150 likes | 244 Views
A Taxonomy of Computer Program Security Flaws C. E. Landwehr, A. R. Bull, J. P. McDermott and W.S. Choi. -- Presented by: Feng Hui Luo. ACM Computing Surveys, Vol. 26, No. 2, Sept. 1994. Outline. Background Taxonomies of Security flaws Taxonomy by Genesis Conclusion Question. Background.
E N D
A Taxonomy of Computer Program Security FlawsC. E. Landwehr, A. R. Bull, J. P. McDermott and W.S. Choi -- Presented by: Feng Hui Luo ACM Computing Surveys, Vol. 26, No. 2, Sept. 1994
Outline • Background • Taxonomies of Security flaws • Taxonomy by Genesis • Conclusion • Question
Background • What is a security flaw in a program ? • “A security flaw is a part of a program that can cause the system to violate its security requirements.” • Why build taxonomies for computer security flaws? • Learn from previous mistakes; • Determine which areas of systems and processes need the most improvement; • Seek better ways of building systems to meet security requirements. taxonomy:classification, division into ordered groups or categories.
Taxonomies of Security Flaws • Taxonomy by genesis¹ -- How did the flaw enter the system ? • Taxonomy by time of introduction -- When did the flaw enter the system ? • Taxonomy by location -- Where in the system is the flaw manifest² ? 1. genesis: The coming into being of something; the origin. 2. manifest: Clearly apparent to the sight; appear introduced, found
Intentional: Malicious Trojan Horse Non-Replicating Replicating Trapdoor Logic/Time bomb Non-malicious Convert channel Storage channel Timing channel Inadvertent: Validation error incomplete/inconsistent Domain error Serialization/aliasing Identification/authorization inadequate Boundary condition violation Taxonomy by Genesis
Taxonomy by Time of Introduction • During development: • Requirement/specification/design • Source code • Object code • During maintenance • During operation
Taxonomy by Location Software • Operating System • Memory management • Process management • Device management • Supporting software • Privileged Utilities • Application software Hardware • File management • System initialization • Identification/Authorization • Unprivileged Utilities
Easter Egg Vulnerability • Easter egg is a piece of program insert into a commecial software product during the software development processand not meant to be part of the product. • Security requirement: programs don’t have undocumented “features” which could be exploited as Trojan Horses. • Example: Microsoft Excel 97 Fight SimulatorEaster Egg: 1.On a new Worksheet, Press F5. 2. Type X97:L97 and hit enter 3. Press the tab key 4. Hold Ctrl-Shift 5. Click on the Chart Wizard toolbar button 6. Use mouse to fly around - Right button forward/ Left button reverse • Let’s try to classify it using taxonomy by genesis.
Intentional: Malicious Trojan Horse Non-Replicating Replicating Trapdoor Logic/Time bomb Non-malicious Convert channel Storage channel Timing channel Inadvertent: Validation error incomplete/inconsistent Domain error Serialization/aliasing Identification/authorization inadequate Boundary condition violation Review Taxonomy by Genesis
Taxonomy by Genesis -- Intentional • Malicious: • Trojan horses: a program that disguises as a useful service butexploits program user’s rights. • Virus: replicating itself by copying its code to another program files. • Worm: replicating itself by creating new processes or files with its code.
Taxonomy by Genesis -- Intentional (Cont.) • Malicious: • Trapdoors: Pieces of code that response to special input, and allow unauthorized access to the system. • Logic bomb/Time bomb: piece of code remains in the host system until a certain time or some events (or user actions) occur.
Taxonomy by Genesis -- Intentional (Cont.) • Non-malicious • Covert channel: a communication path in a computer system not intended by the system’s designers. • Storage channel transfers information through bits (used to convey encoded information) setting by one program / bits reading by another. • Timing channel: convey information by modulating system behavior over time to receive information of system behavior and infer protected information.
Possible Classification Solution to MS Excel 97 “Fly Simulator” • Non-malicious: should be yes ? • Covert channel: No • Storage channel: No • Timing channel: No • Malicious: No ? • Trojan horses: Yes • Virus: No • Worm: No • Trapdoors: No ? • Logic bomb/Time bomb: Yes, it is triggered by some user actions.
Conclusion: • This paper proposed 3 taxonomies for security flaws in computer program. • It provides an approach for evaluating problems in the system they built. • The method of organizing security flaws helps to remove and prevent the introduction of security flaws. • Limitation: The taxonomies were based on about 50 selected operating systems flaws, with no attempt to categorize flaws in application software (DBMS, Email etc.).
Question: Do you think the taxonomies in this paper are appropriate for the security flaw we found ? Is it easy to classify a security flaw or not?