Notes for March 14, 1997
-
Hello
-
Projects due Friday; if you want an extension until Monday, give me a
note which says that you are requesting the extension and you waive any
objections to turning in work during final time. It must be hardcopy
and signed; if it's a group project, it must be signed by all members
of the group.
-
No section today; review session at 1:30-3:30 Monday; watch newsgroup
for location
-
Common Implementation Vulnerabilities
-
Environment variables (vi one-upsmanship)
-
Not resetting privileges (Purdue Games incident)
-
Models
-
PA model
-
RISOS
-
NSA
-
PA Model (Neumann's organization)
-
Improper protection (initialization and enforcement)
-
improper choice of initial protection domain - "incorrect initial
assignment of security or integrity level at system initialization or
generation; a security critical function manipulating critical data
directly accessible to the user";
-
improper isolation of implementation detail - allowing users to bypass
operating system controls and write to absolute input/output addresses;
direct manipulation of a "hidden" data structure such as a
directory file being written to as if it were a regular file; drawing
inferences from paging activity
-
improper change - the "time-of-check to time-of-use" flaw;
changing a parameter unexpectedly;
-
improper naming - allowing two different objects to have the same name,
resulting in confusion over which is referenced;
-
improper deallocation or deletion - leaving old data in memory
deallocated by one process and reallocated to another process, enabling
the second process to access the information used by the first; failing
to end a session properly
-
Improper validation - not checking critical conditions and parameters,
leading to a process' addressing memory not in its memory space by
referencing through an out-of-bounds pointer value; allowing type
clashes; overflows
-
Improper synchronization;
-
improper indivisibility - interrupting atomic operations (e.g.
locking); cache inconsistency
-
improper sequencing - allowing actions in an incorrect order (e.g.
reading during writing)
-
Improper choice of operand or operation - using unfair scheduling
algorithms that block certain processes or users from running; using
the wrong function or wrong arguments.
You can also see this document as a
Binhex Framemaker version 5 document,
Postscript document,
or a
plain ASCII text document.
Send email to
[email protected].
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562
Page last modified on 3/15/97