Test and Improve Security of Hosts and Networks. Marco Carvalho ..... his/her network may be eligible to host server modules, and how many modules ..... failure there will be a good chance that at least one clone of each service will be ...
2004 ACM Symposium on Applied Computing
Using Mobile Agents as Roaming Security Guards to Test and Improve Security of Hosts and Networks Marco Carvalho, Thomas Cowin, Niranjan Suri, Maggie Breedy, Kenneth Ford {mcarvalho, tcowin, nsuri, mbreedy, kford} @ihmc.us Institute for Human and Machine Cognition 40 South Alcaniz St., Pensacola, FL 32502 USA 850-202-4462 Leaving aside all the details about the worm and its characteristics, the most impressive fact is that the exploited vulnerability had been identified and reported weeks before the incident. On July 17th, approximately one month before the incident, Microsoft® and CERT® had released a vulnerability report [24] and a security advisory [8] reporting the issue and recommending procedures to patch the operating system.
ABSTRACT
1
This paper discusses the design and implementation details of MAST (Mobile Agent-based Security Tool), a new mobile agentbased network security approach. MAST has been designed to support flexible and customizable network security tasks and training. This paper focuses on the implementation details and security aspects of MAST’s components, services, and mobileagent architecture
The question remains as to why such updates take so long to propagate. Despite the efforts of software companies to create systems to raise awareness and automate the download and application of patches, there is still a large gap between the announcement of a given vulnerability and the application of corrective measures on most systems. After incidents such as Code Red [7] and the SQL Slammer [6] worms, some studies have identified that even 30 days after the discovery and announcement of vulnerability, only half of the affected systems are actually patched [13]. This leaves a lot of room for malicious activity targeting operating systems vulnerabilities even several months after the discovery of a given vulnerability and the release of pertinent advisories and patches. One might even argue that given the rate of application of patches, a developer of viruses can simply wait for an advisory to come out and then write a virus to take advantage of the vulnerability, knowing that systems would not have been patched (thereby making security advisories almost detrimental).
Categories and Subject Descriptors I.2.11 [Artificial Intelligence]: Distributed Artificial Intelligence – multiagent systems, intelligent agents. I.2.4 [Artificial Intelligence]: Knowledge Representation Formalisms and Methods – representation languages, semantic networks.
General Terms Management, Design, Reliability, Security, Human Factors
Keywords MAST, Network Security, Knowledge models, mobile agents, concept maps, IHMC.
1. INTRODUCTION
Most operating systems today try to minimize the issue by providing mechanisms for automatically updating and patching themselves. Update agents (Figure 1) are common and convenient applications that try to remind the user that the system is vulnerable and that it needs to be patched. Note that most of these update agents only warn users when an update is actually available, not when security vulnerability is discovered or when an advisory is released.
Once again, the Internet community has recently been exposed to a global wide cyber threat that was able to infiltrate millions of computer systems in a matter of days. The MSBlast worm was officially reported on August 11th, 2003 [5]. On the following day, the CERT Coordination Center [4] identified as many as 1.4 million unique Internet addresses appearing to be sources of infection for the worm [14]. Although this estimation is likely to be inflated by dial-up and broadband users using DHCP, independent security firms like Symantec estimated that more than 120,000 computers appeared to be infected within the first 36 hours of the incident [14].
Although these update agents provide a very valuable service by keeping the OS components up-to-date, such agents are ineffective when it comes to custom applications, or misconfigured software. Besides, even off-the-shelf applications such as Microsoft Office and most server suites still lack the automatic-update capability. Additionally, the notion of automated patching is unsettling for most companies that run specialized applications that might become inoperative after a system component update. Given the great heterogeneity in today’s networked components, it is very unlikely that a single, complete solution to computer and network security will ever become available to address all the problems.
