[我研究] A Software Flaw Taxonomy: Aiming Tools At Security

Sam Weber, Paul A. Karger, Amit Paradkar@IBM watson

Software Engineering for Secure Systems – Building Trustworthy Applications (SESS’05)

主要工作：

security flaw taxonomy - an ordered system that indicates natural relationships of security flaws

术语区分：

vulnerabilities - a hostile entity can successfully violate a system’s security

attacks - the tool or technique with which an attacker will attempt to detect and exploit a vulnerability.

Flaw和vulnerability的关系：

A flaw is a defect in a system which can result in a security violation

Every vulnerability must be due to at least one flaw, but it is possible for a flaw not to cause any vulnerability: the flaw might be masked by another part of the system. Additionally, different flaws
might result in the same vulnerability.

Flaw taxonomies与code inspection tool designer相关

vulnerability -> always exploitable

Related work - flaw taxonomies:

RISOS project [1] - OS Flaws

Protection Analysis project [9]

Landwehr [23] - 从三个维度进行分类

1、genesis - 如何被引入

1.1 intentional

1.1.1 malicious

1.1.2 non-malicious

1.2 inadvertent

2、time of introduction - 在开发流程中的哪个阶段产生

3、location - 在哪个component里面

作者认为分类方法应该是目标驱动的。

Flaw Taxonomy

相关的应用

Chen and Wagner [14] - Unix Security Model

Zhang, Edwards and Jaeger [34] - discover improper placement of authorization calls in the Linux kernel

1

9

14

23

34