A Taxonomy of Security Faults in the Unix Operating System
Total Page:16
File Type:pdf, Size:1020Kb
ATAXONOMY OF SECURITY FAULTS IN THE UNIX OPERATING SYSTEM A Thesis Submitted to the Faculty of Purdue University by Taimur Aslam In Partial Fulllment of the Requirements for the Degree of Master of Science August ii This thesis is dedicated to my parents iii ACKNOWLEDGMENTS Iwould like to thank my thesis advisor Dr Eugene Spaord for guiding me through my reaserch Dr Spaord provided me the insight to tackle dierent problems read several drafts of the thesis and made invaluable comments I also thank him for b eing so patient and willing to work with myoddschedule I also thank my committee memb ers Dr AdityaMathur Dr Samuel Wagsta Dr Michal Young Dr William Gorman provided invaluable feedbacktoimprove the format of this thesis I am greatly indebted to myparents for their supp ort and encouragementover the years I would not have b een able to make it this far without their supp ort I am also grateful to my sister for her supp ort in so many dierentendeavors and for b eing a great friend I thank Dan Schikore Mark Crosbie Steve Lo din and Muhammad Tariq who pro ofread manuscripts of my thesis and made invaluable comments Thanks to all my friends and everyb o dy in the COAST lab who provided much needed supp ort and made sure that I maintained my sanity ThankstoFrank Wang for implementing the frontend to the database prototyp e This acknowledgementwould not b e complete without mentioning Sadaf and some vealways b een an inspiration to me very sp ecial p eople who ha This work was supp orted in part by gifts from Sun Microsystems Bell Northern Research and Hughes Research Lab oratories equipment loaned to the COAST group by the US Air Force and a contract with Trident Data Systems This supp ort is gratefully acknowledged THIS PAGE IS INTENTIONALLY LEFT BLANK iv TABLE OF CONTENTS Page LIST OF TABLES vii LIST OF FIGURES viii ABSTRACT ix An Overview of Software Testing Metho ds Provable Security and Formal Metho ds SecurityTesting Applications of Fault Categories Organization of the Thesis RELATED WORK Protection Analysis Pro ject RISOS Pro ject Flaw Hyp othesis Metho dology Case Study Penetration Analysis of the Michigan Terminal System Software Fault Studies Fault Categories Errors of T X E ATaxonomy of Computer Program SecurityFlaws yFault Classication Schemes Comparison of Securit ATAXONOMY OF SECURITY FAULTS IN THE UNIX OPERATING SYSTEM ATaxonomy of SecurityFaults Conguration Errors Examples Synchronization Errors Example Condition Validation Errors v Page Examples EnvironmentFaults Example Selection Criteria DESIGN OF THE VULNERABILITY DATABASE Motivation Entity Relation Mo del EntityAttributes Entity Relation Diagram EntityIntegrity Constraints Referential Integrity Constraints Op eration on the Relations Requirements Analysis Design Issues Database Kernel Representation of Relations Vulnerability Database Interface terface User In Integrity Constraints EntityIntegrity Constraints Referential Integrity Constraints Template Representation Data Sources Requirements Analysis Design Issues Database Kernel Representation of Relations Vulnerability Database Interface User Interface Integrity Constraints EntityIntegrity Constraints Referential Integrity Constraints Template Representation Data Sources SECURITY FAULT DETECTION TECHNIQUES Static Analysis Symbolic Testing Path Analysis and Testing vi Page Functional Testing Syntax Testing Mutation Testing Condition Validation Errors Boundary Condition Errors Input Validation Errors Access RightValidation Errors Origin Validation Errors Failure to Handle Exceptional Conditions Environment Errors Synchronization Faults Conguration Errors Summary CONCLUSIONS AND FUTURE WORK BIBLIOGRAPHY APPENDICES App endix A Description of Software Fault Studies App endix B ATaxonomyofUnixVulnerabilities vii LIST OF TABLES Table Page Percentage of Errors Detected Fault Categories by Rub ey Fault Categories byWeiss Comparative Results byPotier Bug Statistics by Beizer VulnerabilityEntityAttributes Op erating System EntityAttributes PatchInfoAttributes Vulnerability Database Interface Functions Op erations on Relations Vulnerability Database Interface Functions Comparison of Dierent Software Testing Metho ds App endix Table viii LIST OF FIGURES Figure Page A Conventional TaxonomyofSoftware Mo deling and Analysis Techniques Eort vs Testing Metho ds Relationship b etween Testing Metho ds and the Design Pro cess TaxonomyofFaults Selection Criteria for Fault Classication Entity Relation Diagram Referential Integrity Constraints Vulnerability Database Vulnerability Database Commands Screen Function Interface Help Window Vulnerability Database Vulnerability Database Commands Screen Function Interface Help Window App endix Figure ix ABSTRACT Taimur Aslam MS Purdue University August A Taxonomy of SecurityFaults in the Unix Op erating System Ma jor Professor Eugene H Spaord Security in computer systems is imp ortant to ensure reliable op eration and protect the integrity of stored information Faults in the implementation can b e exploited to breach security and p enetrate an op erating system These faults must b e identied detected and corrected to ensure reliability and safeguard against denial of service unauthorized mo dication of data or disclosure of information We dene a classication of security faults in the Unix op erating system Westate the criteria used to categorize the faults and present examples of the dierentfault typ es We present the design and implementation details of a database to store vulner ability information collected from dierent sources The data is organized according to our fault categories The information in the database can b e applied in static audit analysis of systems intrusion detection and fault detection We also identify and describ e software testing metho ds that should b e eective in detecting dierent faults in our classication scheme Security is dened relativetoapolicyandinvolves the protection of resources from accidental or malicious disclosure mo dication or destruction web Computer security can b e broadly categorized as Physical security Physical security is the protection of computer facilities against physical threats and environmental hazards It involves the use of lo cks identi cation badges guards p ersonnel clearances and other administrative measures to control the ability to approach communicate with or otherwise make use of any material or comp onent of a data pro cessing system A Information security Information security is the protection of data against acci dental or unauthorized destruction mo dication or disclosure It involves b oth physical security measures and controlled access techniques A Interest in computer security stemmed from protecting information related to matters of national security and grew as computers were used to store medical and nancial records of individuals and proprietary information for business organizations Zwa The security of a computer system is dened by security requirements and is implemented using a security p olicy The requirements vary according to the level of security desired Computer systems op erate with implicit trust the reliabilityof a computer system dep ends on the reliability of its comp onents The securityofa computer system thus involves security of its hardware and software comp onents The critical role played by op erating systems in the op eration of computer systems mak es them prime targets for malicious attacks An op erating system is p enetrated if an unauthorized user gains access to the system or if an authorized user causes a security breachby exploiting a aw in the source co de A total system penetration o ccurs when an unprivileged user gains the ability to execute privileged commands H A p enetration of a system can lead to one or more of the following conse quences Den BS Lin Denial of service Users may b e denied access to legitimate services Degradation of p erformance Performance can b e so p o or that the system is not usable Disclosure of information A user gains unauthorized access to protected infor mation Mo dication of data A user mo dies information in an unauthorized manner Security breaches result from op erational faults co ding faults or environment