Outline for October 24, 2022

Reading: text, §18.3, 24.3–24.4.1
Due: Homework 3, due November 11; Progress report, due Nov 11 (Note change in due date!)

1. Virtual machines
   1. Type 1 and type 2 hypervisors

2. Sandboxes

3. Covert channels
   1. Storage channes
   2. Timing channels

4. Vulnerability models
   1. PA model
   2. RISOS
   3. NRL
   4. Aslam

5. Example flaws
   1. fingerd buffer overflow
   2. xterm race condition

6. RISOS
   1. Goal: Aid managers, others in understanding security issues in OSes, and work required to make them more secure
   2. Incomplete parameter validation — failing to check that a parameter used as an array index is in the range of the array;
   3. Inconsistent parameter validation — if a routine allowing shared access to files accepts blanks in a file name, but no other file manipulation routine (such as a routine to revoke shared access) will accept them;
   4. Implicit sharing of privileged/confidential data — sending information by modulating the load average of the system;
   5. Asynchronous validation/Inadequate serialization — checking a file for access permission and opening it non-atomically, thereby allowing another process to change the binding of the name to the data between the check and the open;
   6. Inadequate identification/authentication/authorization — running a system program identified only by name, and having a different program with the same name executed;
   7. Violable prohibition/limit — being able to manipulate data outside one’s protection domain; and
   8. Exploitable logic error — preventing a program from opening a critical file, causing the program to execute an error routine that gives the user unauthorized rights.

Matt Bishop Office: 2209 Watershed Sciences Phone: +1 (530) 752-8060 Email: mabishop@ucdavis.edu

ECS 235A, Computer and Information Security Version of October 24, 2022 at 12:08PM

You can also obtain a PDF version of this.