DOCSLIB.ORG

Security of Information Systems

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Security of Information Systems Security of Information Systems: What Technical Solutions Exist and What is Needed Ryszard Gwozd A Thesis in The Department of Computer Science Presented in Partial Fulfillrnent of the Requirements for the Degree of Master of Computer Science at Concordia University August 2000 ORyszard Gwozd, 2000 National Library Bibliothèque nationale l*l of Canada du Canada Acquisitions and Acquisitions et Bibliographic Services services bibliographiques 395 Wellington Street 395. rue Wellington Ottawa ON KIA ON4 Ottawa ON KIA ON4 Canada Canada The author has granted a non- L'auteur a accordé une licence non exclusive licence allowing the exclusive permettant à la National Library of Canada to Bibliothèque nationale du Canada de reproduce, loan, distribute or sell reproduire, prêter, distribuer ou copies of this thesis in microform, vendre des copies de cette thèse sous paper or electronic formats. la forme de microfiche/^, de reproduction sur papier ou sur format électronique. The author retains ownership of the L'auteur conserve la propriété du copyright in this thesis. Neither the droit d'auteur qui protège cette thèse. thesis nor substantial extracts f?om it Ni la thèse ni des extraits substantiels may be printed or othenvise de celle-ci ne doivent être imprimés reproduced without the author's ou autrement reproduits sans son permission. autorisation. Abstract Security of Information Systems: What Technical Solutions Exist and What is Needed Ryszard Gwozd The objective of this thesis is to review the need for information system security, evahate the technical sohtions commody used today, make recommendations on where extra research is needed, and to overview the technologies, algorithms, standards, and security policies used in providing computer and communications security. The information-security issue is equaUy important to the users of the htemet (e-g., businesses engaged in e-commerce) and to users of stand-alone ("air-gapped") systems. The problems that these two groups of users face are both different and have a different scale. However, there is no question that the urgent security problems are driven by the increasing demand for all-to-ali connectivity; security is a top issue primarily because of the Net. Internet security is the most urgent and the most chailenging field in computer security. Moreover, cyber security involves issues that go beyond technological solutions, algorithms and hardware. Often ignored or not stressed enough are user education and prudent engineering. Today, we are more alea about security, but still lack a compIete understandhg of what it means, how far it should go and how to accompIish it. Nevertheless, people are starting to feel that they should accept it, or at least try to understand it. Many users have an impression that they ought to how more about computer securïty, but few make the effort to learn about it. This thesis explains why the user has to be educated about security, what are different security levels, msted systems, encryption, mandatory access control, and legislation. It helps the readers to understand the basics of computer security that will persuade them to practice safe cornputing. Acknowledgements and Dedications 1 am grateful to the many thoughtfd reviews of interim versions of this thesis done by rny thesis supervisor Dr. David K. Probst. His extraordinary perspective on computer technologies, especialiy computer security, his constructive criticisrn and his guidance were invaiuable in helping to shape thïs thesis. The exchange of ideas we have had, helped me validate the foundations of this study. These discussions dso helped me stay focused on most essentid topics of information security. 1 wouid like to dedicate this work to my wonderfd parents, Maria and Wlodzimierz Gwozd. Both of them were very supportive in aii my educational endeavors. Even though neither of my parents were experts in high-tech industry, they understood completely the importance of education and research in advancements on personal and societal levels. My parents were great advisors, guides and teachers; my mom was actuaUy my first professor in the prhary school. Thank you mom, 1 appreciate your support and plan to present you with a copy of this thesis on my next visit home. Before 1finish, 1 wish to thank ail my famiiy for constant encouragement and for king there for me, when mostly needed. Ryszard Gwozd ... List of Figures ................................................................................................................. VIU Chapter 1 ............................................................................................................................. 1 Introduction ........................ ... ............... ................................................................... 1 1.1 . OVERVIEW................................................... .... .................................... 2 1.2. CONTRJBU~ONS..................................................................................................... 4 1.3. ~MPORTANTTERMINOLOGY ..................... .. ............................................................ 5 1.4. REMARKS...................... ... .............................................................................. 9 Chapter 2 ............................ ... ...................................................................................... 11 Computer Security Fundamentals .................................. ..... .............................................. 11 2.1. EVOLUTIONOF SECVRITY NEEDS .......... ... ......................................................... 11 2.2. INFORMATIONIS A STRATEGIC RESOURCE ............................................................... 