Generated Fri Oct 22 07:13:02 PDT 1999 by fc@red.all.net


Linde75
  • [Linde75] R. R. Linde, Operating System Penetration, AIFIPS National Computer Conference (1975):361--368. [This paper described many of the common techniques for operating systems penetration and how systems could be designed to defend against them. System flaws include IO Control flaws, program and data sharing flaws, access control flaws, installation, management, and operational control flaws, auditing and surveillance flaws, and non-software weaknesses. Areas where generic system functional flaws are listed as including authentication, documentation, encryption, error detection, implementation, implicit trust, implied sharing, interprocess communication, legality checking, line disconnect, modularity, operator carelessness, parameter passing by references vs. by value, passwords, penetrator entrapment, personnel inefficiency, privity, program confinement, prohibitions, residue, magnetic media, security design omissions, shielding, threshold values, use of test and set, utilities. Generic operating system attacks are listed as including asynchronous, browsing, between-lines (terminal man-in-the-middle) clandestine code, denial of access, error inducement, interacting synchronized processes, line disconnect, masquerade, NAK attack, operator spoofing, permutation programming, piecewise decomposition, piggybacking, Trojan horse, unexpected operations, unexpected parameters, and wire tapping.]


    fc@red.all.net