Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Taxonomy of Computer Program Security Flaws C. E. Landwehr, A. R. Bull, J. P. McDermott and W.S. Choi -- Presented by: Feng Hui Luo ACM Computing Surveys,

Similar presentations


Presentation on theme: "A Taxonomy of Computer Program Security Flaws C. E. Landwehr, A. R. Bull, J. P. McDermott and W.S. Choi -- Presented by: Feng Hui Luo ACM Computing Surveys,"— Presentation transcript:

1 A Taxonomy of Computer Program Security Flaws C. E. Landwehr, A. R. Bull, J. P. McDermott and W.S. Choi -- Presented by: Feng Hui Luo ACM Computing Surveys, Vol. 26, No. 2, Sept. 1994

2 Outline Background Taxonomies of Security flaws Taxonomy by Genesis Conclusion Question

3 Background What is a security flaw in a program ? “A security flaw is a part of a program that can cause the system to violate its security requirements.” Why build taxonomies for computer security flaws? Learn from previous mistakes; Determine which areas of systems and processes need the most improvement; Seek better ways of building systems to meet security requirements. taxonomy: classification, division into ordered groups or categories.

4 Taxonomies of Security Flaws Taxonomy by genesis¹ -- How did the flaw enter the system ? Taxonomy by time of introduction -- When did the flaw enter the system ? Taxonomy by location -- Where in the system is the flaw manifest² ? 1. genesis: The coming into being of something; the origin. 2. manifest: Clearly apparent to the sight; appear introduced, found

5 Taxonomy by Genesis Intentional: Malicious Trojan Horse Non-Replicating Replicating Trapdoor Logic/Time bomb Non-malicious Convert channel Storage channel Timing channel Inadvertent: Validation error incomplete/inconsistent Domain error Serialization/aliasing Identification/authorization inadequate Boundary condition violation

6 Taxonomy by Time of Introduction During development: Requirement/specification/design Source code Object code During maintenance During operation

7 Software Operating System Memory management Process management Device management Supporting software Privileged Utilities Application software Hardware File management System initialization Identification/Authorization Taxonomy by Location Unprivileged Utilities

8 Easter Egg Vulnerability Easter egg is a piece of program insert into a commecial software product during the software development process and not meant to be part of the product. Security requirement: programs don’t have undocumented “features” which could be exploited as Trojan Horses. Example: Microsoft Excel 97 Fight Simulator Easter Egg: 1. On a new Worksheet, Press F5. 2. Type X97:L97 and hit enter 3. Press the tab key 4. Hold Ctrl-Shift 5. Click on the Chart Wizard toolbar button 6. Use mouse to fly around - Right button forward/ Left button reverse Let’s try to classify it using taxonomy by genesis.

9 Review Taxonomy by Genesis Intentional: Malicious Trojan Horse Non-Replicating Replicating Trapdoor Logic/Time bomb Non-malicious Convert channel Storage channel Timing channel Inadvertent: Validation error incomplete/inconsistent Domain error Serialization/aliasing Identification/authorization inadequate Boundary condition violation

10 Taxonomy by Genesis -- Intentional Malicious: Trojan horses: a program that disguises as a useful service but exploits program user’s rights. Virus: replicating itself by copying its code to another program files. Worm: replicating itself by creating new processes or files with its code.

11 Taxonomy by Genesis -- Intentional (Cont.) Malicious: Trapdoors: Pieces of code that response to special input, and allow unauthorized access to the system. Logic bomb/Time bomb: piece of code remains in the host system until a certain time or some events (or user actions) occur.

12 Taxonomy by Genesis -- Intentional (Cont.) Non-malicious Covert channel: a communication path in a computer system not intended by the system’s designers. Storage channel transfers information through bits (used to convey encoded information) setting by one program / bits reading by another. Timing channel: convey information by modulating system behavior over time to receive information of system behavior and infer protected information.

13 Possible Classification Solution to MS Excel 97 “Fly Simulator” Non-malicious: should be yes ? Covert channel: No Storage channel: No Timing channel: No Malicious: No ? Trojan horses: Yes Virus: No Worm: No Trapdoors: No ? Logic bomb/Time bomb: Yes, it is triggered by some user actions.

14 Conclusion: This paper proposed 3 taxonomies for security flaws in computer program. It provides an approach for evaluating problems in the system they built. The method of organizing security flaws helps to remove and prevent the introduction of security flaws. Limitation: The taxonomies were based on about 50 selected operating systems flaws, with no attempt to categorize flaws in application software (DBMS, Email etc.).

15 Question: Do you think the taxonomies in this paper are appropriate for the security flaw we found ? Is it easy to classify a security flaw or not?


Download ppt "A Taxonomy of Computer Program Security Flaws C. E. Landwehr, A. R. Bull, J. P. McDermott and W.S. Choi -- Presented by: Feng Hui Luo ACM Computing Surveys,"

Similar presentations


Ads by Google