1 Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage, and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. SAC’04, March 14-17, 2004, Nicosia, Cyprus. Copyright 2004 ACM 1-58113-812-1/03/04...$5.00
87
proprietary knowledge about systems and applications that are specific to their domain and that must be checked. Instead of just applying a necessary patch or update to the core OS, these agents will address potential application level software vulnerabilities, as well as vulnerabilities caused by lax security configurations. Additionally, these agents continuously roam the network to identify, suggest, and sometimes apply corrections to potential problems at all levels. The philosophy is that, just like in the physical world, it doesn’t help to check if all the windows of your office were locked on Monday, and then neglect that task for the remainder of the week. Security is a continuous process and just like an employee can forget to shut the window on his way out the following day, he can also re-install Microsoft Windows and forget to patch the system for an old, well known vulnerability. Mobile agents, just like security guards do for the building, will check the systems continuously, for new and old vulnerabilities. Differently than previously proposed mobile agent-based intrusion detection systems [12], MAST is meant to be security distributed checking tools [15], designed to facilitate the tasks associated with proactive patching and maintenance of security on hosts and network. An overview of MAST has been presented in [3]. In this paper we will focus in the architectural design of the system, giving particular attention to the application of mobile agents and their safe usage. Section 3 discusses the need for using mobile agents in the proposed system. Section 4 continues with the architectural details and main components of MAST. Finally, section 5 will describe the implementation of the security features in the tool.
Figure 1 - Microsoft and Linux Update Agents
Experience has shown that real-life networks will always include nodes that will at one time or another, run custom, buggy, or misconfigured2 software. It will also include mobile hosts (i.e., portable computers and PDA’s) frequently moving in and out of the corporate networks’ secure domain, thus increasing the likelihood that their potential compromise could lead to the eventual compromise of the entire corporate network or just locally housed sensitive data. Even a well-designed, comprehensive security policy might be rendered ineffective by something as trivial as a modem left attached to a phone line, or a malicious email message addressed to a naive user (or to a unpatched email client).
3. WHY MOBILE AGENTS Mobile agents are autonomous units of execution that can be dispatched over a network connection to execute on remote hosts. Once dispatched, mobile agents operate autonomously without constant supervision and without the need for a persistent connection to the original host (unlike remote computation or remote invocation). The agents may then migrate to other hosts based on an itinerary established by the user or by making decisions locally.
With that in mind, we have proposed MAST [3], a Mobile Agentbased Security Tool specifically designed to allow unprecedented flexibility and clarity to those managing or simply monitoring the networks.
One of the most powerful capabilities offered by mobile agents is the ability to push new code to a system and execute the code in a disconnected manner. This allows a server to dispatch agents to remote hosts which then execute remotely and independently. The ability of the agents to carry new code to the remote system allows on-the-fly development and deployment of custom monitoring and management tools.
2. THE MAST APPROACH MAST integrates and builds upon two key technologies: mobile software agents [10] and concept maps [1] [2]. Mobile agents are used to move computations to hosts (and potentially routers) on the network in order to execute locally and perform the necessary monitoring and management tasks. An analogy can be traced between these agents and human security guards protecting a building at night. As the security guards have local knowledge of the building, including policies and common threats, they can go around the offices checking for open windows, unlocked doors, and other abnormal activities. Analogously, the agents will have been designed (or configured) by system administrators with 2
The notion of delegation allows agents to act as representatives of the user who has launched them, inheriting his credentials for access control and accountability. In general, agents can be imbued with different levels of autonomy that might allow, for instance, a possible change in plans under different network conditions. Besides supporting disconnected operation, these selfsufficient agents will also maintain and move with their own state. This enhances the fault tolerance and flexibility of the system and extends the effort to protect the network as a whole to its periphery – devices that have some level of intermittent connectivity, such as laptops and PDA’s that are taken home or on the road, or networks at satellite offices.
Most system break-ins occur because of a misconfigured system or a system without necessary updates.
88
skipping a beat. In the context of MAST, the important feature leverage from aroma is resource control. The Security Kernel leverages from Aroma’s Resource control and policy capabilities, to regulate how the security and monitoring agents execute on the remote hosts. This capability helps to avoid adversely affecting the normal day to day operation and performance of the hosts.
One of the often raised concerns about mobile agents is security. This begs the question as to whether mobile agents should be used to realize a security tool. In particular, the security concerns about mobile agents arise due to the use of mobile code and the possibility of the hosting platform tampering with the mobile agent. However, we feel that if the security threats raised by mobile agents are adequately addressed, agents offer significant advantages in their application to security. In Section 5, we discuss the design features of MAST that mitigate the security concerns raised by mobile agents.
