My Introduction

mdr@vodka.sse.att.com
Thu, 1 Feb 1996 11:20:25 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Frank Swift at Home: "CIAC Bulletin G-09: Unix sendmail vulnerability"
Previous message: Tim Keanini: "Re: Intrusions"
In reply to: Chris Woods: "My Introduction"
Next in thread: Aziz MOUNJI: "Re: My Introduction"

>When joining the list I ask you to breifly introduce yourself, to give
>an outline of your interest in intrusion detection systems. Whether

I am looking forward to a lot of good info from this list.  I have
been working in the field of computer security for about 6 years now
for AT&T Bell Labs.  The department that I belong to 'Secure Systems
Engineering' has an extensive background in the field with many highly
qualified engineers.  Most of my work has been centered around SV/MLS,
a B1 level (orange book style) secure version of the UNIX operating
system.  Lately I have been working on network security and intrusion
detection, extending the audit trail of SV/MLS to handle network
events and alarm rules.   As part of this effort, I have developed an
alarm rules language.  The language was designed to be easily and
quickly implemented and extensible, sacrificing readability because 
its rules are generated by a GUI interface.   Since the user never 
sees the rules, they are written in a notation that is easily parsed
and evaluated (ease of implementation) as oppossed to easily read by
humans.  So far it has been quite successful at meeting our needs and 
exceeded its design goals.

Now I am actively researching the field of intrusion detection to
determine if some of the body of existing work can be readily applied
to our current projects.  I would like to do some basic research that
would break new ground, but am honestly more interested in practical
application of theory to practice.  My job responsibilities are somewhere
between with those of a developer and those of a researcher.  There appears to 
be a great deal work for me to review and I am looking forward to it 
very much.

I hope that my "implement first, research second" approach is not too
offensive, but the majority of task was to interface to a new GUI and
an existing audit trail structure with a binary format.  The rule
processing piece of code is really not that large and could easily be
replaced. It was intended to be "do something quick!" due to some very
serious time contrants for the project, but turned out much nicer than 
intended.

Now I am wanting to press forward which means backing up and taking a
deeper look at the problem.  I would like to learn more about the work
that has been done by others and to meet those who have developed systems.  
Does any one have an index of all the best articles, journals, papers etc?

Mark Riggins
Secure System Engineering
AT&T Bell Labs

voice:	910 279-5635
fax:  	910 279-5873
email:	Mark.Riggins@att.com

Next message: Frank Swift at Home: "CIAC Bulletin G-09: Unix sendmail vulnerability"
Previous message: Tim Keanini: "Re: Intrusions"
In reply to: Chris Woods: "My Introduction"
Next in thread: Aziz MOUNJI: "Re: My Introduction"