Outline for January 17, 2003

Reading: Text, §23.3-23.4, Robust Programming handout

Discussion Problem

The UNIX system reserves network ports numbered 1023 and below for root-owned processes only. User processes must use ports with higher numbers. So, if the source port from a remote host has a source port of 536, it must have originated with a process that was at one time root. This is a UNIX standard, not an Internet one.

What problems can this scheme cause in a heterogeneous network?

Outline for the Day

  1. Vulnerability Models
    1. PA model
    2. RISOS
    3. NRL
    4. Aslam
  2. PA Model (Neumann's organization)
    1. Analysis procedure
      1. Collect descriptions of protection patterns
      2. Convert to raw error patterns
      3. Abstract into system-independent components
      4. Determine which features in the OS code are relevant, and abstract relevant contexts of those features
      5. Compare the combinations of the relevant features in the OS with generic error patterns
  3. NRL
    1. Goal: Find out how vulnerabilities enter the system, when they enter the system, and where they are
    2. Axis 1: inadvertent (RISOS classes) vs. intentional (malicious/nonmalicious)
    3. Axis 2: time of introduction (development, maintenance, operation)
    4. Axis 3: location (hardware, software: OS, support utilities, applications)
  4. Aslam
    1. Goal: Treat vulnerabilities as faults
    2. Coding faults: introduced during software development
      1. Synchronization errors
      2. Validation errors
    3. Emergent faults: introduced by incorrect initialization, use, or application
      1. Configuration errors
      2. Environment faults
    4. Introduced decision procedure to classify vulnerabilities in exactly one category
  5. Common Implementation Vulnerabilities
    1. Unknown interaction with other system components (DNS entry with bad names, assuming finger port is finger and not chargen)
    2. Overflow (year 2000, lpr overwriting flaw, sendmail large integer flaw, su buffer overflow)
    3. Race conditions (xterm flaw, ps flaw)
    4. Environment variables (vi one-upsmanship, loadmodule)
    5. Not resetting privileges (Purdue Games incident)
  6. Robust Programming
    1. Principles
    2. Creating, reading tickets
    3. Creating, deleting queues
    4. Adding, removing items
Here is a PDF version of this document.