Notes for March 16, 1997
- Greetings and Felicitations
- Reading: none
- Puzzle
- Penetration Studies
- Why? Why not analysis?
- Effectiveness
- Interpretation
- Flaw Hypothesis Methodology
- System analysis
- Hypothesis generation
- Hypothesis testing
- Generalization
- System Analysis
- Learn everything you can about the system
- Learn everything you can about operational procedures
- Compare to models like PA, RISOS
- Hypothesis Generation
- Study the system, look for inconsistencies in interfaces
- Compare to previous systems
- Compare to models like PA, RISOS
- Hypothesis testing
- Look at system code, see if it would work (live experiment may be
unneeded)
- If live experiment needed, observe usual protocols
- Generalization
- See if other programs, interfaces, or subjects/objects suffer from the same
problem
- See if this suggests a more generic type of flaw
- Peeling the Onion
- You know very little (not even phone numbers or IP addresses)
- You know the phone number/IP address of system, but nothing else
- You have an unprivileged (guest) account on the system.
- You have an account with limited privileges.
[ ended here ]
You can also see this document
in its native format,
in Postscript,
in PDF,
or
in ASCII text.
Send email to
cs153@csif.cs.ucdavis.edu.
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562
Page last modified on 3/18/98