Different Aspects of Security Problems in Network Operating Systems
Paper i proceeding, 2002

This paper presents research on computer security vulnerabilities in general-purpose network operating systems. The objective of this study is to investigate real intrusions in order to find and model the underlying generic weaknesses, i.e., weaknesses that would be applicable to many different systems. The paper is based on empirical data collected from three different systems, UNIX with NFS and NIS, Novell NetWare, and Windows NT. Five common security problems, improper input validation; improper use of cryptography; weak authentication; insecure bootstrapping; improper configuration, are identified, exemplified, and discussed from different perspectives. The work presented represents a further step towards a full understanding of the generic weaknesses that impair commercially available operating systems.


Stefan Lindskog

Chalmers, Institutionen för datorteknik

Erland Jonsson

Chalmers, Institutionen för datorteknik

Proceedings of the Third Annual International Systems Security Engineering Association Conference (2002 ISSEA Conference), Orlando, 13-15 Mars 2002