Lecture 26: November 27, 2019

Reading: text, §23.9, 24.3–24.4.1
Due: Homework 5, due on December 6, 2019 at 11:59pm; Lab 3, due on December 6, 2019 at 11:59pm


  1. Greetings and felicitations!
  2. Defenses
    1. Distinguishing between data and instructions
    2. Containment
    3. Specifications as restrictions
    4. Limiting sharing
    5. Statistical analysis
    6. Trust
  3. Vulnerability models
    1. PA model
    2. RISOS
    3. NRL
    4. Aslam
  4. Example flaws
    1. fingerd buffer overflow
    2. xterm race condition
  5. RISOS
    1. Goal: Aid managers, others in understanding security issues in OSes, and work required to make them more secure
    2. Incomplete parameter validation — failing to check that a parameter used as an array index is in the range of the array;
    3. Inconsistent parameter validation — if a routine allowing shared access to files accepts blanks in a file name, but no other file manipulation routine (such as a routine to revoke shared access) will accept them;
    4. Implicit sharing of privileged/confidential data — sending information by modulating the load average of the system;
    5. Asynchronous validation/Inadequate serialization — checking a file for access permission and opening it non-atomically, thereby allowing another process to change the binding of the name to the data between the check and the open;
    6. Inadequate identification/authentication/authorization — running a system program identified only by name, and having a different program with the same name executed;
    7. Violable prohibition/limit — being able to manipulate data outside one’s protection domain; and
    8. Exploitable logic error — preventing a program from opening a critical file, causing the program to execute an error routine that gives the user unauthorized rights.

UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 153, Computer Security
Version of November 30, 2019 at 11:48PM

You can also obtain a PDF version of this.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh