Lecture 27: December 2, 2019

Reading: text, §24.4.2–24.5
Due: Homework 5, due on December 6, 2019 at 11:59pm; Lab 3, due on December 6, 2019 at 11:59pm

1. Greetings and felicitations!

2. PA Model (Neumann’s organization)
   1. Goal: develop techniques to search for vulnerabilites that less experienced people could use
   2. Improper protection (initialization and enforcement)
      1. Improper choice of initial protection domain: incorrect initial assignment of security or integrity level at system initialization or generation; a security critical function manipulating critical data directly accessible to the user;
      2. Improper isolation of implementation detail: allowing users to bypass operating system controls and write to absolute input/output addresses; direct manipulation of a hidden data structure such as a directory file being written to as if it were a regular file; drawing inferences from paging activity
      3. Improper change: the time-of-check to time-of-use flaw; changing a parameter unexpectedly;
      4. Improper naming: allowing two different objects to have the same name, resulting in confusion over which is referenced;
      5. Improper deallocation or deletion: leaving old data in memory deallocated by one process and reallocated to another process, enabling the second process to access the information used by the first; failing to end a session properly
   3. Improper validation: not checking critical conditions and parameters, so a process addresses memory not in its memory space by referencing through an out-of-bounds pointer value; allowing type clashes; overflows
   4. Improper synchronization
      1. Improper indivisibility: interrupting atomic operations (e.g. locking); cache inconsistency
      2. Improper sequencing: allowing actions in an incorrect order (e.g. reading during writing)
   5. Improper choice of operand or operation: using unfair scheduling algorithms that block certain processes or users from running; using the wrong function or wrong arguments.

3. NRL
   1. Goal: Find out how vulnerabilities enter the system, when they enter the system, and where they are
   2. Axis 1: inadvertent (RISOS classes) vs. intentional (malicious/nonmalicious)
   3. Axis 2: time of introduction (development, maintenance, operation)
   4. Axis 3: location (hardware, software: OS, support utilities, applications)

4. Aslam
   1. Goal: Treat vulnerabilities as faults
   2. Coding faults: introduced during software development
      1. Synchronization errors
      2. Validation errors
   3. Emergent faults: introduced by incorrect initialization, use, or application
      1. Configuration errors
      2. Environment faults
   4. Introduced decision procedure to classify vulnerabilities in exactly one category

5. Some common vulnerabilities
   1. Catalogues: CVE (Common Vulnerabilities and Exposures), CWE (Common Weakness Enumeration)
   2. 2011 MITRE/SANS Top 25 Most Dangerous Software Errors
   3. OWASP Top 10 – 2017 The Ten Most Critical Web Application Security Risks

Matt Bishop Office: 2209 Watershed Sciences Phone: +1 (530) 752-8060 Email: mabishop@ucdavis.edu

ECS 153, Computer Security Version of December 10, 2019 at 12:32PM

You can also obtain a PDF version of this.