rnwlogo4sm.gif (2351 bytes)

Creating a Hack Database

The purpose of this paper is to present a method of cataloging hacks that is useful both to the layman and to the professional. What we propose to do here is to create a catalogue numbering scheme that is flexible enough to allow any new developents in the field of computer security while, at the same time, create a number that is specific enough to serve as a unique index to any security work. We take our cue from the Library of Congress that stipulates that any work can be characterized by five components.

  1. Title
  2. Author
  3. Subject
  4. Media
  5. Date

Clearly then we could create a string of some sort like:

{Satan-1.1.1}{Farmer, Dan}{SUBJECT_INDEX}{Comuter Source Code}{04/11/95}

This in itself would be a great leap forward in the world of hacking, but it can be improved upon. We can create a hash on any of the fields or the entire string. Once this is done the sting can be sorted or searched upon by alogorythms designed to take advantage of the hash structure. When we stop to think about it this idea is nothing new and we can see that a libraries card catalog system is a hashing algorythm, albeit one that people can read with some training. Since we are going to be using a computer we can use complex hashing algorythms that will not be readable by people but that we will turn into human form for both imput and output. An example hackDBsystem is included as an FTP file on this host. It is written in perl and includes html input and output pages.

We shall designate the five fields of our index string as the,

and treat each of the indexes in turn. Our scheme is to create an index that contains a sufficient amount of data to be able to create a permuted index of 5! index numbers and search each of these 5! (120) trees looking for an intersection. Each leaf node of the tree contains an index number and a URL of a card catalog entry pointing to where the data can be found.

TITLE_INDEX

The TITLE_INDEX is the standard on where the words the, a, and an are removed from the string the resultant string is then hashed according to the following algorythm:

AUTHOR_INDEX

SUBJECT_INDEX

The method suggested here depends heavily on the analysis in Security - Hacking Methodology. In the affomentioned paper we analyzed hacking into various phases, distinguished intent, and characterized security holes etc. For instance we propose the following system of cataloging the principal subject of hacks.

Attack Phases

  1. Reconnaissance
  2. Strategy Developement
  3. Invasion
  4. Base Camp Developement
  5. Operations

Security Component

  1. Challenge - Response
  2. Cryptography
  3. Trust
  4. Grouping
  5. Access Control List
  6. Monitoring
  7. Investigation

Security Holes

  1. Stack smashing
  2. Race conditions
  3. Spoofing
  4. Backdoor
  5. Bruteforce

Aquisition Method

  1. Social engineering
  2. Machine Based Data Collection
  3. Archival Service Public
  4. Archival Service Pivate
  5. Invent
  6. Trade
  7. Purchase
  8. Theft

MEDIA_INDEX

DATE_INDEX


Home

Last updated by John Ryan john@cybertrace.com on Wed Feb 12 1997