The SK must be manually installed in all the systems by a system administrator, who will provide the MAST Server’s Public Key at installation time to guarantee unique authentication. Prior to registration, each SK will create its own key pair that will be used to support mutual authentication and, subsequently, secure communication between kernels utilizing TLS [23]. Every kernel must register with the MAST Server. Every component in MAST resides on top of these SK’s, so communication between agents or components is always via the kernels. This will ensure that requests between two systems are only passed through authenticated processes (the kernels) that in turn, are responsible for authenticating (or requesting authentication) of every agent.
4. MAST ARCHITECTURE AND COMPONENTS MAST has been designed with the notion of flexibility in mind. The idea is to allow a system administrator to customize the tool to the network. There are essentially five main components in MAST: •
A Security Kernel is installed on all network hosts (and possibly routers) and forms the foundation of the security substrate, handling the execution of the security agents.
•
The MAST Server Modules collectively maintain the system’s databases and function as a central area for inter-process interaction. This has been recently added to the system to provide services such as logging and authentication between components.
•
An Administrator’s Console is the main user-interface component.
•
Knowledge Models on Computer and Network Security that are closely integrated with the security agents and authentication components in MAST. These models are built and maintained as collections of Concept Maps.
•
A set of security agents that are dispatched from the Knowledge Model or from the Administrator’s Console that travel to hosts to perform security-related tasks.
4.2 The MAST Server The MAST Server will be implemented as a distributed set of modules that aren’t bound to run on any specific host. The System Administrator will dictate by policy definition which systems on his/her network may be eligible to host server modules, and how many modules execute concurrently on each host. In this manner the modules, which are mobile agents themselves, can replicate themselves as well as move in order to comply with overarching network policies governing security, priority, fault tolerance and load balancing. As a component needs to access a specific Module, it uses SLP or Service Location Protocol [19] to determine the desired service’s present location, prior to initiating communication. The databases required by the server architecture: Vulnerabilities/Advisories, Agent Codebase and Log will be bound to specific Server host(s) but will be self replicating. The only server element that will be fixed to a single specific IP is the module that is utilized only during the initial setup phase – the Security Kernel Bootstrap Service (SKBS). This service has access to the server keystore and authenticates each new kernel as it is installed and seeks the SKBS for initial authentication and registration. This interaction is explained in more detail below in the section on security.
4.1 The Security Kernels The Security Kernels (SK) are the foundational components the system. They provide a secure execution environment and authentication mechanisms for the running agents. Besides providing a low level API that allows the agents to have access to the host system, the SK is also responsible for providing the necessary encryption and authentication services for the agents. The SK is based on a hardened and streamlined version of the current execution environment of NOMADS-Oasis [20][21] to combine the advantages of high portability and extended features offered by the NOMADS Mobile Agent System.
The modules in the server group include an Agent Management Service, a Logging Service, an Authentication Service, and a Vulnerabilities /Advisories Management Service. As each host on the network will necessarily have an SK, the server modules will run on top of SK’s, so agents can move to and execute on the different server hosts as well, in the event that they need direct access to one of the databases, or to one of the server modules.
Oasis is an agent execution environment that runs on top of Aroma [22], an internally developed clean room implementation of the Java Virtual Machine that has been specifically tailored to two of the most critical needs of Mobile Agents and the systems that host them: (1) The ability to provide fine grained resource control of each agent’s usage of such critical components as CPU, Memory, Network, and Secondary Storage, and (2), the ability to provide Strong Mobility - i.e., agents can be moved between hosts in mid execution, between any two bytecode instructions, without
The Agent Management Service provides launching, tracking, and, if required, recovery and termination of agents in the system. All agent communications can be configured to pass through this service as well, if required by the local security policy. The Codebase holds the binary code (usually in Read-Only format) of the agents. In order to enforce validation, agents can only be launched from the Agent Management Service Server Module. This will ensure that every agent binary is “certified” by the
89
This architecture ensures that agents initiated by a specific user will maintain user credentials even after the console shuts down. The agent, tagged with user credentials, can persist at the target host and even wait for the user to come back in an administrative console to report activities. Figure 2 shows a brief illustration of the console’s main window. When active, it is authenticated with the server, and the panel that holds the MAST logo will present the agent’s interface and messages.
