Outline for October 13, 2006

Reading: §23.3–23.4

  1. Greetings and felicitations!
    1. Puzzle of the day
  2. Examples of Flaw Hypothesis Methodology
    1. Burroughs system
  3. Vulnerability Models
    1. PA model
    2. RISOS
    3. NRL
    4. Aslam
  4. Example Flaws
    1. fingerd buffer overflow
    2. xterm race condition
  5. RISOS
    1. Goal: Aid managers, others in understanding security issues in OSes, and work required to make them more secure
    2. Incomplete parameter validation—failing to check that a parameter used as an array index is in the range of the array;
You can also obtain a PDF version of this. Version of October 16, 2006 at 9:25 AM