPS usage; and helping prevent computer viruses.] {NT, auditing, virus} Gordon, "What a (Winword.) Concept", Command Software Systems http://www.virusbtn.com/VirusInformation/concept.html. {virus} Hamilton, D. "Application Layer Security Requirements of a Medical Information System". 15th National Computer Security Conference. Baltmore MD. Oct 1992. {medical} Hart-Davis, Guy. Word 97 Macro & VBA Handbook, Sybex, Alameda, CA, 1997. {virus} Hayam, A. "Security Audit Center - a suggested model for effective audit strategies in health care informatics". International Journal of Bio-Medical Computing. v35(1). 1994 {medical} Heinlein, Edwin B. "Medical Records Security", Computers & Security, volume 15(2), 1996. {medical} Helman, P., Liepins, G. "Statistical Foundations of Audit Trail Analysis for the Detection of Computer Misuse". IEEE Transactions on Software Engineering. V19(5). Sept. 1993. {misuse, auditing} Heydon, Allan Tygar, J.D. "Specifying and Checking Unix Security Constraints," Usenix Association '92, pp. 211-226. {policy} Ho, YC., Yang, M.SY., Lee, L.H. "A New Approach for Stochastic Optimization Problems". ?? 1996 {mechanics} Hoffman. "Rogue Programs: Viruses, Worms, and Trojan Horses". Van Nostrand Reinhold, New York, NY, 1990. {virus} IBM, Macro Evolution, Antivirus Online, Volume 2, Issue 2, http://www.av.ibm.com, 1997. {virus} Joyal, P.M. "Industrial espionage today and information wars of tomorrow". Proceedings of the SPIE, 1996. V2616:161-70 {espionage} Katsikas, S.K., Gritzalis, D.A. "The need for a security policy in health care institutions". International Journal of Bio-Medical Computing. v35(1). 1994 {medical, policy} Knoblock, Craig Arens, Yigal Hsu, Chun-Nan "Cooperating Agents for Information Retrieval", Proc. Second International Conference on Cooperative Information Systems, University of Toronto Press, Toronto, Ontario, Canada, 1994 {mechanics} Ko, C.C.W. "Execution Monitoring of Security-Critical Programs in a Distributed System: A Specification-Based Approach", Ph.D. Thesis, Computer Science Department, University of California, Davis, August 1996. {} Kohavi, Ron. "A Third Dimension to Rough Sets", Third International Workshop on Rought Sets and Soft Computing (RSSC 94) {mechanics} Kohavi, Roh Frasca, Brian. "Useful Feature Subsets and Rough Set Reducts", Third International Workshop on Rought Sets and Soft Computing (RSSC 94) {mechanics} Kowalski, Stewart. "An accountability server for health care information systems". International Journal of Bio-Medical Computing 35 (1994) {medical, policy, rule} Kumar, Sandeep and Spafford, E.H. "A Pattern Matching Model For Misuse Intrusion Detection" Dept of CS, Purdue University, Proceedings of the National Computer Security Conference 1994 http://www.cs.purdue.edu/coast/coast-library.html {intrusion, rule} Kumar, Sandeep and Spafford, E.H. "A Software Architecture to Support Misuse Intrusion Detection Dept of CS, Purdue University; CSD-TR-95-009; 1995. http://www.cs.purdue.edu/coast/coast-library.html {intrusion, rule} Ladue, M.D., "When Java Was One: Threats From Hostile Byte Code and Java Platform Viruses". Available at http://www.math.gatech.edu/%7Emladue/java_was_1.html Gives an overview of the class file format and describes how easy it is to modify it It also shows that the set of all possible java programs created by a java compiler is smaller than the set of all possible bytecodes accepted by the bytecode verifier, such as adding goto statements. The reason is that there are certain constraints not checked for by the verifier. It also gives examples of ways that possible Java viruses can exploit