Advanced search    Help

Clear all search criteria

Only 2/3! You are seeing results from the Public Collection, not the complete Full Collection. Sign in to search everything (see eligibility).

• Demonstration of the Subversion Threat: Facing a Critical Responsibility in the Defense of Cyberspace

  Show summary     Open resource [pdf]     (open full abstract)

  From the thesis abstract: "This thesis demonstrates that it is reasonably easy to subvert an information system by inserting software artifices that would enable a knowledgeable attacker to obtain total and virtually undetectable control of the system. Recent security incidents are used to show that means, motive, and opportunity exist for an attack of this nature. Subversion is the most attractive option to the professional attacker willing to invest significant time and money to avoid detection and obtain a significant payoff. The objective here is to raise awareness of the risk posed by subversion so that the decision makers responsible for the security of information systems can make informed decisions. To this end, this work provides a complete demonstration of a subverted system. It is shown how a few lines of code can result in a very significant vulnerability. The responsibility to defend information systems cannot adequately be met without considering this threat. Addressing this threat gets to the very nature of the security problem, which requires proving the absence of something - namely, a malicious artifice. Several techniques for demonstrating security are shown to be inadequate in the face of this threat. Finally, a solution is presented with a proposal for future work."

  Naval Postgraduate School (U.S.)

  Anderson, Emory A.

  2002-03
• Subversion as a Threat in Information Warfare

  Show summary     Open resource [pdf]     (open full abstract)

  "As adversaries develop Information Warfare capabilities, the threat of information system subversion presents a significant risk. System subversion will be defined and characterized as a warfare tool. Through recent security incidents, it is shown that means, motive, and opportunity exist for subversion, that this threat is real, and that it represents a significant vulnerability. Mitigation of the subversion threat touches the most fundamental aspect of the security problem: proving the absence of a malicious artifice. A constructive system engineering technique to mitigate the subversion threat is identified."

  Naval Postgraduate School (U.S.)

  Anderson, Emory A.; Irvine, Cynthia E.; Schell, Roger R.

  2004-06