[我研究] A TAXONOMY OF SECURITY FAULTS IN THE UNIX OPERATING SYSTEM - Master Thesis
1、实现过程中会引入fault
2、fault database,并且进行分类,对于classification scheme中的不同类别提出不同的测试方法
弄这个database的作用有三:一,static audit analysis;二,intrusion detection;三,fault detection
并且可以让fault prevention和detection的过程更加系统化;database里面包含两部分信息:vulnerability information和security patch information
问题:这里的fault能否和flaw等同?fault的定义是什么?
3、分类的原因:
A fault classification scheme can be used to categorize faults that share a common characteristic. The categories can be used to collect statistics about faults and devise methods for fault prevention and detection. Beizer [Bei83] summarized the importance of fault classifications as:
"It is important to establish categories for bugs if you take the goal of bug prevention seriously. If a particular kind of bug recurs or seems to dominate the kinds of bugs you have, then it is possible through education, training, new controls, revised controls, documentation, inspection, and a variety of other methods to reduce the incidence of that kind of bug. If you have no statistics on the frequency of bugs, you cannot have a rational perspective on where and how to allocate your limited bug prevention resources."
4、安全破坏的三种原因:
4.1 operational fault
4.2 coding fault
4.3 environment fault
5、传统方法不给力
penetrate & patch paradigm [Sch79a]
6、security testing的作用 [Bei83] - 一本书 Software Testing Techniques
confidence in the security measure
缺乏系统的security testing的方法,现在有两种:
一、penetration analysis - 需要一个tiger team,而且效果依赖于这个团队的能力[Lin75, H+80, Wil81, AMP76]
二、formal verification -[MD79]
7、一些penetrating analysis的例子
7.1 Protection Analysis (PA) Project (1970')
它无法完成原定的自动error detection process的目标,使用的方法为pattern-directed approach
7.2 PISOS项目
7.3 Flaw Hypothesis Methodology
有许多成功的案例
8、static方法和dynamic方法的比较
各有所长,而且可以作为一个互补