Lecture 26: November 27, 2019
Reading: text, §23.9, 24.3–24.4.1
Due: Homework 5, due on December 6, 2019 at 11:59pm; Lab 3, due on December 6, 2019 at 11:59pm
- Greetings and felicitations!
- Defenses
- Distinguishing between data and instructions
- Containment
- Specifications as restrictions
- Limiting sharing
- Statistical analysis
- Trust
- Vulnerability models
- PA model
- RISOS
- NRL
- Aslam
- Example flaws
- fingerd buffer overflow
- xterm race condition
- RISOS
- Goal: Aid managers, others in understanding security issues in OSes, and work required to make them more secure
- Incomplete parameter validation — failing to check that a parameter used as an array index is in the range of the array;
- Inconsistent parameter validation — if a routine allowing shared access to files accepts blanks in a file name, but no other file manipulation routine (such as a routine to revoke shared access) will accept them;
- Implicit sharing of privileged/confidential data — sending information by modulating the load average of the system;
- Asynchronous validation/Inadequate serialization — checking a file for access permission and opening it non-atomically, thereby allowing another process to change the binding of the name to the data between the check and the open;
- Inadequate identification/authentication/authorization — running a system program identified only by name, and having a different program with the same name executed;
- Violable prohibition/limit — being able to manipulate data outside one’s protection domain; and
- Exploitable logic error — preventing a program from opening a critical file, causing the program to execute an error routine that gives the user unauthorized rights.