this. {applets} Lane, Terran Brodley, Carla E. "Sequence Matching and Learning in Anomaly Detection for Computer Security", 1997 AAAI-Fraud Risks Workshop, July 1997 {intrusion, anomaly} Lin, T. Y. "Anomaly Detection - A Soft Computing Approach", ??? { , anomaly} Lo. Ph.D. dissertation, University of California at Davis, 1992. {virus} Lunt, Teresa F. "A Survey of Intrusion Detection Techniques". Computers & Security, 12(4):405-418, June 1993. {intrusion, anomaly, rule, hybrid} Magruder, S., Lewis, S., "Espionage via viruses: the future risk". Computer Fraud and Security Bulletin, Jan 1992:14-16. {espionage, virus} Major, J.A.; Riedinger, D.R. "EFD: a hybrid knowledge/statistical-based system for the detection of fraud". International Journal of Intelligent Systems, Sept. 1992, vol.7, (no.7):687-703. Pub type: Application; Practical. {fraud, hybrid} Martin, Richard John. MS Word 6.x Macro Viruses FAQ V2.0 for the ALT.COMP.VIRUS Newsgroup. http://webworlds.co.uk /dharley/anti- virus/wordvirus.FAQ. March 8, 1996. {virus} McCurley, Kevin S. "Protecting Privacy and Information Integrity of Computerized Medical Information", Sandia National Laboratories, June 1995 {medical} McNamara, Joel. Document Macro Viruses. http://www.chibacity.com/chiba/files/macro/dmv.zip, 1994. {virus} Mitchell, Tom M. Machine Learning, McGraw Hill, 1997 {mechanics} Nachenberg. "Computer Virus Coevolution". Communications of the ACM, Vol. 40, No. 1, pp. 46-51, January 1997. {virus} National Computer Security Center, Final Evaluation Report, Microsoft, Incorporated Windows NT Workstation and Server Version 3.5 with U.S. Service Pack 3, National Security Agency, 9800 Savage Road, Fort George G. Meade, Maryland 20755-6000, 14 February 1996 {NT} National Computer Security Center, "A Guide to Understanding Audit in Trusted Systems," 1 June 1988 {audit} NACIC: "Industrial Spying Grows; Still Aimed at S&T", New Technology Week, July 8, 1996 {espionage} Necula, G.C. "Proof-Carrying Code". 24th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, Paris, France, Jan 15-17, 1997. Available at http://foxnet.cs.cmu.edu/papers/necula-popl97.ps {proof-code} Necula, G.C., Lee, P. "Safe Kernel Extensions Without Run-Time Checking". Second Symposium on Operating System Design and Implementations (Oct.1996), Usenix. Available at http://foxnet.cs.cmu.edu/papers/necula-osdi96.ps {proof-code} Neumann, Peter and Donn Parker, "A Summary of Computer Misuse Techniques", 12th NCSC, 1989. {} Pangalos, G.J. "Medical Database Security Policies". Methods of Information in Medicine. v32. 1993 {medical} Power, Richard. "1996 CSI/FBI Computer Crime and Security Survey", Computer Security Issues & Trends, v11.2, spring 1996 {fraud} Pozzo. "Towards Computer Virus Prevention". Ph.D. dissertation, University of California at Los Angeles, 1990. {virus} Reichel, R. Inside Windows NT Security - Part 1. Windows/DOS Developer Journal. April 1993. {NT} Reichel, R. Inside Windows NT Security - Part 2. Windows/DOS Developer Journal. May 1993. {NT} Rind, David M. MD; Kohane, Isaac S. MD, PhD; Szolovits, Peter PhD; Safran, Charles MD; Chueh, Henry C. MD; and Barnett, G. Octo MD "Maintaining the Confidentiality of Medical Records Shared Over the Internet and the World Wide Web" Annals of Internal Medicine 15 July 1997. 