9804075 This project will focus on the detection in real time of system misuse. This will be achieved through the dynamic measurement of software systems. This technique has been quite successful in the dynamic determination of software reliability. Through a shift in perspective the variation of the behavior that determines system reliability also provides a convenient vehicle for the detection of security violations. The research effort will center around three distinct software system attributes: granularity, scalability, and the operating milieu of the target software system. Thus, initial project phase will concentrate on the instrumentation and measurement of O/S kernel level program activity. The next project phase will center on the dynamic determination of specific application (user) profiles. The third project phase will shift the measurement focus to network-wide software applications. This new metaphor for secure systems will focus on the functionality that the system is executing and the impact that the functionality has on program modularity, as opposed to the existing view of the system's software as a monolithic system being stimulated by an aggressive and hostile user. A system will be measured as it executes its many functionalities, profile will be established for normal activity, and subtle shifts in the profiles that represent the execution of security breach functionalities will be identified and modeled.***