system administrators before being launched. It is important to emphasize that MAST is not a general multi-purpose host environment for agent execution. The security kernels on each host do provide protection against malicious or poorly designed agents, but it is critical from the system administrator’s perspective that agent binaries have not been tampered and can only be launched in the system once their MD5 checksum is verified. The Authentication Service will have direct access to the Server Keystore, and will serve to authenticate SK’s, Agents, as well as the Human Operators of the MAST system. This service and the SKs will access the Server Keystore, and will be the only services that are required to actually be on the same host as their affiliated data store.
4.4 The Knowledge Models and Security Agents Concept Maps have been widely used to organize and represent knowledge since its inception in the 70’s by Novak [16]. Concept maps are basically characterized by a graphical representation of a set of concepts and their relationships, providing a strong and concise description of the specific domain of knowledge. The concepts are hierarchically arranged and linked to created propositions, which are usually referred to as semantic units or units of meaning [17].
The vulnerabilities database maintains a comprehensive set of parsed and pre-processed vulnerability and security advisory reports extracted from public resources in the Web. The Vulnerabilities /Advisories Management Service will search, retrieve, and parse public information to maintain the database. This will also have access to system configuration details so appropriate or relevant data can be sought with higher priority.
In the context of MAST, concept maps are used to organize and facilitate access to information about many different aspects in network and host security. MAST relies on CmapTools3, to facilitate the online manipulation of concept maps. CmapTools is a powerful concept mapping software [1][9], that has been customize to support communications with the MAST server and the launching of security agents in MAST.
In addition to the local log maintained at each SK, the Logging Server Module also maintains the centralized Log Database. How much of these local SK logs get flushed to the primary log will be governed by local security policy. This mechanism will work similarly to the UNIX syslog daemon, allowing multiple processes, agents or environments to report system-wide events and errors, with differentiated classifications and priorities.
As a security tool, MAST does not depend on the knowledge models to operate. Every task can be directly performed via the Administrator’s console. Alternatively, administrators can choose to browse the knowledge base and interact with the agents directly from the knowledge models representing the context in question (figure 3).
4.3 The Administrator’s Console The Administrator’s Console is a standalone application that provides a graphical interface to the system. Through the console, users can authenticate with the MAST Server to gain access to the system. The console relies on authentication and secure communication mechanisms similar to those provided by the SK’s. After user authentication at the console, the underlying kernel will inherit the credentials of the user. The same will be true for any agent launched upon request from that console.
This approach allows some degree of separation between the access to the security tool and the KM’s that can also be used by CmapTools® for other purposes such as training and education. When launched from an authenticated console, the CmapTools® application can be used as a monitoring and managing tool as well as a knowledge browser and editor. When used independently, it works as knowledge management tool, with direct access to all the maps and models in the system. Section 5.9 discusses the integration of these components in further detail.
5. THE SECURITY MODEL MAST’s architecture involves the interaction of a multiple network components in addition to mobile code. These capabilities, although fundamental for flexibility, do raise several security concerns that must be addressed at the level of the framework, or SK substrate.
In general, the security model (Figure 3) is based on the following principles:
Figure 2 - The Administrator's Console
3
90
The CMapTools software package is available free for nonprofit use at http://cmap.coginst.uwf.edu.
there is no guarantee that host A will not tamper with the agent before sending the agent on to host B. This is particularly true if host A has been compromised and the SK on host A has been altered. This type of mobility is commonly referred to as multihop mobility. While several approaches have been proposed to handle multi-hop mobility in a secure manner, none of them provide a satisfactory solution. Therefore, the default security policy in MAST limits agent mobility to single-hop. That is, an agent may migrate only between the SK running the AMS and another SK. In certain specialized applications, if the administrators need multi-hop mobility and have other means of guaranteeing the integrity of the SKs, they may change the security policy to allow multi-hop mobility. It is important to highlight that single hop mobility does not imply that agents will check one host at a time. In general, and depending on the size and requirements of each network, the administrators can specify policies that will allow security agents will to be cloned at the MAST server (assumed to be a trusted kernel) and launched in parallel to a number of hosts, allowing security checks and fixes to occur simultaneously in a number of hosts in the network.