127:138-141. http://www.acponline.org/journals/annals/15jul97/mronnet.htm {medical, policy} Russinovich, Mark Cogswell, Bryce "Examining the Windows NT Filesystem." Dr. Dobb's Journal, February 1997. {NT} Russinovich, Mark Cogswell, Bryce "Windows NT System-Call Hooking." Dr. Dobb's Journal, January 1997. {NT} Sanna, Paul, et al. Using Visual Basic for Applications 5. Que, Indianapolis, IN, 1997. {virus} Sheldon, T. Windows NT Security Handbook. Osborne/McGraw Hill. 1997 {NT} Slowinski, Roman ed. "Intelligent Decision Support: Handbook of Applications and Advances of the Rough Sets Theory", Kluwer Academic Publishers, 1992 {mechanics} Sommer, Peter "Industrial Espionage: analysing the risk", Computers & Security, 13(1994), pp. 558-563 {espionage} Sommer, P. "Computer Aided Industrial Espionage". Computer Fraud & Security Bulletin, Nov 1993:10-17. 1993. {espionage} Stang, David J. Computer Virus Handbook. Seven Locks Software, http://www.sevenlocks.com/VirusHandbook /ComputerVirusHandbook.htm , 1997. {virus} Sterbenz, A. "An Evaluation of the Java Security Model". 12th Annual Computer Security Applications Conference, San Diego, CA, December9-13, 1996 Gives a brief overview of the Java language followed by a discussion of the security issues involved in running moble code. It gives serveral approaches including Java's. It then looks at the Java security model as well as current implementations and evaluates their efficiency and flexibility. Ths includes a brief description of what methods are available in the Security Manager class. {applets} Taek, Mu Kwon, Feros, E.H. "A multilayered perceptron approach to prediction of the SEC's investigation targets". IEEE Transactions on Neural Networks. Sept. 1996 vol.7(5):1286-90. 1996. {fraud, } Tanner, M.A. "Tools for Statistical Inference: methods for the exploration of posterior distributions and likelihood functions", 3rd Ed. Springer. 1996. {mechanics} "Understanding Virus Behavior in the Windows NT Environment", available at http://www.symantec.com/avcenter/reference/vbnt.html {virus} U.S. Department of Energy, "Winword Macro Viruses", Computer Incident Advisory Capability, 2/18/96 available at: http://ciac.llnl.gov/ciac/bulletins/g-10a.shtml. {virus} Varadharajan, Vijay, "An Access Control Model and Its Use in Representing Mental Health Application Access Policy," IEEE Transactions on Knowledge and Data Engineering, vol. 8, no. 1, pp. 81-95, February 1996. {medical, policy, mechanism} Virus Bulletin. July 1996 DOS Scanner Comparative. http://www.virsbtn.com/Comparatives/Dos/199607/scanres_tables.html {virus} Visser, Jos "Comments on the NT password hack," April 10, 1997. © Copyright 1997 Open Solution Providers, http://www.osp.nl. {NT} Volpano, D., Smith, G., Irvine, C., "Towards Type Systems for SecureRemote Evaluation", Abstract, 1996 {type-sys} Volpano, D., Smith, G., Irvine, C., "A Sound Type System for Secure Flow Analysis". Journal of Computer Security, 4(3), pp.1-21, 1996. {type-sys} Wahbe, R., Lucco, S., Anderson, T.E., Graham, S.L. "Efficient Software-Based Fault Isolation". 14th ACM Symposium on Operating Systems Principles (Dec. 1993), ACM, pp. 203-216. {fault-iso} Walker, K.M., Sterne, D.F., Badger, L., Oostendorp, K.A., Petkac, M.J., Sherman, D.L. "Confining Root Programs with Domain and Type Enforcement" available at http://www.tis.com/docs/research/operating/usenix96.html {typing} Wee, Christopher "Policy-directed Auditing and Logging," Ph.D. Dissertation. Computer Science Department, University of California, Davis, August 1996. {auditing} Westland, J.C. "Bayesian Alternatives to Neural Computing". IEEE Transactions on Systems, Man, and Cybernetics. 1995 {mechanics} Yellin, F. "Low Level Security in Java". Available at http://java.sun.com/sfaq/verifier.html Describes the Java bytecode verifier. {applets} Yetiser. "Polymorphic Viruses - Implementation, Detection, and Protection". VDS Advanced Research Group, Baltimore, MD, 1993. {virus}