A Taxonomy of UNIX System and Network Vulnerabilities
Citation
- M. Bishop, “A Taxonomy of UNIX System and Network Vulnerabilities”, Technical Report CSE-95-8, Dept. of Computer Science, University of California at Davis, Davis, CA 95616-8562 (May 1995).
Paper
About This Report
From the introduction:In this paper, we shall build on prior work to present another taxonomy, and argue that this classification scheme highlights characteristics of the vulnerabilities it classifies in a more useful way than other work. We shall then examine vulnerabilities in the UNIX operating system, its system and ancillary software, and classify the security-related problems along several axes, after which we shall examine the earlier work to see if this taxonomy holds for other systems. The unique contribution of this work is an analysis of how to use the Protection Analysis work to improve security of existing systems, and how to write programs with minimal exploitable security flaws. This contrasts the work to others, which argue that a preventative approach using formal methods to design secure systems is appropriate. We emphatically agree; however, as nonsecure systems continue to be used, our work is presented with the hope it will guide maintainers and software implementers to improve the security of these flawed systems and software.
