Notes for March 14, 1997

  1. Hello
    1. Projects due Friday; if you want an extension until Monday, give me a note which says that you are requesting the extension and you waive any objections to turning in work during final time. It must be hardcopy and signed; if it's a group project, it must be signed by all members of the group.
    2. No section today; review session at 1:30-3:30 Monday; watch newsgroup for location
  2. Common Implementation Vulnerabilities
    1. Environment variables (vi one-upsmanship)
    2. Not resetting privileges (Purdue Games incident)
  3. Models
    1. PA model
    2. RISOS
    3. NSA
  4. PA Model (Neumann's organization)
    1. Improper protection (initialization and enforcement)
      1. improper choice of initial protection domain - "incorrect initial assignment of security or integrity level at system initialization or generation; a security critical function manipulating critical data directly accessible to the user";
      2. improper isolation of implementation detail - allowing users to bypass operating system controls and write to absolute input/output addresses; direct manipulation of a "hidden" data structure such as a directory file being written to as if it were a regular file; drawing inferences from paging activity
      3. improper change - the "time-of-check to time-of-use" flaw; changing a parameter unexpectedly;
      4. improper naming - allowing two different objects to have the same name, resulting in confusion over which is referenced;
      5. improper deallocation or deletion - leaving old data in memory deallocated by one process and reallocated to another process, enabling the second process to access the information used by the first; failing to end a session properly
    2. Improper validation - not checking critical conditions and parameters, leading to a process' addressing memory not in its memory space by referencing through an out-of-bounds pointer value; allowing type clashes; overflows
    3. Improper synchronization;
      1. improper indivisibility - interrupting atomic operations (e.g. locking); cache inconsistency
      2. improper sequencing - allowing actions in an incorrect order (e.g. reading during writing)
    4. Improper choice of operand or operation - using unfair scheduling algorithms that block certain processes or users from running; using the wrong function or wrong arguments.

You can also see this document as a Binhex Framemaker version 5 document, Postscript document, or a plain ASCII text document.
Send email to

Department of Computer Science
University of California at Davis
Davis, CA 95616-8562

Page last modified on 3/15/97