12 2.3. INFORMATIONSECUR~TY VULNERABIL~TIES ............................................................ 13 2.3.1. Physicd Security Holes ....~........~..~.................................................................14 2.3.2. Trust Mode1 and Security Policy ...................... .. .................................. 14 2.3 .3 .Faulty Configuration .................... ... ...........................................................15 2.3.4. Software and Hardware Errors ................................. ..................................... 15 2.3 .5 . Cryptographie Protocols ............ ... .............................................................. 15 2.3.6. Education and Personnel Assurance ................................ .. ....................... 16 2.4. CATEGORYOF ATTACKER........................................................................................ 16 2.4.1 .Professionals and Amateurs ............................................................................ 17 2.4.2. Insiders and Outsiders ..................................................................................... 17 2.5. BUILDINGA SECURE SYSTEM .................................................................................. 18 2.5.1. Secuxity through Obscurity ........................... .... ........................................... 19 2.5.2. Suitable Security Policy ............................ .. .................................................. 19 2.5.3. Securïty Perimeters ....................................................................................... 20 2.5.4. Physical, Personnel and Legal Controls ................... ... .............................. 21 2.6. FCEMUWS ................................................................................................................. 22 Chapter 3 .............................................................................. .... ..................................... 25 Access Control ........................... ,, .................................................................................. 25 3.1. SECURITYMODELS .................................................................................................. 27 3.2. DoD GOALSECURITY ARCH~T'ECTURE ................................................................... -29 3.3. OPERATINGSYSTEM ACCESS CONTROL............. .... .. .. .................................... 3 0 3.3.1. Decision Subsystem ............................... ........... ...............---30 3.3.2. Enforcement Subsystem .................................................................................. 31 3.4. APPLICATIONACCESS CONTROL ......................................................................... 32 3 .5. ALTERNATNES........................................................................................................ 32 3.6. REMARKS................................................................................................................ 34 Chapter 4 ................................. .... ................................................................................... 36 Identification and Authentication .................... ... ........................................................... 36 4.1.USER CATION .......................... ... ........................................................... 36 4.2. SIGNATURES-s (DIGITALSIGNATURES) ....................................................... 3 8 4.2.1. RSA ................................................................................................................. 39 4.2.2. ElGamal ......................................................................................................... 41 4.2.3. Diffie-Hellman ............................................................................................... 42 4.2.4. Binding Signatures
Load more

Recommended publications
  • Coordinating Across Chaos: the Practice of Transnational Internet Security Collaboration
    COORDINATING ACROSS CHAOS: THE PRACTICE OF TRANSNATIONAL INTERNET SECURITY COLLABORATION A Dissertation Presented to The Academic Faculty by Tarun Chaudhary In Partial Fulfillment of the Requirements for the Degree International Affairs, Science, and Technology in the Sam Nunn School of International Affairs Georgia Institute of Technology May 2019 COPYRIGHT © 2019 BY TARUN CHAUDHARY COORDINATING ACROSS CHAOS: THE PRACTICE OF TRANSNATIONAL INTERNET SECURITY COLLABORATION Approved by: Dr. Adam N. Stulberg Dr. Peter K. Brecke School of International Affairs School of International Affairs Georgia Institute of Technology Georgia Institute of Technology Dr. Michael D. Salomone Dr. Milton L. Mueller School of International Affairs School of Public Policy Georgia Institute of Technology Georgia Institute of Technology Dr. Jennifer Jordan School of International Affairs Georgia Institute of Technology Date Approved: March 11, 2019 ACKNOWLEDGEMENTS I was once told that writing a dissertation is lonely experience. This is only partially true. The experience of researching and writing this work has been supported and encouraged by a small army of individuals I am forever grateful toward. My wife Jamie, who has been a truly patient soul and encouraging beyond measure while also being my intellectual sounding board always helping guide me to deeper insight. I have benefited from an abundance of truly wonderful teachers over the course of my academic life. Dr. Michael Salomone who steered me toward the world of international security studies since I was an undergraduate, I am thankful for his wisdom and the tremendous amount of support he has given me over the past two decades. The rest of my committee has been equally as encouraging and provided me with countless insights as this work has been gestating and evolving.
