[我研究] A Software Flaw Taxonomy: Aiming Tools At Security
Sam Weber, Paul A. Karger, Amit Paradkar@IBM watson
Software Engineering for Secure Systems – Building Trustworthy Applications (SESS’05)
主要工作:
security flaw taxonomy - an ordered system that indicates natural relationships of security flaws
术语区分:
vulnerabilities - a hostile entity can successfully violate a system’s security
attacks - the tool or technique with which an attacker will attempt to detect and exploit a vulnerability.
Flaw和vulnerability的关系:
A flaw is a defect in a system which can result in a security violation
Every vulnerability must be due to at least one flaw, but it is possible for a flaw not to cause any vulnerability: the flaw might be masked by another part of the system. Additionally, different flaws
might result in the same vulnerability.
Flaw taxonomies与code inspection tool designer相关
vulnerability -> always exploitable
Related work - flaw taxonomies:
RISOS project [1] - OS Flaws
Protection Analysis project [9]
Landwehr [23] - 从三个维度进行分类
1、genesis - 如何被引入
1.1 intentional
1.1.1 malicious
1.1.2 non-malicious
1.2 inadvertent
2、time of introduction - 在开发流程中的哪个阶段产生
3、location - 在哪个component里面
作者认为分类方法应该是目标驱动的。
Flaw Taxonomy
相关的应用
Chen and Wagner [14] - Unix Security Model
Zhang, Edwards and Jaeger [34] - discover improper placement of authorization calls in the Linux kernel
1
9
14
23
34