This file: ftp://ftp.cert.dfn.de/pub/docs/misc/01-README information about this subdirectory: Just another subdirectory for misc (pardon). ----- file: /pub/docs/misc/501.ps.gz (47105 Bytes) Security Flaws in the HotJava Web Browser / Drew Dean and Dan S. Wallach. - Princeton University. - Novemeber 3, 1995. file: /pub/docs/misc/Betsi.ps.gz (49081 Bytes) Trusted Distribution of Software Over the Internet / Aviel D. Rubin. - Bellcore. - 1995. file: /pub/docs/misc/CTCPEC.v3.0-final-draft.ps.pt1.gz (142060 Bytes) The Canadian Trusted Computer Product Evaluation Criteria : Version 3.0e. - January 1993. - Canadian System Security Centre Communications Security Establishment Government of Canada. file: /pub/docs/misc/CTCPEC.v3.0-final-draft.ps.pt2.gz (239861 Bytes) [see CTCPEC.v3.0-final-draft.ps.pt1.gz for details. This is part 2]. file: /pub/docs/misc/DSAFLAW.DOC (55808 Bytes) A Security Flaw in the X.509 Standard / Santosh Chokhani. - CygnaCom Solutions, Inc. file: /pub/docs/misc/Disconnection.ps.gz (30718 Bytes) The Great Disconnection? (Reduced site accessibility from the Internet due to increaced security) file: /pub/docs/misc/DoD_GSA.tar.gz (879138 Bytes) Department of Defense (DoD) Goal Security Architecture (DGSA) / U. S. National Security Agency. - August 1993. file: /pub/docs/misc/E-Law301L.txt.gz (90727 Bytes) E-LAW: Legal issues affecting computer information systems and system operator liability / David J. Loundy. - Highland Park, IL. - 1995. file: /pub/docs/misc/Gulcu95.ps.gz (697791 Bytes) The Anonymous E-Mail Conversation / Ceki Guelcue. - June 1995. file: /pub/docs/misc/Leendert_van_Doorn-Computer_Breakins.ps.gz (36691 Bytes) Computer Break-ins: A Case Study / L. van Doorn. - Vrije Universiteit, Amsterdam. - [NOTE: on some servers this file is named "Leendert_van_Doorn-Computer_Brakins"] file: /pub/docs/misc/MS.Authentication.Delegation.ps.gz (88209 Bytes) An Extensible Framework for Authentication and Delegation / Theron Donald Tock. - 1990. file: /pub/docs/misc/Mikoyan-CBR_plagiarism.ps.gz (618516 Bytes) Using CBR techniques to detect plagiarism in computing assignments. / Padraig Cunningham. - Trinity College Dublin & Alexander M. Mikoyan. - Moscow State University. file: /pub/docs/misc/NIST-800-2.txt.gz (107919 Bytes) PUBLIC-KEY CRYPTOGRAPHY NIST Special Publication 800-2 / James Nechvatal. - Security Technology Group - National Computer Systems Laboratory - National Institute of Standards and Technology - Gaithersburg, MD. - April 1991 file: /pub/docs/misc/NIST-800-6.ps.gz (79448 Bytes) Automated Tools for Testing Computer System Vulnerability / W. Timothy Polk. - Dec 3, 1992. file: /pub/docs/misc/Thesis.ps.gz (854523 Bytes) Processing Visual Specifications of File System Security / C. Allan Heydon. - Carnegie Mellon University. - CMU-CS-91-201. - Oct 1, 1992. file: /pub/docs/misc/UNIX-password-security.ps.gz (16856 Bytes) UNIX Password Security / Walter Belgers / University of Eindhoven / Dec 6, 1993. file: /pub/docs/misc/What_is_COAST.ps.gz (26167 Bytes) Research on Techniques and Tools for Computer Security: The COAST Project and Laboratory / Eugene H. Spafford. - Purdue University. - Sep 30, 1992. file: /pub/docs/misc/X_security.ps.gz (18457 Bytes) Guide to safe X / Bob Vickers. - University of London Computer Centre. - 1994. file: /pub/docs/misc/atp.ps.gz (31536 Bytes) ATP: Anti Tampering Program / David Vincenzetti & Massimo Cotrozzi. - Computer Science Department. - University of Milan. file: /pub/docs/misc/attack.ps.gz (133113 Bytes) A New Attack on Random Pronouncable Password Generators / Ravi Ganesan & Chris Davies. - Bell Atlantic. file: /pub/docs/misc/audes.ps.gz (40404 Bytes) AudES - an Expert System for Security Auditing / Gene Tsudik, Rita Summers. - In: Computer Security Journal, Vol. 6, No. 1, June 1991. - [Also: Proceedings of AAAI Conference on Innovative Applications in Artificial Intelligence, 1990]. file: /pub/docs/misc/auditool.txt.gz (4858 Bytes) Summary of the Trusted Information Systems (TIS) Report on Intrusion Detection Systems / Victor H. Marshall / 29-jan-1991 file: /pub/docs/misc/breakins-ethical.ps.gz (51562 Bytes) Are Computer Hacker Break-ins Ethical / Eugene H. Spafford - Purdue University. - Purdue Technical Report CSD-TR 994. - Jul 1990, revised Apr 1991. [to appear in a special issue of "The Journal of Systems and Software"] file: /pub/docs/misc/canada93.ps.gz (61434 Bytes) Detecting Intruders in Computer Systems / Teresa F. Lunt. - SRI International. - 1993. [paper presented at 1993 Conference on Auditing and Computer Technology] file: /pub/docs/misc/crackdown-1.1.ps.gz (426383 Bytes) The Hacker Crackdown / Bruce Sterling, 1994. file: /pub/docs/misc/d.mills.response.to.m.bishop.txt.gz (5308 Bytes) The response of Dave Mills to Matt Bishops analysis on security in NTP. file: /pub/docs/misc/degausse.txt.gz (3372 Bytes) Degausser Products List / National Computer Security Center. - Feb 27, 1989. - The Degausser Products List (DPL) lists the model identification of equipment units that were evaluated against and found to satisfy the requirements for erasure of magnetic media that hold classified data. file: /pub/docs/misc/doc-cert.txt.gz (9103 Bytes) Abbreviated Certification Methodology Guidelines for Sensitive and Classified IT Systems / US Department of Commerce. - Dec. 1992 file: /pub/docs/misc/dra-acm.ps.gz (60720 Bytes) Analysis of an Algorithm for Distributed Recognition and Accountability / Calvin Ko et. al. - University of California, Davis. file: /pub/docs/misc/fcvol1.ps.gz (253867 Bytes) Federal Criteria for Information Technology Security (Volume I) / U. S. National Institute of Standards and Technology; U. S. National Security Agency. - Dec 1992. - Version 1.0. file: /pub/docs/misc/fcvol2.ps.gz (244640 Bytes) Federal Criteria for Information Technology Security (Volume II) / U. S. National Institute of Standards and Technology; U. S. National Security Agency. - Dec 1992. - Version 1.0. file: /pub/docs/misc/forensics.ps.gz (22359 Bytes) Software Forensics: Can We Track Code to its Authors? / Eugene H. Spafford; Stephen A. Weeber. - Purdue University. - Feb 19, 1992. - Purdue Technical Report CSD-TR 92-010. [NOTE: on some ftp sites stored as spaf-weeber-forensics.ps] file: /pub/docs/misc/fuzz-revisited-A4.ps.gz (42316 Bytes) Fuzz Revisited: A Re-examination of the Reliability of UNIX Utilities and Services / Boston P. Miller et al. - April 20, 1995. file: /pub/docs/misc/green-book-3.6.gz (64615 Bytes) Green Book on the Security of Information Systems - Draft 3.6. - July 14, 1993. file: /pub/docs/misc/green-book-3.6.ps.gz (132504 Bytes) Green Book on the Security of Information Systems - Draft 3.6. - July 14, 1993. [PostScript] file: /pub/docs/misc/green-book-3.6.tex.gz (64006 Bytes) Green Book on the Security of Information Systems - Draft 3.6. - July 14, 1993. [TEX] file: /pub/docs/misc/hacker.txt.gz (41637 Bytes) THE SOCIAL ORGANIZATION OF THE COMPUTER UNDERGROUND / GORDON R. MEYER. - DEPARTMENT OF SOCIOLOGY - NORTHERN ILLINOIS UNIVERSITY. - Aug 1989. file: /pub/docs/misc/hnbk_pt1.ps.gz (42165 Bytes) An Introduction to Computer Security: The NIST Handbook / U. S. National Institute of Standards and Technology. - June 20, 1994. [Part 1 of 5] file: /pub/docs/misc/hnbk_pt2.ps.gz (90116 Bytes) An Introduction to Computer Security: The NIST Handbook / U. S. National Institute of Standards and Technology. - June 20, 1994. [Part 2 of 5] file: /pub/docs/misc/hnbk_pt3.ps.gz (95555 Bytes) An Introduction to Computer Security: The NIST Handbook / U. S. National Institute of Standards and Technology. - June 20, 1994. [Part 3 of 5] file: /pub/docs/misc/hnbk_pt4.ps.gz (86007 Bytes) An Introduction to Computer Security: The NIST Handbook / U. S. National Institute of Standards and Technology. - June 20, 1994. [Part 4 of 5] file: /pub/docs/misc/hnbk_pt5.ps.gz (43706 Bytes) An Introduction to Computer Security: The NIST Handbook / U. S. National Institute of Standards and Technology. - June 20, 1994. [Part 5 of 5] file: /pub/docs/misc/insurance-cccs94.ps.gz (49756 Bytes) Endorsements, Licensing, and Insurance for Distributed System Services / Charlie Lai, Gennady Medvinsky, B. Clifford Neumann. - University of Southern California. - 1994. file: /pub/docs/misc/intrusion.ps.gz (57920 Bytes) A pattern matching model for misuse intrusion detection / Sandeep Kumar & Eugene H. Spafford. - Purdue University. file: /pub/docs/misc/javafilter.ps.gz (142327 Bytes) A Java Filter / Dirk Balfanz and Ed Felten. - Princeton University. file: /pub/docs/misc/krsul-forensics-msthesis.ps.gz (131731 Bytes) Authorship Analysis: Identifying The Author of a Program / Ivan Krsul. - COAST Project. - Purdue University. - Technical Report CSD-TR-94-030. - May 3, 1994. - [This paper was originally written as a Master's thesis at Purdue University]. file: /pub/docs/misc/m.bishop.ntp.security.1990.ps.gz (34089 Bytes) A Security Analysis of the NTP Protocol / Matt Bishop. - Dartmouth College. - 1990. [NOTE: An old version] file: /pub/docs/misc/m.bishop.ntp.security.1992.ps.gz (43947 Bytes) A Security Analysis of the NTP Protocol / Matt Bishop. - Dartmouth College. - 1992. file: /pub/docs/misc/mallogic.ps.gz (53804 Bytes) An Overview of Computer Viruses in a Research Environment / Matt Bishop. - Dartmouth College. file: /pub/docs/misc/ncsc_etl.txt.gz (5261 Bytes) Endorsed Tools List / US National Computer Security Center. file: /pub/docs/misc/ncsc_oa.txt.gz (33428 Bytes) A Guideline on Office Automation Security / US National Computer Security Center. - Dec 5, 1986. file: /pub/docs/misc/nissc97.ps.gz (69593 Bytes) Vulnerability of "Secure" Web Browsers / Flavio De Paoli et. al. - University of California, Santa Barbara. file: /pub/docs/misc/nist-his-01.ps.gz (3732 Bytes) Report of the NIST Workshop on Standards for the Assurance of High Integrity Software / Dolores R. Wallace, D. Richard Kuhn, John C. Cherniavsky (Eds.). / U. S. National Institute of Standards and Technology. - Aug 1991. - NIST SP-190. [in four parts without Appendix B, C and D] file: /pub/docs/misc/nist-his-02.ps.gz (9617 Bytes) see: nist-his-01.ps.Z file: /pub/docs/misc/nist-his-03.ps.gz (67439 Bytes) see: nist-his-01.ps.Z file: /pub/docs/misc/nist-his-04.ps.gz (5190 Bytes) see: nist-his-01.ps.Z file: /pub/docs/misc/observe.ps.gz (26242 Bytes) Observing Reusable Password Choices / Eugene H. Spafford - Purdue University. - Purdue Technical Report CSD-TR 92-049. - Jul 31, 1992. - [NOTE: on some servers available as spaf-OPUS-observe.ps] file: /pub/docs/misc/opus.ps.gz (19737 Bytes) OPUS: Preventing Weak Password Choices / Eugene H. Spafford - Purdue University. - Purdue Technical Report CSD-TR 91-028. - Jun 1991. [NOTE: on some sites stored as spaf-OPUS.ps] file: /pub/docs/misc/psfos.ps.gz (40395 Bytes) Protection and Security Issues for Future Systems / B. Clifford Neuman. - University of Washington. - July 1991. file: /pub/docs/misc/samson.ps.gz (59664 Bytes) Security Article Extracts Legalities / Simson Garfinkel. - 1987. file: /pub/docs/misc/sc99-tamper.pdf (666649 Bytes) Design Principles for Tamper-Resistant Smartcard Processors / Oliver Koemmerling and Markus Kuhn. - 1999. file: /pub/docs/misc/schuba-DNS-msthesis.ps.gz (124617 Bytes) Countering Abuse of Name-Based Authentication / Christoph L. Schuba, Eugene H. Spafford. - COAST Project. - Purdue University. file: /pub/docs/misc/schuba-spaf-DNS.ps.gz (69803 Bytes) Addressing Weaknesses in the Domain System Protocol / Christoph L. Schuba, Eugene H. Spafford. - COAST Project. - Purdue University. August 1993. file: /pub/docs/misc/secureweb.ps.gz (33610 Bytes) The Secure Web Platform - A New Breakthrough in WWW Application Security Secureware Inc. file: /pub/docs/misc/simson.ps.gz (59664 Bytes) Security Article Extracts : Legalities / Simson Garfinkel. - 1987.- An Introduction to Computer Security for Lawyers. file: /pub/docs/misc/unix-sicherheit.ps.gz (65806 Bytes) Sicherheitsluecken in UNIX - Systemen / W. Ley and J. Czeranski. - Clausthal Technical University. - June 1993. [german paper about UNIX (in)security] file: /pub/docs/misc/wessels-thesis.ps.gz (126205 Bytes) Intelligent caching for world-wide web objects / Duane Wessels. - University of Colorado. - 1995 [Thesis for the Master of Science degree.] file: /pub/docs/misc/whitepaper.ps.gz (45067 Bytes) Java (TM) Security / J. Steven Fritzinger & Marianne Mueller. - Sun Microsystems, Inc. - 1996. file: /pub/docs/misc/x400_security.ps.gz (56861 Bytes) X.400 Security / Paul Markovitz. - US Department of Commerce & NIST. - September 23, 1992. [DRAFT Technical Report CSL/NSA 92/?] file: /pub/docs/misc/xrs-www.ps.gz (47387 Bytes) Secure External References in Multimedia Email Messages / Burkhard Wiegel. - GMD-Fokus. - 1996.