    [Show full text]
  • Design Principles and Patterns for Computer Systems That Are
    Bibliography [AB04] Tom Anderson and David Brady. Principle of least astonishment. Ore- gon Pattern Repository, November 15 2004. http://c2.com/cgi/wiki? PrincipleOfLeastAstonishment. [Acc05] Access Data. Forensic toolkit—overview, 2005. http://www.accessdata. com/Product04_Overview.htm?ProductNum=04. [Adv87] Display ad 57, February 8 1987. [Age05] US Environmental Protection Agency. Wastes: The hazardous waste mani- fest system, 2005. http://www.epa.gov/epaoswer/hazwaste/gener/ manifest/. [AHR05a] Ben Adida, Susan Hohenberger, and Ronald L. Rivest. Fighting Phishing Attacks: A Lightweight Trust Architecture for Detecting Spoofed Emails (to appear), 2005. Available at http://theory.lcs.mit.edu/⇠rivest/ publications.html. [AHR05b] Ben Adida, Susan Hohenberger, and Ronald L. Rivest. Separable Identity- Based Ring Signatures: Theoretical Foundations For Fighting Phishing Attacks (to appear), 2005. Available at http://theory.lcs.mit.edu/⇠rivest/ publications.html. [AIS77] Christopher Alexander, Sara Ishikawa, and Murray Silverstein. A Pattern Lan- guage: towns, buildings, construction. Oxford University Press, 1977. (with Max Jacobson, Ingrid Fiksdahl-King and Shlomo Angel). [AKM+93] H. Alvestrand, S. Kille, R. Miles, M. Rose, and S. Thompson. RFC 1495: Map- ping between X.400 and RFC-822 message bodies, August 1993. Obsoleted by RFC2156 [Kil98]. Obsoletes RFC987, RFC1026, RFC1138, RFC1148, RFC1327 [Kil86, Kil87, Kil89, Kil90, HK92]. Status: PROPOSED STANDARD. [Ale79] Christopher Alexander. The Timeless Way of Building. Oxford University Press, 1979. 429 430 BIBLIOGRAPHY [Ale96] Christopher Alexander. Patterns in architecture [videorecording], October 8 1996. Recorded at OOPSLA 1996, San Jose, California. [Alt00] Steven Alter. Same words, different meanings: are basic IS/IT concepts our self-imposed Tower of Babel? Commun. AIS, 3(3es):2, 2000.
    [Show full text]
  • On the Causes of War Page Ch# Chapter Title by Michael Andregg
    Table of Contents On the Causes of War page Ch# Chapter Title by Michael Andregg ii. Dedication iii. Acknowledgements iv. List of Figures and Tables v. Introduction 1. Part I - Background 2. 1. The Essence of War and Peace 4. 2. Interviews With People Who Have Studied War and Peace 6. 3. Brief Review of Relevant Literature 9. 4. Relationships Between Genocide and War 11. 5. Review of Wars, Genocides and Flashpoints, 1990 - 1995 22. 6. Causation is Complex: Ultimate versus Proximate Causes, and Triggering Events 26. 7. Human Nature, Nurture, Free Will and War 30. 8. Two Models: Earthquake, and Three Green Lights 37. 9. If Present Trends Continue, the Probability of General War Will Peak Between 1997 and 2002, and How Such Estimates May Be Obtained 46. Part II - Select Causes: How They Work, and How to Solve Them 47. 10. Competition for Resources, and Inequalities of Wealth Within and Between Nations 52. 11. Competition for Power: International and Domestic Politics 62. 12. Population Pressure 74. 13. Authoritarian Law and Militant Religion 84. 14. Corruption of Governance 95. 15. Legalism 102. 16. Justice, Injustice, and Lack of Effective International Conflict Resolution Systems 110. 17. Nationalism and Militarism 116. 18. Forces of Evil 126. 19. Spies, Cults and Secret Power Systems 145. 20. Weapons Companies, Military Bureaucracy, Propaganda and Warmongers 153. 21. In vs. Out Groups: The Universal Double Standard of Justice 156. 22. Ethnicity, Nepotism and Racism 163. 23. Historical Grievances, Scapegoating, Demagoguery and “Parallel Realities” 167. 24. Revenge 172. 25. The Desire to Dominate, and Hubris 175.
