Operating system penetration

Linde, R. R.

doi:10.1145/1499949.1500018

Cited by 69 publications

(31 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The flaw hypothesis methodology [1] is a structured technique for performing penetration studies. It is most effective when done in the environment in which the system is to be used; then policies and procedures will affect the results, either for better or for worse.…”

Section: The Flaw Hypothesis Methodologymentioning

confidence: 99%

E-Voting as a Teaching Tool

Bishop

2007

Fifth World Conference on Information Security Education

View full text Add to dashboard Cite

show abstract

Section: The Flaw Hypothesis Methodologymentioning

confidence: 99%

E-Voting as a Teaching Tool

Bishop

2007

Fifth World Conference on Information Security Education

View full text Add to dashboard Cite

show abstract

“…Penetration testing is a fundamental area of information system security engineering (Linder, 1975). After a successful attack, the tester is able to illegitimately acquire illegitimate authority in computer system (Geer & Harthorne, 2002).…”

Section:  Other Countermeasuresmentioning

confidence: 99%

Exploring Defense of SQL Injection Attack in Penetration Testing

Zhu

Yan

2017

International Journal of Digital Crime and Forensics

View full text Add to dashboard Cite

SQLIA is adopted to attack websites with and without confidential information.Hackers utilize the compromised website as intermediate proxy to attack others for avoiding being committed of cyber-criminal and also enlarging the scale of Distributed Denial of Service Attack (DDoS). The DDoS is that hackers maliciously turn down a website and make network resources unavailable to web users. It is extremely difficult to effectively detect and prevent SQLIA because hackers adopt various evading SQLIA Intrusion Detection System techniques. Victims always are not aware of that their confidential information has been compromised for a long time.The contributions of this thesis are: (1) systematically explore SQLIA, SQLIA prevention in theory; (2)

show abstract

“…"bogus" user accounts with "magic" passwords, etc.) [19]. None of them is sufficient alone, since it addresses a specific type of threats.…”

Section: Related Workmentioning

confidence: 99%

Panoptis: Intrusion detection using a domain-specific language

Spinellis

Gritzalis

2002

JCS

View full text Add to dashboard Cite

We describe the use of a domain-specific language (DSL) for expressing critical design values and constraints in an intrusion detection application. Through the use of this specialised language, information that is critical to the correct operation of the software can be expressed in a form that can be easily drafted, verified, and maintained by domain experts (security officers), thus minimising the risk inherent from the mediation of software engineers. Our application, Panoptis, is a DSL-based low-cost, easyto-use intrusion detection system using the process accounting records kept by most Unix systems. A set of database tables contain resource usage profiles for processes, terminals, users, and time intervals. Panoptis monitors new process data against the recorded profiles and reports on entities diverging from the established resource usage envelopes implying possible data security threats. We demonstrate the operation of Panoptis by a case study of a real attack and subsequent system compromise that occured on a system under our administrative control.

show abstract

Operating system penetration

Cited by 69 publications

References 13 publications

E-Voting as a Teaching Tool

E-Voting as a Teaching Tool

Exploring Defense of SQL Injection Attack in Penetration Testing

Panoptis: Intrusion detection using a domain-specific language

Contact Info

Product

Resources

About