Outline for January 30, 2006

Reading: text, §23.4, 2

  1. Greetings and felicitations!
    1. Puzzle of the day
  2. NRL
    1. Goal: Find out how vulnerabilities enter the system, when they enter the system, and where they are
    2. Axis 1: inadvertent (RISOS classes) vs. intentional (malicious/nonmalicious)
    3. Axis 2: time of introduction (development, maintenance, operation)
    4. Axis 3: location (hardware, software: OS, support utilities, applications)
  3. Aslam
    1. Goal: Treat vulnerabilities as faults
    2. Coding faults: introduced during software development
      1. Synchronization errors
      2. Validation errors
    3. Emergent faults: introduced by incorrect initialization, use, or application
      1. Configuration errors
      2. Environment faults
    4. Introduced decision procedure to classify vulnerabilities in exactly one category
  4. Access Control Matrix
    1. Subjects, objects, and rights
    2. Primitive commands: create subject/object, enter right, delete right, destroy subject/object
Version of January 31, 2006 at 9:45 PM
You can also obtain a PDF version of this.