    [Show full text]
  • Purdue's Computer Science Department
    A Tribute to Those No Longer With Us Frank Friedman Ruth Hart Robin Lea Pyle Saul Rosen “Maryland’s Gain is the Country’s Loss” Winnie Rosen – on the occasion of the selection/election of Spiro T Agnew as the Vice President of the United States Saul Rosen 1922–1991 Early Career – The Formative Years Born in Port Chester, NY on February 8, 1922. Graduated from the City College of New York in 1941 with a BS in mathematics Attended the University of Pennsylvania PhD in mathematics in 1950 Instructor of mathematics at Delaware (1946-47) Lecturer at UCLA (1948-49) Assistant professor at Drexel (1949-51) Assistant professor at the Penn (1952-54) Associate professor in the Computational Laboratory at Wayne State (1954-56). In the Private Sector Associate research engineer with Burroughs Corporation (1951-52) Manager, Burroughs Electrodata Division's Eastern Applied Mathematics Section (1956-58) Manager of Computer Programming and Services (1958-60) Computer and programming systems consultant (1960-62) at Philco Corporation Chief software designer for world's first transistorized computer, Philco TRANSAC S-2000 Saul Rosen – Back to Academics In 1962, Rosen joined Samuel Conte as one of the charter faculty members in Purdue's Computer Science Department Professor mathematics and CS (1962-66 and 1967-91) Professor of engineering and Associate Director of Computing at the State University of New York at Stony Brook (1966-67) From 1968-1987, Director of Purdue's Computing Center Took Purdue to the forefront of high-performance computing at U. S. universities Purdue acquired large, high-performance computing systems in the mid-1960s and was one of only three universities operating supercomputers during the 1970s and into the mid-1980s In 1947, Rosen became active in the (ACM) Served on the languages committee that eventually led to the ALGOL programming language Then served as first managing editor of the CACM Wrote extensively on practical systems programming.
    [Show full text]
  • Jonathan Zittrain's “The Future of the Internet: and How to Stop
    The Future of the Internet and How to Stop It The Harvard community has made this article openly available. Please share how this access benefits you. Your story matters Citation Jonathan L. Zittrain, The Future of the Internet -- And How to Stop It (Yale University Press & Penguin UK 2008). Published Version http://futureoftheinternet.org/ Citable link http://nrs.harvard.edu/urn-3:HUL.InstRepos:4455262 Terms of Use This article was downloaded from Harvard University’s DASH repository, and is made available under the terms and conditions applicable to Other Posted Material, as set forth at http:// nrs.harvard.edu/urn-3:HUL.InstRepos:dash.current.terms-of- use#LAA YD8852.i-x 1/20/09 1:59 PM Page i The Future of the Internet— And How to Stop It YD8852.i-x 1/20/09 1:59 PM Page ii YD8852.i-x 1/20/09 1:59 PM Page iii The Future of the Internet And How to Stop It Jonathan Zittrain With a New Foreword by Lawrence Lessig and a New Preface by the Author Yale University Press New Haven & London YD8852.i-x 1/20/09 1:59 PM Page iv A Caravan book. For more information, visit www.caravanbooks.org. The cover was designed by Ivo van der Ent, based on his winning entry of an open competition at www.worth1000.com. Copyright © 2008 by Jonathan Zittrain. All rights reserved. Preface to the Paperback Edition copyright © Jonathan Zittrain 2008. Subject to the exception immediately following, this book may not be reproduced, in whole or in part, including illustrations, in any form (beyond that copying permitted by Sections 107 and 108 of the U.S.
