[我研究] A TAXONOMY OF SECURITY FAULTS IN THE UNIX OPERATING SYSTEM - Master Thesis
1、實(shí)現(xiàn)過(guò)程中會(huì)引入fault
2、fault database,并且進(jìn)行分類(lèi),對(duì)于classification scheme中的不同類(lèi)別提出不同的測(cè)試方法
弄這個(gè)database的作用有三:一,static audit analysis;二,intrusion detection;三,fault detection
并且可以讓fault prevention和detection的過(guò)程更加系統(tǒng)化;database里面包含兩部分信息:vulnerability information和security patch information
問(wèn)題:這里的fault能否和flaw等同?fault的定義是什么?
3、分類(lèi)的原因:
A fault classification scheme can be used to categorize faults that share a common characteristic. The categories can be used to collect statistics about faults and devise methods for fault prevention and detection. Beizer [Bei83] summarized the importance of fault classifications as:
"It is important to establish categories for bugs if you take the goal of bug prevention seriously. If a particular kind of bug recurs or seems to dominate the kinds of bugs you have, then it is possible through education, training, new controls, revised controls, documentation, inspection, and a variety of other methods to reduce the incidence of that kind of bug. If you have no statistics on the frequency of bugs, you cannot have a rational perspective on where and how to allocate your limited bug prevention resources."
4、安全破壞的三種原因:
4.1 operational fault
4.2 coding fault
4.3 environment fault
5、傳統(tǒng)方法不給力
penetrate & patch paradigm [Sch79a]
6、security testing的作用 [Bei83] - 一本書(shū) Software Testing Techniques
confidence in the security measure
缺乏系統(tǒng)的security testing的方法,現(xiàn)在有兩種:
一、penetration analysis - 需要一個(gè)tiger team,而且效果依賴于這個(gè)團(tuán)隊(duì)的能力[Lin75, H+80, Wil81, AMP76]
二、formal verification -[MD79]
7、一些penetrating analysis的例子
7.1 Protection Analysis (PA) Project (1970')
它無(wú)法完成原定的自動(dòng)error detection process的目標(biāo),使用的方法為pattern-directed approach
7.2 PISOS項(xiàng)目
7.3 Flaw Hypothesis Methodology
有許多成功的案例
8、static方法和dynamic方法的比較
各有所長(zhǎng),而且可以作為一個(gè)互補(bǔ)
轉(zhuǎn)載于:https://www.cnblogs.com/wanzhiyuan/archive/2011/08/19/2145741.html
總結(jié)
以上是生活随笔為你收集整理的[我研究] A TAXONOMY OF SECURITY FAULTS IN THE UNIX OPERATING SYSTEM - Master Thesis的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
- 上一篇: WinForm 中 comboBox控件
- 下一篇: [转】:Android调试工具及方法