Abstract
In the past, IT equipment consisted solely of standalone systems, whereas in recent years the trend has been towards computer networks and distributed systems. The spread of distributed information technology has increased the number of opportunities for crime and fraud in computer systems. Despite the fact that computer systems are typically protected by a number of security mechanisms (Muftic 1989) such as encryption (Denning 1983), digital signature (ISO 7498-2 1989), access control (Muftic 1993), and passwords (Pfleeger 1989), attacks continue to occur (Highland 1993). In addition, it seems infeasible to close all the known security loopholes of today’s systems. Therefore, computer systems and especially distributed systems continue to envisage a number of threats. A threat is a potential violation of security (ISO 7498-2 1989). More specifically, a threat is a possibility of an attack, and an attack is an attempt (by an attacker) to damage or in some way negatively affect the working of a computer system, or to damage the interest of the organisation owning the system (Kantzavelou 1994). This paper discusses issues of attack and the construction of a generic attack model.
Chapter PDF
Similar content being viewed by others
References
Anderson, J P Computer Security Threat Monitoring and Surveillance, Technical report, James P. Anderson Co., Fort Washington, Pennsylvania (1980).
Christmas, P Network Security Manager, Elsevier Advanced Technology, UK (1992).
Davies, D W and Price, W L Security for Computer Networks: An Introduction to Network Security in Teleprocessing and Electronic Funds Transfer, John Wiley & Sons Ltd., UK (1992).
Denault, M, Gritzalis, D, Karagiannis, D and Spyrakis, P, ‘Intrusion-Detection: Evaluation and Performance Issues of the SECURENET System’, Computer and Security, Vol. 13, No 6, pp 495–508, October 1994.
Denning, D E Cryptography and Data Security, Addison — Wesley Publishing Company (1983).
ECMA TR/46, Security in Open Systems — A Security Framework European Computer Manufacturers Association (1988).
Gritzalis, D, Kantzavelou, I, Katsikas, S, Patel, A ‘A Classification of Health Care Information System Security Flaws’, Proc. of the 11th International Information Security Conference (IFIP SEC ‘85), Ellof J., et all. (Eds), Chapman and Hall, May 1995, Capetown, South Africa (to appear).
Harshall, F Data Communications, Computer Networks and Open Systems, Addison-Wesley Publishing Company, Third Edition (1992).
Heberlein, L, Dias, G, Levitt, K, Mukherjee, B, Wood, J and Wolber, D ‘A Network Security Monitor’ Proc. of the 1990 IEEE Symposium on Research in Security and Privacy, USA (1990).
Highland, H J ‘Virus Reports’ Computer & Security Vol. 12 No 4 (June 1993) pp 322–333.
ISO 7498–2, Information processing systems–Open Systems Interconnection: Basic Reference Model–Security Architecture, ISO (1989).
Kantzavelou I, Patel A ‘Implementing Network Security Guidelines in Health Care Information Systems’, Proc. of the 8th World Congress on Medical Informatics, July 1995, Vancouver, Canada, (to appear).
Kantzavelou, I An Attack Detection System for Secure Computer Systems, M.Sc. Thesis, 1994.
Landwehr, C ‘Formal Models for Computer Security’, ACM Computing Surveys, Vol. 13, no. 3, pp. 247–278, September 1981.
Landwehr, C, Bull, A, McDermott, J and Choi, W ‘A Taxonomy of Computer Program Security Flaws with Examples’, US Naval Research Laboratory, NRL/FR/5542–93–9591, November 19, 1993.
Muftic, S, Christoffersson, P, Ekberg, J, Heijnsdijk, J W J, Law-Min, F, Maroulis, D, Patel, A, Sanders, P and Varadharajan, V Security Mechanisms for Computer Systems, Ellis Horwood Limited (1989).
Muftic, S, Patel, A, Sanders, P, Colon, R, Heijnsdijk, J W J and Pullckinen, U Security Architecture for Open Distributed Systems, Wiley Series in Communication and Distributed Systems, UK (1993).
Patel, A, Kantzavelou, I ‘Issues of Security and Network Security in Health Care Information Systems’ Proc. of the 12th International Congress of the European Federation for Medical Informatics May 1994, Lisbon, pp. 493–498.
Pfleeger, C Security in Computing„ Prentice-Hall International Editions (1989).
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1995 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Kantzavelou, I., A., P. (1995). Issues of attack in distributed systems - A Generic Attack Model. In: Posch, R. (eds) Communications and Multimedia Security. IFIP Advances in Information and Communication Technology. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-34943-5_1
Download citation
DOI: https://doi.org/10.1007/978-0-387-34943-5_1
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-5041-2908-4
Online ISBN: 978-0-387-34943-5
eBook Packages: Springer Book Archive