    [Show full text]
  • Whatever Happened to Formal Methods for Security?
    Whatever Happened to Formal Methods for Security? (IEEE Computer Magazine, August 2016 publication on Supply Chain Security, regular paper in the Perspectives section) J. Voas and K. Schaffer We asked 7 experts 7 questions to find out what has occurred recently in terms of applying formal methods (FM) to security-centric, cyber problems. We are continually reminded of the 1996 paper by Tony Hoare “How did Software Get So Reliable Without Proof?” [1] In that vein, how did we get so insecure with proof? Given daily press announcements concerning new malware, data breaches, and privacy loss, is FM still relevant or was it ever? Our experts answered with unique personal insights. We were curious as to whether this successful methodology in “safety-critical” has succeeded as well for today’s “build it, hack it, patch it” mindset. Our experts were John McLean (Naval Research Labs), Paul Black (National Institute of Standards and Technology), Karl Levitt (University of California at Davis), Joseph Williams (CloudEconomist.Com), Connie Heitmeyer (Naval Research Labs), Eugene Spafford (Purdue University), and Joseph Kiniry (Galois, Inc.). The questions and responses follow. 1) Most are aware that FM has been highly successful in safety-critical systems over the past decades. Much of that success stems from those systems being deployed in regulated industries. If you agree with this claim, it begs two questions: (1) Is FM as well suited to security concerns, and (2) if assurance is more compliance and self-governance Joseph Williams Formal methods have been successfully applied to safety-critical systems. One reason is the overwhelming evidence that formal methods do result in safer systems.
    [Show full text]
  • Developing a Normative Framework for Cyberwarfare
    Developing a Normative Framework for Cyberwarfare October 17-18, 2016 United States Naval Academy Annapolis, Maryland Table of Contents: Purpose 3 Acknowledgments 3 Schedule 4 Presentation Abstracts 6 Presenter Biosketches 11 Grant Team Biosketches 15 Registration 17 Venue 17 Banquet 17 Hotel 17 Travel 17 Maps 18 Contacts 21 Notes 22 2 Purpose: Welcome to our workshop on the social, ethical, and legal implications on cyberwarfare. As this is quickly-evolving terrain, we hope to reflect the current state of play, as well as to sketch the short- and mid-term future. In these endeavors, we will be aided by a diverse and distinguished group of invited presenters. These presenters have been carefully selected from academia, industry, and government, and bring with them a wealth of expertise and experience. Unlike many academic workshops, this one is meant to be discussion intensive. Toward that end, presenters have been asked to keep their briefings to approximately fifteen minutes, leaving the rest of the sessions for interaction. To foster these interactions, we will operate under The Chatham House Rule: participants are free to use the information received, but neither the identity nor the affiliation of the speaker(s), nor that of any other participant, may be revealed without their expressed consent. Acknowledgments: The conference is organized by Dr. Fritz Allhoff (Western Michigan University/Stanford Law School), Dr. Patrick Lin (California Polytechnic State University), and Dr. Ryan Jenkins (California Polytechnic State University). It is supported by funding from the U.S. National Science Foundation (NSF), under awards #1318126, #1317798, #1318270. In addition to the NSF, we are grateful for institutional support from the following: California Polytechnic State University, Case Western Reserve University’s Inamori International Center for Ethics and Excellence, Naval Postgraduate School, United States Naval Academy’s Stockdale Center for Ethical Leadership, and Western Michigan University.