5.3 Agent Communication Insofar as communication is concerned, this can also be treated in one of two ways. In a centralized approach, all communications would be relayed via the AMS’s Messaging service. In a distributed approach, the agents would be allowed to communicate (with each other or with different Server Modules) in a point to point fashion. The model for intra-agent communication can be defined by policies, as a function of system scale, complexity and requirements. As all communication actions pass through the SK, and logging is controlled and enforced at the SK, it is possible to ensure that all events of interest can be locally logged and if necessary, aggregated for analysis.
Figure 3 - SSL Communications between kernels and the server
5.1 Intra-kernel trusted relationship Communications and code mobility are always handled by the security kernels. In MAST, there’s no direct interaction between two components residing atop different kernels. Every message, command or mobility request passes through the underlying SK’s. All network communication between the SK’s in the MAST system will be encrypted by TLS and authenticated by means of mutual authentication utilizing PKI. During the initial setup phase, the public key of each SK will be signed by the same organizational Root Certificate Authority, which the SA will establish during the SK’s installation. Also, the SK’s/Authentication Service’s Public Key will be distributed to each SK during this setup phase. These data elements, verified during the TLS handshake, will then serve to provide the mutual authentication between all SK’s and the Authentication Service. Given that the system may be deployed on networks that rely upon DHCP for IP dissemination, and/or utilize NAT Gateways, we find that we cannot rely upon IP Addresses or Domain Names, items traditionally used within X.509 certificates [11] for validation. Relying upon DNS presently also raises a different potential set of security concerns, which we can avoid [18]. Also, given that our Server Modules, which will also be agents, are mobile, we cannot depend upon them being at the same IP for any two subsequent transactions. Additionally, incoming connections will only be allowed to the SK from the local subnet, or an address range explicitly specified in the local security policy.
5.4 Launching Agents Securely Typically, an agent launch request will be generated either from the Knowledge Model or from the MAST Console. In the case of the Knowledge Model, the console operator will have identified the need to launch agent(s) to a particular host(s), and requested this launch via the pertinent Concept Map. This request will be transmitted to the co-resident MAST Console, which would verify that it came from an authorized KM browser. If the launch request originated directly from the MAST Console, this step is unnecessary. The console would then transmit this launch request to the AMS. The AMS is responsible for the launch and recovery of the agent.
5.5 User and Agent Authentication The Authentication Service will maintain the security levels and the association between the operators and their assigned trust levels. There will be one administrative or ‘root’ authority level that will be responsible for adding each human operator into the system. The ability to browse the KM is intended to be a basic ability and will be available to all users who have access to the system(s) that are authorized by local security policy to run the MAST Console. Further authentication will be required by means of an assigned security token for higher level functionality,
5.2 Agent Mobility Agent tampering by a host execution environment is one of the major security issues raised by mobile agents. If an agent is traveling from the MAST server to host A and then to host B,
91
The clones will periodically contact each other to make sure that they are both functioning. If a service (or agent) becomes unreachable to its clone, it will be immediately recreated to duplicate the service. Clones of the same service cannot reside in the same host in order to ensure that even in the case of hardware failure there will be a good chance that at least one clone of each service will be available at any given time. Clones have a sequential number that identify their “incarnation”, so if a temporarily unreachable agent does become available after a few seconds, the most recently instantiated clones will receive their heart-beat and will terminate, avoiding a large number of replicas for the same service.
including launching agents and authorizing agents to make changes directly on client and server hosts. In the future, there will be flexibility in how the actual security mechanisms are implemented on a site by site basis, with the System Administrator having the ability to define his/her own security levels. Each level would allow access to a distinct functionality set, and the operators could then be assigned to a specific security level as they are added.
5.6 Global logging Although logging is configurable via the local security policy, we provide the ability for each event and operation to be carefully logged via the Logging Service Server Module. Logging of an agent’s actions is done locally as well, cascading into the primary log if dictated by a policy.
The concern of having multiple copies of the same server is basically for scalability. In MAST, services are looked up via SLP. Different components (or different clones of the same service) can announce the same capabilities and availability, allowing some level of redundancy and load balancing for the system as a whole.
5.7 Operation rollback We are considering the addition of a rollback facility to the SKs. This would allow the ability to rollback a given Agent’s operations at an atomic level – changed or replaced files would be stored in secure area with time-date stamps so that changes may be rolled back in the event that unanticipated problems result from a change. This will require information about each update to be stored for each host, so we expect that rollback would be possible only for a pre-determined period of time, which would be established by the policies defined by system administrator.
6. CONCLUSIONS The MAST project is in the first year of funding and at this time we have finished integration of the CmapTools and the NOMADS Mobile Agent system. We have three ongoing efforts in parallel: a) the final development of the Security Kernel and its authentication mechanisms with the Administrator’s Console, b) the construction of the Knowledge Models and c) the automatic information retrieval engines that will help in maintaining the knowledge maps and keeping them current.
5.8 Protecting the kernels against malicious agents
Soon, the framework and sets of standard security agents will be made available for free download and it is expected that customized agents will be developed and shared between security experts in different communities.
As we are utilizing Oasis and the Aroma VM described above in section 4.1, we are able to protect against potentially malicious agents by stopping them instantly, or by limiting their resource consumption so as not to impact other operations on that specific host. Some agents may just be compute intensive, and have no intention of monopolizing the CPU. By having some default resource restrictions that may even fluctuate during the day in anticipation of standard usage patterns, impact upon normal computer usage can be minimized.
More information about this research is available online at http://mast.coginst.uwf.edu/ and the CmapTools can be freely downloaded for non-profit use from http://cmap.coginst.uwf.edu/.
7. FUTURE WORK Some of the future challenges for the project include, for instance, the issues associate with detecting if an environment has been compromised. This is a complex problem and we have not addressed the issue in MAST. We have chosen to restrict agent mobility to single-hope in order to avoid the spread of potential compromises by the security agents themselves.
5.9 Administrator Console security The Administrator’s Console is the interface between the users and the system. From the Console, the system administrator can monitor and manage agents, handle messages, advisories, and notifications and launch the KM Browser. The Knowledge Model Browser, a standalone application, will have been invoked from the Console context, and the authentication established by the Operator currently on the Console will have been transferred, by means of a dynamically generated key, to the KM Browser during this step. This key is then utilized by the KM Browser to authenticate itself back to the Console when requesting agent launches.
We also intend to work on mechanisms to provide some semiautomation of some of the tasks associated with network discovery, and maintenance of the knowledge models and vulnerabilities database. In our current implementation, security advisories are automatically pre-matched against network components and setting, but it still requires direct human intervention to authorize updates and fixes. We’re also currently working some mechanisms to automatically generate notifications about changes or conflicts in the knowledge modes or vulnerabilities database.
5.10 Robustness through Mobile Agents In order to recover from specific directed attacks upon the current host, including Denial of Service attacks, each Server Module Agent will have at least one clone of itself somewhere on the network. Again, the exact parameters of this will be governed by local security policy definition.
92
[12] Intrusion Detection with Mobile Agents, Computer Communications Journal, Special Issue on Intrusion Detection, In Press. Wayne Jansen.
8. ACKNOWLEGMENTS The MAST project is sponsored by the National Science Foundation (NSF) under the Strategic Technologies for the Internet program, award number 0230927.
[13] Lemos, Robert. - Study: Bad security flaws don't die CNET News.com – July 30th.Available online at: http://news.com.com/2100-1009-5058058.html?tag=nl
9. REFERENCES [1] Cañas, A. J., K. M. Ford, J. D. Novak, P. Hayes, T. Reichherzer, N. Suri., Using Using Concept Maps with Technology to Enhance Collaborative Learning in Latin America, accepted for publication, Science Teacher.
