Goal: develop techniques to search for vulnerabilities that less experienced people could use
Improper protection (initialization and enforcement)
Improper choice of initial protection domain: incorrect initial assignment of security or integrity level; a security critical function manipulating critical data directly accessible to the user;
Improper isolation of implementation detail: allowing users to bypass operating system controls and write to absolute input/output addresses; direct manipulation of a “hidden” data structure such as a directory file being written to as if it were a regular file; drawing inferences from paging activity
Improper change: the “time-of-check to time-of-use” flaw; changing a parameter unexpectedly;
Improper naming: allowing two different objects to have the same name, resulting in confusion over which is referenced;
Improper deallocation or deletion: leaving old data in memory deallocated by one process and reallocated to another; failing to end a session properly
Improper validation: not checking critical conditions and parameters, so a process addresses memory not in its memory space by referencing through an out-of-bounds pointer value; allowing type clashes; overflows
Improper sequencing: allowing actions in an incorrect order (e.g. reading during writing)
Improper choice of operand or operation: using unfair scheduling algorithms that block certain processes or users from running; using the wrong function or wrong arguments.
NRL
Goal: Find out how vulnerabilities enter the system, when they enter the system, and where they are
Axis 1: inadvertent (RISOS classes) vs. intentional (malicious/nonmalicious)
Axis 2: time of introduction (development, maintenance, operation)
Axis 3: location (hardware, software: OS, support utilities, applications)
Aslam
Goal: Treat vulnerabilities as faults
Coding faults: introduced during software development
Synchronization errors
Validation errors
Emergent faults: introduced by incorrect initialization, use, or application
Configuration errors
Environment faults
Introduced decision procedure to classify vulnerabilities in exactly one category
Classical Cryptography
Monoalphabetic (simple substitution): f(a) = a + k mod n
Example: Caesar with k = 3, RENAISSANCE → UHQDLVVDQFH
Polyalphabetic: Vigenère, fi(a) = a + ki mod n
Cryptanalysis: first do index of coincidence to see if it is monoalphabetic or polyalphabetic, then Kasiski method.
Problem: eliminate periodicity of key
Perfect secrecy
When the probability of computing the plaintext message is the same whether or not you have the ciphertext
Only cipher with perfect secrecy: one-time pads; C = AZPR; is that DOIT or DONT?
