Topic: security leaks and weaknesses

topics > computer science > Group: security

database security
distributed system security
limitations of system security
operating system security
reliability of distributed systems
security by audit trail
security of remotely executed code
security by secure domains
World-Wide Web
Subtopic: virus up

Quote: first computer virus (1971); self-propagating code which grabbed all available disk space [»daviA7_2006]

Subtopic: security problems up

Quote: a survey and taxonomy of actual security flaws [»landCE9_1994]
Quote: easily attacked Multics security via hardware, software, and procedures; extracted or modified sensitive data without detection; 250 manhours of effort [»kargPA6_1974]
Quote: security violations are: unauthorized release of information, modification of information, and denial of resource usage [»satyM8_1989]
Quote: computer security concerns unauthorized disclosure, unauthorized alteration, and denial of service [»mcleJ1_1990]
Quote: risks for computational email--destruction of resources, theft of resources, and deprivation of resources [»boreNS11_1992]
Quote: a security leak occurs if secret data is sent on a public channel instead of a secret channel

Subtopic: weakest link up

Quote: secure the weakest link in the attack tree; look at the entire vulnerability landscape [»schnB_2000]

Subtopic: complexity up

Quote: secure systems should be as simple as possible; complexity is the worst enemy of security [»schnB_2000]

Subtopic: evidence of attack up

Quote: storing the evidence of an attack on the computer under attack is mostly useless

Subtopic: simple failures up

Quote: cryptosystems fail because of organizational problems instead of high-tech attacks; blunders, insider information, or simplistic technical procedures [»andeRJ11_1994]
Quote: no matter what is done, small mistakes with large consequences will still occur; prolonged field testing is necessary for a payment system [»andeRJ5_1996]
Quote: most frauds were due to loopholes caused by design and management errors; exploited opportunistically by operators and customers; for example, shorting the 11 kV feeder to credit a meter [»andeRJ5_1996]
Quote: security setup constributes nothing to useful output; only noticed if audit or attack [»lampBW6_2004]

Subtopic: web attacks up

Quote: use PQL for runtime security protection; dynamically detect and correct SQL injection, cross-site scripting, and path traversal attacks [»martM10_2005]
Quote: URLs can leak authenticators through the Referer header, allows cross-site scripting attacks without eavesdropping [»fuK8_2001]

Subtopic: SQL injection attack up

Quote: precise, sound, efficient analysis for SQL injection; tracks user input non-terminals of a context-free grammar for string variables; tested with PHP [»wassG6_2007]
Quote: an SQL injection attack changes the intended syntactic structure of generated queries

Subtopic: weak password or protocol up

Quote: nearly all cryptographic failures due to protocol or password deficiences; e.g., using nine random characters to protect PGP's private keys [»lensAK9_2001]

Subtopic: buffer overrun up

Quote: Multics avoids buffer overflow -- PL/I strings have a fixed maximum length; data can not be executed; virtual addresses are segmented; stacks grew up instead of down [»kargPA12_2002]
Quote: NUL-terminated strings important for efficiency; allows fixed-length buffer that holds variable-length strings; problem of overrun [»jimT6_2002]
Quote: C allows pointer beyond end of array; leads to buffer overflow [»jimT6_2002]
Quote: tested reliability under system crash by injecting faults; random bit flips in kernel; imitate programming errors such as pointer corruption, copy overrun, off-by-one; most crashes happened within 15 seconds [»chenPM9_1996]
Quote: Java guarantees memory and type safety at runtime and compile time; programs cannot forge pointers, overrun arrays, or apply an operator to the wrong type [»hartPH12_2001]

Subtopic: out-of-thin-air up

Quote: disallow out-of-thin-air changes for incorrectly synchronized code; e.g., x,y=0; y=x and x=y; x==42 [»mansJ1_2005]

Subtopic: covert channel, out-of-channel signaling up

Quote: can circumvent a security system by out-of-channel signaling, e.g., by toggling use of a file [»dennPJ_1980]
Quote: secure file manager maintains a complete history of the last five minutes; prevents frequent versions of the same file for a pattern-of-use channel [»rushJ7_1983]
Quote: can use statistical methods to violate security of access-control systems [»dennPJ_1980]
Quote: a secure kernel still may prevent access due to poor scheduling, or communicate implementation via behavior under load [»robiL9_1975, OK]
Quote: covert channel analysis--bound the rate that high-level input can effect low-level output [»mcleJ1_1990]
Quote: covert channels easily leak a cryptographic key; created through a shared resource such as white space [»schnB_2000]
Quote: secure systems need to confine data to a domain; problems if share resource, e.g., channel of 'disk hits' allows 70baud
Quote: remotely-loaded code may have security flaws. For example, Java has many security flaws such as covert channels and lacking a formal security policy [»deanD5_1996]

