Abstract

This note presents a new model for classifying vulnerabilities in computer systems. The model is structurally different than earlier models, It decomposes vulnerabilities into small parts, called "primitive conditions. " Our hypothesis is that by examining systems for these conditions, we can detect vulnerabilities. By preventing these conditions from holding, we can prevent vulnerabilities from occurring, even if we do not know that the vulnerability exists. A formal basis for this model is presented. An informal, experimental method of validation for non- secure systems is described. If the model accurately describes existing systems, it guides the development of tools to analyze systems for vulnerabilities. 1.

Citations

119	Checking for race conditions in file accesses - Bishop, Dilger - 1996
104	Automated detection of vulnerabilities in privileged programs by execution monitoring - KO, FINK, et al. - 1994
53	A Tour of the Worm - Seeley
43	Security Analysis and Enhancements of Computer Operating Systems - Abbott
31	A Taxonomy of Security Faults in the UNIX Operating System - Aslam - 1995
27	Protection Analysis Project Final Report - Bisbey, Hollingsworth - 1978
25	Property-Based Testing of Privileged Programs - Fink, Levitt - 1994
24	A Provably Secure Operating System - Neumann
24	Attack Class: Address Spoofing - Heberlein, Bishop - 1996
12	Computer System Security Evaluation - Neumann
10	et al., A Taxonomy of Computer Program Security Flaws. Computing Surveys - Landwehr - 1994
9	Takedown: The Pursuit and Capture of Kevin Mitnick, America's Most Wanted Computer Outlaw--By the Man Who Did It - Shimomure, Markoff - 1996
2	The Structure of the THE Multiprogramming System - Djikstra - 1968
2	Discovering Security and Safety Flaws Using Property Based Testing - Fink - 1996
1	Software Vulnerability Analysis, in Department of Computer Sciences - Krsul - 1998