Vulnerabilities Research Group

Meeting began at 11:00AM

Agenda

1. Plans for the rest of the quarter meeting (Matt)

Goals for this term


Papers to be written


schedule of topics: SGML, symbolic links as a cause of security problems, what is taxonomy, Cowan's Stack Guard, etc.


discussion of projects,statuses


2.Other (all)

This includes items for the next meetings agenda, including when to meet next.


---

Matt

• Goals - get Vulnerabilities Database redone by setting up a couple of templates and then checking it out. Basically what we had done before, template could be html or ref, ascii, etc.. Number of different formats could put parts of it on web.

  Todd

• Maybe database should contain more of an analysis.

  Matt

• Database contains description. Enough information to do a full breakdown of a vulnerability. A number of the vulnerabilities are for windows, not UNIX, so that will be nice.
• I'd like to get going quickly.
• Symbolic links-like to explore and see if more than race conditions. Why do they seem to be so fruitful.
• Stackguard Paper- by Chrispain Cowan, checks to see if random numbers are modified.
• we should test Stackguard and see if ways around it.

  Peter

• Is this special?

  Matt

• Yes,because of use of randomness and unpredictability is a mechanism for preventing exploits.

  Todd

• Some work presented in Anapolis, MD modified the Gnu compiler.

  Peter

• That was Chrispain.

  Matt

• I'd like to write paper on randomness.

  Todd

• Used time of day to find out probablility to predict what canary would be.

  Matt

• If its pushed on to the stack..memory has to be stored somewhere. If program memory is stored in certain place then it would return into your code. Would like to look at more closely, and techniques for handling randomness.
• Taxonomy
• how does that affect breaking down vulnerabilities?
• still need to get Isolated Network up and running.

  David

• We need to order long cables. Monitor cables and keyboard cables for SPARCS. (could be $200 each.)

  Todd

• Been working on NT vulnerabilities. Hard to find anything. UNIX is dime a dozen. Found professor in Australia who has some code.
• What about Vulnerabilities with MIDS?

  Ricardo

• Do something w/ TCP wrappers- modify to speak IDIP to detect a signature.

  Matt

• Might be able to set up a tool or monitoring system.

  Todd

• Do a fork and start off telnet daemon. Wrapper is replaced. Continue to analyze data string. Let it come in so by the time it gets your wrapper it's plain text. Have wrapper stay in middle of daemon and connection.

  Matt

• Could have stream wrapper..wouldn't have to change and could read it.

  Todd

• Eventually, we will want to see more and more encrypted messages. They don't want you to replace their login daemons w/ something else.

  Nik

• It would be a good idea to put MIDS vulnerabilities in too.

  Matt

• New guys for the quarter might be David Knotts and Earl Barr.

  Todd

• Do ls of your account..

  Matt

• I could give a talk.

  Todd

• Cert was giving out free attacks. We should at least look at it.

  Matt

• Would like to get a couple of papers out there. Anyone willing to look at Chrispain's stuff?

  Peter

• I know him, so I can talk to him about it.

  Matt

• Next week. Vulnerabilities Database
• Circulate projects

  Ricardo

• Searchable Database?

  Matt

• Yes. Maybe SGML. Special search engine tools, so a collection of SGML.

  David

• AGREP uses fuzzy matching.

  Matt

• Try to bring in other students.
• One MURPS student. I'll bring him next week.

Next Week

- Vulnerabilities database

-ciruclate projects

-bring in one MURPS student too

-discuss Chrispain's paper.(Peter will get it.)