Outline for April 25, 1997

  1. Greetings and Felicitations
    1. Remember to write up what you find
  2. Vulnerabilities Models
    1. RISOS (1975), to let managers, etc. know about integrity problems
    2. PA (1976-78), automated checking of programs
    3. NSA, contents unknown but similar to PA and RISOS
    4. Aslam, fault-based; for C programs
    5. Landwehr, classify according to attack purpose as well as type; based on RISOS
    6. Bishop, still being developed
  3. RISOS (Research Into Secure Operating Systems); Abbott et al.
    1. Improper parameter validation
    2. Inconsistent parameter validation
    3. Implicit sharing of privileged data
    4. Asynchronous validation/incorrect serialization (eg., TOCTTOU)
    5. Inadequate identification/authorization/authentication
    6. Violable prohibition/limit
    7. Exploitable logic error
  4. PA (Protection Analysis); Bisbey et al.
    1. Improper protection domain; 5 subclasses
      1. Improper initial protection domain
      2. Improper isolation of implementation details
      3. Improper change, (TOCTTOU flaws)
      4. Improper naming
      5. Improper deletion/deallocation
    2. Improper validation
    3. Improper synchronization; 2 subclasses
      1. Improper divisibility
      2. Improper sequencing
    4. Improper choice of operand and operation
  5. Note: PA classes map into RISOS classes and vice versa

Notes by Peter Mell: [Postscript] [Text]
You can get this document in Postscript, ASCII text, or Framemaker version 5.1.
Send email to cs253@csif.cs.ucdavis.edu.

Department of Computer Science
University of California at Davis
Davis, CA 95616-8562

Page last modified on 5/12/97