[14] Lemos, Robert. - Worm's spread shows holes in patch system – CNET News.com – August 12th, 2003. Available online at: http://news.com.com/ 1001002_3-5062832.html [15] Network Security Testing Using Mobile Agents, The Third International Conference and Exhibition on The Practical Application of Intelligent Agents and MultiAgent Technology, London, UK, March 1998. Tom Karygiannis.
[2] Cañas, A. J., K. M. Ford, J. Brennan, T. Reichherzer, and P. Hayes. (1995). Knowledge Construction and Sharing in Quorum. In Proc. of AI in Education, Washington D.C., pp. 218-225. [3] Carvalho, M.M, Cowin, T.B., Suri, N. – MAST – A Mobile Agent-based Security Tool. – Proceedings of the 7th World Multiconference on Systemics, Cybernetics and Informatics. Orlando, FL, October 2003 [4] The CERT Coordination http://www.cert.org/
Center.
Online
[16] Novak, D.B. Gowin, Learning How to Learn. Cambridge University Press (1984) [17] Novak, J.D., The Theory Underlying Concept Maps and How to Construct Them. Cornell University [18] Schuba, Christoph. August 1993 Master’s Thesis. “Addressing Weaknesses in the Domain Name System Protocol.” Online at http://ftp.cerias.purdue.edu/pub/papers/christophschuba/schuba-DNS-msthesis.pdf
at:
[5] CERT® Advisory CA-2003-20 W32/Blaster worm. Originally release on August 11th, 2003. and revised on 2003. Available online at: August 14th, http://www.cert.org/advisories/CA-2003-20.html
[19] Service Location Protocol, Version 2. Online at http://www.ietf.org/rfc/rfc2608.txt
[6] CERT® Advisory CA-2003-04 MS-SQL Server Worm.
[20] Suri, N., Bradshaw, J.M., Breedy, M.R., Groth, P.T., Hill, G.A., Jeffers, R., and Mitrovich, T.S. An Overview of the NOMADS Mobile Agent System. Sixth ECOOP Workshop on Mobile Object Systems. (http://cui.unige.ch/~ecoopws/ws00)
Originally release on January 25, 2003 and revised on January 27th, 2002. Available online at: http://www.cert.org/advisories/CA-2003-04.html
[7] CERT® Advisory CA-2001-19 "Code Red" Worm Exploiting Buffer Overflow in IIS Indexing Service DLL. Originally release on July 19, 2001. and revised on January 17th, 2002. Available online at: http://www.cert.org/advisories/CA-2001-19.html
[21] Suri, N. Bradshaw, J.M., Breedy, M.R., Ford, K.M., Groth, T., Hill, G.A., and Saavedra, R.: “State Capture and Resource Control for Java: The Design and Implementation of the Aroma Virtual Machine.” White Paper. http://nomads.coginst.uwf.edu
[8] CERT® Advisory CA-2003-16 Buffer Overflow in Microsoft RPC. Originally release on July 17, 2003. and revised on August 8th, 2003. Available online at: http://www.cert.org/advisories/CA-2003-16.html
[22] Suri, N., Bradshaw, J.M., Breedy, M.R., Groth, P.T., Hill, G.A., and Jeffers, R. Strong Mobility and FineGrained Resource Control in NOMADS. Proceedings of the 2nd International Symposium on Agents Systems and Applications and the 4th International Symposium on Mobile Agents (ASA/MA 2000). Springer-Verlag.
[9] Coffey, J. W and A. J. Cañas (2000). A Learning Environment Organizer for Asynchronous Distance Learning Systems. Twelfth IASTED Intern. Conf. Parallel and Distributed Computing and Systems (PDCS 2000), Las Vegas, Nevada.
[23] The TLS Protocol Version http://www.ietf.org/rfc/rfc2246.txt
[10] General Magic, Inc. Telescript technology: The foundation for the electronic marketplace, 1994. White paper
1.0
Online
at
[24] Vulnerability Note VU#568148 - Microsoft Windows RPC vulnerable to buffer overflow. Originally release on July 17, 2003. and revised on August 14th, 2003. Available online at: http://www.kb.cert.org/vuls/id/568148
[11] Internet X.509 Public Key Infrastructure: Certificate and CRL Profile. Online at http://www.ietf.org /rfc/rfc2459.txt.
93
