Chapter 23: Vulnerability Analysis - PowerPoint PPT Presentation

1 / 9
About This Presentation
Title:

Chapter 23: Vulnerability Analysis

Description:

Test for evaluating strengths of all security controls on the ... Trapdoor. Logic/time bomb. Nonmalicious. Covert channel. Other. Unintentional (RISOS taxonomy) ... – PowerPoint PPT presentation

Number of Views:80
Avg rating:3.0/5.0
Slides: 10
Provided by: xx48
Category:

less

Transcript and Presenter's Notes

Title: Chapter 23: Vulnerability Analysis


1
Chapter 23 Vulnerability Analysis
  • Dr. Wayne Summers
  • Department of Computer Science
  • Columbus State University
  • Summers_wayne_at_colstate.edu
  • http//csc.colstate.edu/summers

2
Penetration Studies
  • Test for evaluating strengths of all security
    controls on the computer system (tiger team
    attack, red team attack)
  • Authorized attempt to violate constraints stated
    in security policy
  • Layering of Tests
  • External attacker with no knowledge of system
  • External attacker with access to the system
  • Internal attacker with access to the system

3
Penetration Studies
  • Flaw Hypothesis Methodology
  • Information Gathering
  • Flaw Hypothesis
  • Flaw Testing
  • Flaw Generalization
  • Flaw Elimination

4
Vulnerability Classification
  • Goal of vulnerability analysis is to develop
    methodologies that provide
  • Ability to specify, design, and implement a
    computer system without vulnerabilities
  • Ability to analyze a computer system to detect
    vulnerabilities
  • Ability to address any vulnerabilities introduced
    during the operation of the computer system
  • Ability to detect attempted exploitations of
    vulnerabilities

5
Frameworks
  • Research Into Secure Operating Systems (RISOS)
    classified flaws
  • Incomplete parameter validation (buffer overflow)
  • Inconsistent parameter validation
  • Implicit sharing of privileged/confidential data
  • Asynchronous validation/inadequate serialization
    (race conditions/time-of-check to time-of-use)
  • Inadequate identification/authentication/authoriza
    tion
  • Violable prohibition/limit (bound conditions)
  • Exploitable logic error

6
Frameworks
  • Protection Analysis Model (pattern-directed
    protection evaluation)
  • Improper protection domain initialization and
    enforcement
  • Improper choice of initial protection domain
  • Improper isolation of implementation detail
  • Improper change
  • Improper naming
  • Improper deallocation or deletion
  • Improper validation
  • Improper sychronization
  • Improper indivisibility
  • Improper sequencing
  • Improper choice of operand / operation

7
Frameworks
  • NRL Taxonomy
  • Flaws by genesis
  • Intentional
  • Malicious
  • Trojan horse
  • Trapdoor
  • Logic/time bomb
  • Nonmalicious
  • Covert channel
  • Other
  • Unintentional (RISOS taxonomy)

8
Frameworks
  • NRL Taxonomy
  • Flaws by time of introduction
  • Development
  • Requirement/specification/design
  • Source code
  • Object code
  • Maintenance
  • Operation

9
Frameworks
  • NRL Taxonomy
  • Flaws by location
  • Software
  • Operating System
  • System initialization
  • Memory management
  • Process management/scheduling
  • Device management
  • File management
  • Identification/authentication
  • Other/unknown
  • Support
  • Privileged utilities
  • Unprivileged utilities
  • Application
  • Hardware
Write a Comment
User Comments (0)
About PowerShow.com