Lecture 7: April 12, 2021
Reading: text, §24.4
Due: Homework 2, due April 21, 2021; Lab 1, due April 19, 2021
- PA Model (Neumann’s organization)
- Goal: develop techniques to search for vulnerabilites that less experienced people could use
- Improper protection (initialization and enforcement)
- Improper choice of initial protection domain: incorrect initial assignment of security or integrity level at system initialization or generation; a security critical function manipulating critical data directly accessible to the user;
- Improper isolation of implementation detail: allowing users to bypass operating system controls and write to absolute input/output addresses; direct manipulation of a hidden data structure such as a directory file being written to as if it were a regular file; drawing inferences from paging activity
- Improper change: the time-of-check to time-of-use flaw; changing a parameter unexpectedly;
- Improper naming: allowing two different objects to have the same name, resulting in confusion over which is referenced;
- Improper deallocation or deletion: leaving old data in memory deallocated by one process and reallocated to another process, enabling the second process to access the information used by the first; failing to end a session properly
- Improper validation: not checking critical conditions and parameters, so a process addresses memory not in its memory space by referencing through an out-of-bounds pointer value; allowing type clashes; overflows
- Improper synchronization
- Improper indivisibility: interrupting atomic operations (e.g. locking); cache inconsistency
- Improper sequencing: allowing actions in an incorrect order (e.g. reading during writing)
- Improper choice of operand or operation: using unfair scheduling algorithms that block certain processes or users from running; using the wrong function or wrong arguments.
- NRL
- Goal: Find out how vulnerabilities enter the system, when they enter the system, and where they are
- Axis 1: inadvertent (RISOS classes) vs. intentional (malicious/nonmalicious)
- Axis 2: time of introduction (development, maintenance, operation)
- Axis 3: location (hardware, software: OS, support utilities, applications)
- Aslam
- Goal: Treat vulnerabilities as faults
- Coding faults: introduced during software development
- Synchronization errors
- Validation errors
- Emergent faults: introduced by incorrect initialization, use, or application
- Configuration errors
- Environment faults
- Introduced decision procedure to classify vulnerabilities in exactly one category