    [Show full text]
  • Cyber Security in the Three Times: Past, Present & Future
    Carnegie Mellon CyLab 4720 FORBES AVENUE CIC BUILDING PITTSBURGH, PA 15213 PH: 412.268.1870 FX: 412.268.7675 www.cylab.cmu.edu Cyber Security in the Three Times: Past, Present & Future CERT 20th Anniversary Seminar Series Pittsburgh, Pennsylvania, 7/22/08 Cyber Security in the Three Times Agenda • Speaker’s Bio • CyLab’s Mission • Global Economy & Cyberspace • Glimpses Into the 21st Century Threat Matrix • Cyber Risks Timeline • Elements of A Holistic Program • Ruminations & Conclusions Richard Power, Carnegie Mellon CyLab 2008 2 Harnessing the Future to Secure the Present Richard Power • CyLab Distinguished Fellow • Director of Global Security Intelligence for Deloitte Touche Tohmatsu (2002-2005) • Editorial Director for Computer Security Institute (1994-2002) • Author of Five Books, Including – Secrets Stolen/Fortunes Lost: Preventing Intellectual Property Theft & Economic Espionage in the 21st Century, (w/ Christopher Burgess) – Tangled Web: Tales of Digital Crime from the Shadows of Cyberspace • Author of War & Peace in Cyberspace, monthly column for Computer Fraud and Security Journal (w/ Dario Forte) Richard Power, Carnegie Mellon CyLab 2008 3 CyLab’s Mission CyLab is … • A bold and visionary effort, which establishes public-private partnerships to develop new technologies for measurable, available, secure, trustworthy, and sustainable computing and communications systems as well as to educate individuals at all levels. • A dynamic matrix, in which great works are accomplished, great minds come together, and great careers are launched. • A vital resource for government and business to draw on in addressing cyber risks that threaten national and economic security. • A world leader in both technological research and the education of information assurance professionals, CyLab harnesses the future to secure the present.
    [Show full text]
  • An Interview With
    An Interview with REBECCA G. BACE OH 410 Conducted by Jeffrey R. Yost on 31 July 2012 Computer Security History Project University of Maryland, Baltimore Charles Babbage Institute Center for the History of Information Technology University of Minnesota, Minneapolis Copyright, Charles Babbage Institute Rebecca G. Bace Interview 31 July 2012 Oral History 410 Abstract Rebecca Bace, who has a Master of Engineering Science degree from Loyola College, is a leading figure in the computer security field of intrusion detection. She is the author the influential textbook on this topic, Intrusion Detection, and was leader of the pioneering Computer Misuse and Anomaly Detection (CMAD) Research Program at the National Security Agency from 1989 to 1995. In this capacity, she sponsored much of the first wave of path breaking academic research on intrusion detection. This interview briefly addresses Ms. Bace’s education and early professional life before focusing on her dozen years at the NSA, and specifically her leadership of CMAD. In detailing the portfolio of early CMAD sponsored projects that Bace supported, it provides an important lens into the early evolution of intrusion detection as a research field and area of practice, and identifies many of this field’s pioneering contributors. The interview also briefly touches on Bace’s work after leaving the NSA, including at Los Alamos National Laboratory and as President of the consulting firm Infidel, Inc. This material is based upon work supported by the National Science Foundation under Grant No. 1116862, “Building an Infrastructure for Computer Security History.” 2 Yost: My name is Jeffrey Yost from the Charles Babbage Institute of the University of Minnesota, and I’m here today with Rebecca Bace at the University of Maryland Baltimore County Campus at the Tech Incubator.
    [Show full text]
  • CEG 429/629: Internet Security
    Wright State University CORE Scholar Computer Science & Engineering Syllabi College of Engineering & Computer Science Fall 2004 CEG 429/629: Internet Security Prabhaker Mateti Wright State University - Main Campus, [email protected] Follow this and additional works at: https://corescholar.libraries.wright.edu/cecs_syllabi Part of the Computer Engineering Commons, and the Computer Sciences Commons Repository Citation Mateti, P. (2004). CEG 429/629: Internet Security. https://corescholar.libraries.wright.edu/cecs_syllabi/5 This Syllabus is brought to you for free and open access by the College of Engineering & Computer Science at CORE Scholar. It has been accepted for inclusion in Computer Science & Engineering Syllabi by an authorized administrator of CORE Scholar. For more information, please contact [email protected]. -~·-- ·~·-··--~·~··--· Internet Securty Course Syllabus by Mateti Page 1 of4 f-cY-1 t CEG 429/629: Internet Security vVRIGHT STATE UN'JV ERSJTY Instructor: Dr Prabhaker Mateti ~e of Engineering & CS }Yrighl State University Dayton, Ohio 45435-0001 Catalog Description: CEG 429 Internet Security Introduction to security issues arising primarily from computer networks. Topics include node and service authentication, address spoofing, hijacking, SYN floods, smurfing, sniffing, routing tricks, and privacy of data en route. Buffer overruns and other exploitation of software development errors. Hardening ofoperating systems. Intrusion detection. Firewalls. Ethics. Prerequisites: CEG 402 Source J\<faterial Home Page Please visit the home page for announcements, and info on notes. There is no required text book this term. Simson Garfinkel, Gene Spafford Practical Unix and Internet Security, 3rd edition (2003), O'Reilly & Associates; ISBN: 0596003234. A recommended text book. Errata Previous Editions: http://":Jyww.oreilly.com/catalogLpuis/errat~ William Stallings Network Security Essentials: Applications and Standards, 1st edition (April 15, 2000), Prentice Hall; ISBN: 0130160938.
    [Show full text]
  • Are Computer Hacker Break-Ins Ethical?£
    Are Computer Hacker Break-ins Ethical?£ Eugene H. Spafford Department of Computer Sciences Purdue University West Lafayette, IN 47907–1398 [email protected] Abstract Recent incidents of unauthorized computer intrusion have brought about discussion of the ethics of breaking into computers. Some individuals have argued that as long as no significant damage results, break-ins may serve a useful purpose. Others counter with the expression that the break-ins are almost always harmful and wrong. This article lists and refutes many of the reasons given to justify computer intrusions. It is the author’s contention that break-ins are ethical only in extreme situations, such as a life- critical emergency. The article also discusses why no break-in is “harmless.” 1 Introduction On November 2, 1988, a program was run on the Internet that replicated itself on thousands of machines, often loading them to the point where they were unable to process normal requests. [1, 2, 3] This Internet Worm program was stopped in a matter of hours, but the controversy engendered by its release raged for years. Other recent incidents, such as the “wily hackers”1 tracked by Cliff Stoll [4], the “Legion of Doom” members who are alleged to have stolen telephone company 911 software [5], and the growth of the computer virus problem [6, 7, 8, 9] have added to the discussion. What constitutes improper access to computers? Are some break-ins ethical? Is there such a thing as a “moral hacker”?[10] It is important that we discuss these issues. The continuing evolution of our technological base and our increasing reliance on computers for critical tasks suggests that future incidents may well £ Copyright ­c 1991, 1997 by Eugene H.
    [Show full text]
  • 2003-2004 Faculty Information
    Department of Computer Science 2003-04 Annual Report Message For Purdue Computer Science, 2003-04 was a year of special milestones! from the On October 1, 2003, the department celebrated the end of its successful Capital Campaign for a new facility. Almost exactly a year later, on Monday, October 4, 2004, we broke ground. A few weeks later, on October 16, the building was named for our lead donors Richard and Patricia (Pat) Lawson in a special Homecoming Celebration. We invite you to monitor the building progress by viewing our live webcam at http://buildingcam.cs.purdue.edu/popup.html. The Head building is to be completed in time for the fall 2006 semester. Collaboration with internal and external partners has always been a hallmark of our department. In this spirit, the Computer Science Department plays an active role in the School of Science COALESCE initiative (see http://www.science.purdue.edu/COALESCE for more information). COALESCE is part of a Purdue-wide initiative to target compelling national research priorities that require insights and contributions from multiple disciplines.Solving societal problems through multi-disciplinary research is quickly becoming an integral component of progressive science programs, and we are proud to be one of the pioneers in changing the shape of science. Multi-disciplinary research and hiring was the focus of the first Departmental Advisory Board meeting held in March 2004. The mission of this newly created board includes actively advising the department in achieving the departmen- tal vision as defined in the strategic plan. Last year’s board members were: Jeanne Ferrante (UC San Diego), Gene Golub (Stanford), Clinton Kelly (SAIC), Kevin Kahn (Intel), and Robert Tarjan (Princeton and HP).
    [Show full text]