Level 126 Level 128
Level 127

Taxonomy of Computer Program Flaws


11 words 0 ignored

Ready to learn       Ready to review

Ignore words

Check the boxes below to ignore/unignore words, then click save at the bottom. Ignored words will never appear in any learning session.

All None

Ignore?
What is the very first approach to program security?
Penetrate and Patch; Use of Tiger teams or Patch and Pray Model
Tiger Teams
Expose a system to many attacks, patch the most critical bugs, and repeat the process
Patch and Pray model
A never ending game
(Flaw Hypothesis) Map System
Become familiar with the details of how the system works and control structure
(Flaw Hypothesis) Hypothesize
Generate guesses as to where flaws might exist in the system
(Flaw Hypothesis) Test
Use system documentation and tests to confirm the presence of a flaw
(Flaw Hypothesis) Generalize
Generalize the confirmed flaws and use this information to guide further efforts
Covert Channels
Information flow not intended by system developers; Unintended means of communication in violation of security policy
(Covert Channel) Storage Channels
Convey information by setting bits by one program and reading bits by another
(Covert Channel) Timing Channels
Convey information by modulating some aspect of system behavior over time
How does a security engineer check for Storage Covert Channels?
With a Shared Resource Matrix where rows are objects and columns are processes; To analyze in a shared resource environment trace the journey from the data source; Information leaks along the way will eventually end in a data sink