Outline for October 25, 2021

Reading: text, §18.2, 24.3–24.4
Due: Homework 3, due November 8, 2021

  1. Sandboxes

  2. Covert channels
    1. Storage channes
    2. Timing channels

  3. Vulnerability models
    1. PA model
    2. RISOS
    3. NRL
    4. Aslam

  4. Example flaws
    1. fingerd buffer overflow
    2. xterm race condition

  5. RISOS
    1. Goal: Aid managers, others in understanding security issues in OSes, and work required to make them more secure
    2. Incomplete parameter validation — failing to check that a parameter used as an array index is in the range of the array;
    3. Inconsistent parameter validation — if a routine allowing shared access to files accepts blanks in a file name, but no other file manipulation routine (such as a routine to revoke shared access) will accept them;
    4. Implicit sharing of privileged/confidential data — sending information by modulating the load average of the system;
    5. Asynchronous validation/Inadequate serialization — checking a file for access permission and opening it non-atomically, thereby allowing another process to change the binding of the name to the data between the check and the open;
    6. Inadequate identification/authentication/authorization — running a system program identified only by name, and having a different program with the same name executed;
    7. Violable prohibition/limit — being able to manipulate data outside one’s protection domain; and
    8. Exploitable logic error — preventing a program from opening a critical file, causing the program to execute an error routine that gives the user unauthorized rights.

UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 235A, Computer and Information Security
Version of October 25, 2021 at 11:44PM

You can also obtain a PDF version of this.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh