Notes for October 16, 1998
- Greetings and Felicitations!
- John has posted new office hours; see the class news group
- Puzzle of the Day: any more thoughts ...
- PA (following Neumann)
- Improper protection (initialization and enforcement)
- Improper validation
- Improper synchronization;
- improper indivisibility - interrupting atomic operations
(e.g. locking); cache inconsistency
- improper sequencing - allowing actions in an incorrect order
(e.g. reading during writing)
- Improper choice of operand or operation - using unfair scheduling
algorithms that block certain processes or users from running; using
the wrong function or wrong arguments.
- RISOS
- Incomplete parameter validation - failing to check that a parameter
used as an array index is in the range of the array;
- Inconsistent parameter validation - if a routine allowing shared
access to files accepts blanks in a file name, but no other file
manipulation routine (such as a routine to revoke shared access) will
accept them;
- Implicit sharing of privileged/confidential data - sending
information by modulating the load average of the system;
- Asynchronous validation/Inadequate serialization - checking a file
for access permission and opening it non-atomically, thereby allowing
another process to change the binding of the name to the data between
the check and the open;
- Inadequate identification/authentication/authorization - running a
system program identified only by name, and having a different program
with the same name executed;
- Violable prohibition/limit - being able to manipulate data outside
one's protection domain; and
- Exploitable logic error - preventing a program from opening a
critical file, causing the program to execute an error routine that
gives the user unauthorized rights.
- Penetration Studies
- Why? Why not analysis?
- Effectiveness
- Interpretation
- Flaw Hypothesis Methodology
- System analysis
- Hypothesis generation
- Hypothesis testing
- Generalization
- System Analysis
- Learn everything you can about the system
- Learn everything you can about operational procedures
- Compare to models like PA, RISOS
- Hypothesis Generation
- Study the system, look for inconsistencies in interfaces
- Compare to previous systems
- Compare to models like PA, RISOS
- Hypothesis testing
- Look at system code, see if it would work (live experiment may be unneeded)
- If live experiment needed, observe usual protocols
- Generalization
-
See if other programs, interfaces, or subjects/objects suffer from the same problem
- See if this suggests a more generic type of flaw
- Peeling the Onion
- You know very little (not even phone numbers or IP addresses)
- You know the phone number/IP address of system, but nothing else
- You have an unprivileged (guest) account on the system.
- You have an account with limited privileges.
You can also see this document
in its native format,
in Postscript,
in PDF,
or
in ASCII text.
Send email to
[email protected].
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562
Page last modified on 10/21/98