Thesis Abstracts 2001

Research and Graduate Studies Electrical and Computer Engineering

An Examination of Sun Microsystems' Bruce Application and the Mitigation of a Confidentiality and Integrity Weakness Using the Entrust(r) Public Key Infrastructure

By: Major Mel Crocker, B.Sc.

Supervisor: Dr. Scott Knight

Abstract

Detecting security vulnerabilities in large heterogeneous networks is generally accomplished using either host-based or network-based security auditing tools. A host-based security auditing tool runs on the host being assessed and has the advantage of seeing the vulnerabilities of a machine from the inside. A network-based tool audits the target over a network by sending crafted packets; it sees the machine as a remote attacker would see it.

Sun Microsystems, Inc. is in the process of developing a networked host-based vulnerability scanner, called Bruce, that seeks to combine the strengths of the inside perspective with the scalability and centralized information collection of a network-based tool. Bruce is in beta version and the source code has been made publicly available under Sun Community Source Licensing. This thesis is a detailed analysis of the Bruce application. It considers the design and implementation of Bruce, and determines its strengths and weaknesses. A specific weakness, the confidentiality and integrity of the vulnerability reports, is identified and then further examined. A prototype solution is developed and implemented to mitigate this weakness. The solution modifies Bruce by developing a standard interface for security services and then uses this interface to integrate the Entrust Public Key Infrastructure with Bruce.