clarke@csri.toronto.edu (Jim Clarke) (01/16/89)
SYSTEMS SEMINAR - Tuesday, January 24, 2 p.m. in Room GB 244
(GB = Galbraith Building, 35 St. George Street)
Virgil D. Gligor
University of Maryland
"Collusion Detection in Secure Computer Systems"
The fundamental need to monitor the activity of legitimately authorized
users (i.e. insider activity) in secure computer systems implies that au-
dit mechanisms and tools must be implemented and used in all such systems.
Collusive activity among authorized users can lead to violations of secre-
cy, integrity, and availability of secure systems. Current audit mechan-
isms and tools are unable to detect user collusion. We illustrate the com-
plexity of detecting such user activity in audit trails of centralized and
distributed systems using relatively well-known collusion patterns required
for convert leakage of sensitive information. Some approaches for solving
specific collusion problems are suggested. In closing, we review some
current problems of distributed system security.
_________________________________
About the speaker:
Virgil D. Gligor received all his degrees at the University of California,
Berkeley. Since 1976 he has been at the University of Maryland where he is
currently an Associate Professor of Electrical Engineering. He has also
been associated with Burroughs Corp. (1977-1981) and IBM Corp. (1984-
present) where he conducted various research projects in the areas of com-
puter system security and availability.
--
Jim Clarke -- Dept. of Computer Science, Univ. of Toronto, Canada M5S 1A4
(416) 978-4058
BITNET,CSNET: clarke@csri.toronto.edu CDNNET: clarke@csri.toronto.cdn
UUCP: {allegra,cornell,decvax,linus,utzoo}!utcsri!clarke