Papers and Talks
Here are papers and talks about our work. They are organized (roughly)
by topic. Have fun!
Attacks, Vulnerabilities, and Fun Stuff
- L. T. Heberlein and M. Bishop,
"Attack Class: Address Spoofing,"
Proceedings of the 19th National Information Systems Security Conference
pp. 371-377 (Oct. 1996)
[PDF] [PS]
- M. Bishop and M. Dilger,
"Checking for Race Conditions in File Accesses,"
Computing Systems 9(2) (Spring 1996) pp. 131-152.
[PDF]
[PS]
- M. Bishop,
"Adventures in Hackery,"
System Administration, Networking, and Security Conference IV,
Washington, DC (May 1996).
[PDF]
[PS]
- M. Bishop,
"Patch-and-Catch,"
UNIFORUM, San Francisco, CA (Mar. 1996).
[PDF]
[PS]
- M. Bishop,
"UNIX Security: Threats and Solutions,"
SHARE 86.0, Anaheim, CA (Mar. 1996).
[PDF]
[PS]
- M. Bishop,
"Intruders and UNIX Security,"
Network Security, Washington DC (Nov. 1995).
[PDF]
[PS]; also at
High Technology Crime Investigation Association Conference,
San Antonio TX (Nov. 1995).
[PDF]
[PS]
- M. Bishop and M. Dilger,
"Checking for Race Conditions in UNIX File Accesses,"
Technical Report 95-9,
Department of Computer Science,
University of California at Davis (Sep. 1995).
[PDF]
[PS]
- M. Bishop,
"Race Conditions, Files, and Security Flaws:
or, The Tortoise and the Hare Redux,"
Technical Report 95-8,
Department of Computer Science,
University of California at Davis (Sep. 1995).
[PDF]
[PS]
Classification of Vulnerabilities
- M. Bishop,
"Classifying Vulnerabilities,"
Nineteenth National Information Systems Security Conference,
Baltimore, MD (Oct. 1996).
[PDF]
[PS]
- M. Bishop and D. Bailey,
"A Critical Analysis of Vulnerability Taxonomies,"
Technical Report 96-11,
Department of Computer Science,
University of California at Davis (Sep. 1996).
[PDF]
[PS]
-
M. Bishop,
"A Taxonomy of UNIX and Network Security Vulnerabilities,"
Technical Report 95-10,
Department of Computer Science,
University of California at Davis (May 1995).
[PDF]
[PS]
Education
- M. Bishop,
"Teaching Computer Security,"
position paper for the Workshop on Education in Computer Security,
Monterey, CA (Jan. 1997).
[PDF]
[PS];
slides from the presentation
[PDF]
[PS]
This argues that computer security should be taught throughout the
curriculum, and not seen as a separate discipline that can be taught
independently of basic programming, operating systems, networks, and so forth.
- M. Bishop,
"Teaching Computer Security,"
Proceedings of the Ninth IFIP Internationsl Symposium on Computer
Security, IFIP/Sec'93 (May 1993) pp. 43-52.
[PDF]
[PS]
This discusses the curriculum of several courses in computer security
that we taught at Dartmouth College,
and some ideas and suggestions on improving the material.
Information Survivability and Assurance
- M. Bishop,
"Information Survivability, Security, and Fault Tolerance,"
position paper for the Information Survivability Workshop,
electronic proceedings; this is paper #6
(Feb. 1997).
[PDF]
[PS]
This is a position paper relating security to information survivability.
Property-Based Testing
- G. Fink and M. Bishop,
"Property Based Testing: A New Approach to Testing for Assurance,"
ACM SIGSOFT Software Engineering Notes, 22(4) (July 1997).
[PDF]
[PS]
This discusses a general technique to locate programming errors, and
ties the work specifically to security flaws.
The technique combines elements of formal testing with informal
verification.
Resources
- M. Bishop and L. T. Heberlein,
"An Isolated Network for Research,"
Proceedings of the 19th National Information Systems Security Conference
pp. 349-360 (Oct. 1996).
[PDF]
[PS]
Writing Privileged Code
- M. Bishop,
"Writing Safe Privileged Programs,"
Network Security 1997,
New Orleans, LA (Oct. 1997).
[PDF]
[PS]
- M. Bishop,
"How to Write a Setuid Program,"
:login; 12(1) (Jan./Feb. 1986),
[Postscript]
My original foray into the field;
it still wears well, and only has one mildly
embarrassing gaffe.
A classic is something that everybody wants to have read and nobody
wants to read. -- Mark Twain
Matt Bishop
Department of Computer Science
3059 Engineering Unit II
phone: +1 (530) 752-8060
fax: +1 (530) 752-4767
email: bishop@cs.ucdavis.edu
Last modified on November 27, 1998