Outline for November 6, 2014

Reading: text, § 23.3–23.4, 9
  1. PA Model (Neumann’s organization)
    1. Goal: develop techniques to search for vulnerabilities that less experienced people could use
    2. Improper protection (initialization and enforcement)
      1. Improper choice of initial protection domain: incorrect initial assignment of security or integrity level; a security critical function manipulating critical data directly accessible to the user;
      2. Improper isolation of implementation detail: allowing users to bypass operating system controls and write to absolute input/output addresses; direct manipulation of a “hidden” data structure such as a directory file being written to as if it were a regular file; drawing inferences from paging activity
      3. Improper change: the “time-of-check to time-of-use” flaw; changing a parameter unexpectedly;
      4. Improper naming: allowing two different objects to have the same name, resulting in confusion over which is referenced;
      5. Improper deallocation or deletion: leaving old data in memory deallocated by one process and reallocated to another; failing to end a session properly
    3. Improper validation: not checking critical conditions and parameters, so a process addresses memory not in its memory space by referencing through an out-of-bounds pointer value; allowing type clashes; overflows
    4. Improper synchronization
      1. Improper indivisibility: interrupting atomic operations (e.g. locking); cache inconsistency
      2. Improper sequencing: allowing actions in an incorrect order (e.g. reading during writing)
    5. Improper choice of operand or operation: using unfair scheduling algorithms that block certain processes or users from running; using the wrong function or wrong arguments.
  2. NRL
    1. Goal: Find out how vulnerabilities enter the system, when they enter the system, and where they are
    2. Axis 1: inadvertent (RISOS classes) vs. intentional (malicious/nonmalicious)
    3. Axis 2: time of introduction (development, maintenance, operation)
    4. Axis 3: location (hardware, software: OS, support utilities, applications)
  3. Aslam
    1. Goal: Treat vulnerabilities as faults
    2. Coding faults: introduced during software development
      1. Synchronization errors
      2. Validation errors
    3. Emergent faults: introduced by incorrect initialization, use, or application
      1. Configuration errors
      2. Environment faults
    4. Introduced decision procedure to classify vulnerabilities in exactly one category
  4. Classical Cryptography
    1. Monoalphabetic (simple substitution): f(a) = a + k mod n
    2. Example: Caesar with k = 3, RENAISSANCEUHQDLVVDQFH
    3. Polyalphabetic: Vigenère, fi(a) = a + ki mod n
    4. Cryptanalysis: first do index of coincidence to see if it is monoalphabetic or polyalphabetic, then Kasiski method.
    5. Problem: eliminate periodicity of key
  5. Perfect secrecy
    1. When the probability of computing the plaintext message is the same whether or not you have the ciphertext
    2. Only cipher with perfect secrecy: one-time pads; C = AZPR; is that DOIT or DONT?
  6. Product ciphers: DES, AES

You can also obtain a PDF version of this. Version of November 3, 2014 at 10:23PM

ECS 235A, Computer and Information Security
Fall Quarter 2014