[Acpc-l] Talk anouncement

[Therese Schwarz]

Der Fachbereich Informatik und die Österreichische Computer Gesellschaft
laden zu folgendem Vortrag ein:

******************************************************************



  The STAT Intrusion Detection Tool Suite

  Dick Kemmerer
  University of California at Santa Barbara

Zeit: 12.März 2001, 16:30 Uhr ct.
Ort:: Zemanek Hörsaal, Favoritenstraße 11/Erdgeschoß/roter Bereich


ABSTRACT: Although significant progress has been made towards securing
computer systems, the truth is that all computer systems are vulnerable to 
abuse
and attacks. To address this problem, intrusion detection systems have been
developed to detect malicious activities aimed at violating the security of
information systems. Originally, intrusion detection systems were limited 
to hosts
and their operating systems. However, as networks have grown in importance, 
the
focus of intrusion detection systems has broadened accordingly, resulting in
distributed and network-based intrusion detection systems. Most systems,
however, still address a single domain -- either the hosts or the network 
-- and are
tailored to a particular environment, such as a particular operating system or
platform. It is desirable to have a more comprehensive approach that can 
address
both host-based and network-based intrusion detection in a systematic and
integrated way. An intrusion detection system should also be easily ported to
different environments to address the heterogeneous nature of modern computer
networks.

This talk describes a suite of intrusion detection tools developed by the 
Reliable
Software Group at UCSB. The tool suite is based on the State Transition 
Analysis
Technique (STAT), in which computer penetrations are specified as sequences of
actions that cause transitions in the security state of a system.This general
approach has been extended and tailored to perform intrusion detection in
different domains and environments. The most recent STAT-based intrusion
detection systems were developed following a framework-based approach, and the
resulting design uses a "core" module that embodies the domain-independent
characteristics of the STAT approach. This generic core is extended in a well-
defined way to implement intrusion detection systems for different domains and
environments. The approach supports reuse, portability, and extendibility, 
and it
allows for the optimization of critical functionalities. The tool suite was 
used in a
recent intrusion detection evaluation effort, delivering very favorable 
results.

The talk will also describe STATL, which is an extensible 
state/transition-based
attack description language designed to support intrusion detection. The 
language
allows one to describe computer penetrations as sequences of actions that an
attacker performs to compromise a computer system.


BIO: Richard A. Kemmerer is a Professor and past Chair of the Department of
Computer Science at the University of California, Santa Barbara. He is a 
Fellow
of the IEEE Computer Society, a Fellow of the Association for Computing
Machinery, and Editor-in-Chief of IEEE Transactions on Software Engineering.
Dr. Kemmerer has chaired or served on many program committees and was the
program co-chair of the 20th International Conference on Software Engineering
(ICSE98). He has served as a member of the National Academy of Science's
Committee on Computer Security in the DOE, the System Security Study
Committee, the Committee for Review of the Oversight Mechanisms for Space
Shuttle Flight Software Processes, and the Committee on Maintaining Privacy 
and
Security in Health Care Applications of the National Information 
Infrastructure.
He has also served as a member of the National Computer Security Center's
Formal Verification Working Group and was a member of the NIST's Computer
and Telecommunications Security Council. Dr. Kemmerer is also the past Chair
of the IEEE Technical Committee on Security and Privacy and a past member
of the Advisory Board for the ACM's Special Interest Group on Security, Audit,
and Control. He has written numerous papers on the subjects of computer
security, formal specification and verification, software testing, programming
languages, and software complexity measures. He is the author of the book
"Formal Specification and Verification of an Operating System Security Kernel"
and a co-author of "Computers at Risk: Safe Computing in the Information Age."
He has been a Principal Investigator on numerous government and private sector
sponsored projects and leads the Reliable Software Group at UCSB. Under his
direction the Reliable Software Group has addressed the need for better 
languages
and tools for designing, building, and validating software systems.

--
Schwarz Therese
Vienna University of Technology - Database & AI Group
A-1040 Vienna, Favoritenstr. 9-11/Stg.2/3. Stock/1842
http://www.dbai.tuwien.ac.at/staff/sek