Notes for October 15, 1999 (Discussion)

  1. Greetings and Felicitations!
  2. Puzzle of the Day
  3. Naval Research Laboratory
    1. Genesis axis: malicious (RISOS) vs. non-malicious
    2. Time of Introduction axis: development (specification, source code, object code), operation, maintenance
    3. Location axis: software (OS, support, application), hardware
  4. Aslam
    1. coding faults
      1. synchronization errors (xterm flaw)
      2. condition validation errors (fingerd flaw)
    2. emergent faults
      1. configuration errors (tftp accesses any area)
      2. environment faults (vi flaw)
  5. Bishop
    1. decomposition theory
  6. Penetration Studies
    1. Why? Why not analysis?
    2. Effectiveness
    3. Interpretation
  7. Flaw Hypothesis Methodology
    1. System analysis
    2. Hypothesis generation
    3. Hypothesis testing
    4. Generalization
  8. System Analysis
    1. Learn everything you can about the system
    2. Learn everything you can about operational procedures
    3. Compare to models like PA, RISOS
  9. Hypothesis Generation
    1. Study the system, look for inconsistencies in interfaces
    2. Compare to previous systems
    3. Compare to models like PA, RISOS
  10. Hypothesis testing
    1. Look at system code, see if it would work (live experiment may be unneeded)
    2. If live experiment needed, observe usual protocols
  11. Generalization
    1. See if other programs, interfaces, or subjects/objects suffer from the same problem
    2. See if this suggests a more generic type of flaw
  12. Peeling the Onion
    1. You know very little (not even phone numbers or IP addresses)
    2. You know the phone number/IP address of system, but nothing else
    3. You have an unprivileged (guest) account on the system.
    4. You have an account with limited privileges.

Send email to

Department of Computer Science
University of California at Davis
Davis, CA 95616-8562

Page last modified on 10/14/99