Subtopic: insecure language up

Quote: Microsoft gave up on security by adding C and C++ to the CLR; unsafe regions in C# allow unrestricted pointer operations [»allmE7_2004]
Quote: Cyclone is a safe dialect of C; avoids buffer overflows, format string attacks, and memory management errors; static analysis plus run-time checks and annotations [»jimT6_2002]

Subtopic: denial of service up

Quote: Andrew does not guarantee resource denial; e.g., flooding network with packets has no clear solution
Quote: EROS truncates messages to undefined destinations; otherwise, fault handlers may lead to denial-of-service, buffering creates local state, and timeouts are not repeatable under load [»shapJS1_2002]
Quote: computer security concerns unauthorized disclosure, unauthorized alteration, and denial of service [»mcleJ1_1990]
Quote: survey of denial of service attacks, Internet vulnerabilities, defense mechanisms, and countermeasures [»pengT4_2007]
Quote: botnet software supports SYN flood, ICMP flood, HTTP flood, and denial of service configuration; update to maximize the similarity between attack trafic and normal traffic [»pengT4_2007]
Quote: denial of service defense requires cooperation between ISPs to block malicious traffic near its source [»pengT4_2007]

Subtopic: trap door up

Quote: QA and ethical hacks are useless against trap doors triggered by a unique key [»kargPA12_2002]
Quote: easily demonstrated malicious software attacks; e.g., a trap door triggered by a password, not found by quality assurance [»kargPA12_2002]
Quote: invisible trap door in a compiler that installed trap doors into Multics; used by Ken Thompson [»kargPA12_2002]
Quote: can recompile the C compiler to introduce Trojan horse bugs invisibly [»thomK8_1984]
Quote: a compiler or assembler can insert a trap door when compiling a ring 0 module; hidden even when recompiling the compiler [»kargPA6_1974]
Quote: use system initialization code to insert trap doors as the system is booted; initialization is complex and poorly understood [»kargPA6_1974]
Quote: conventional computer systems do not enforce multilevel security; subverted by trap doors and trojan horses [»rushJ7_1983]
Quote: the World Wide Military Command and Control System was developed and deployed by uncleared personnel using an open time sharing system; vulnerable to trap door insertions [»kargPA6_1974]

Subtopic: man-in-the-middle up

Quote: verify the integrity of an embedded device by computing partial hash of its contents; problem of man in the middle attack [»spinD2_2000]
Quote: an active adversary can see and modify all communications traffic; e.g., a proxy service and man-in-the-middle attacks [»fuK8_2001]
Quote: public-key cryptosystems are vulnerable to forgery and man-in-the-middle attacks [»zimmPR_1995]

Subtopic: remote code up

Quote: remotely-loaded code may have security flaws. For example, Java has many security flaws such as covert channels and lacking a formal security policy [»deanD5_1996]

Subtopic: superuser access up

Quote: an active security mechanism builds a security envelope between clients and storage; system administrators have full access
Quote: the Unix super-user has unrestricted access rights [»ritcDM7_1978a]

Subtopic: replay attack up

Quote: synchronized clocks in Kerberos reject replay attacks without cost of challenge-response protocols; every connection has a new session-key; uses a replay cache [»daviD6_1995]
Quote: an eavesdropping adversary can see, but not modify, traffic between users and server; can replay authenticators and act as an interrogative adversary [»fuK8_2001]
Quote: Andrew's authentication procedure depends on a shared, encrypted handshake key; randomized to prevent replay attacks [»satyM8_1989]

Subtopic: phishing up

Quote: SSL establishes a secure connection between a browser and an unknown SSL server; users ought to check the SSL certificate that identifies the server [»schnB_2000]

Subtopic: adaptive attack up

Quote: fast public-key encryption based on modular squaring; secure against an adaptive chosen-ciphertext attack [»nishM12_2001]

Subtopic: masquerade attack up

Quote: a call-back, prevents a site from masquerading as another site [»nowiDA8_1978]
Quote: can catch masquerades if each machine maintains a sequence count with other machines and verifies the previous count [»nowiDA8_1978]

Subtopic: audit attack up

Quote: an attacker can bypass the auditing capabilities of a security system by erasing evidence [»kargPA12_2002]

Subtopic: cryptographic key size up

Quote: guidelines for selecting the cryptographic key size; acceptable security for commercial applications [»lensAK9_2001]

Subtopic: hardware failures up

Quote: the subverter frequently sampled the security sensitive hardware; identified code that allowed illegal access to a protected segment; was due to a field modification [»kargPA6_1974]

Subtopic: soft memory attack up

Quote: can write a Java or .NET program so that most memory errors break security of the virtual machine; defend with error-correcting memory [»goviS5_2003]
Quote: computers do not guarantee absence of hardware faults; breaks proof of soundness of link-time type-checking; e.g., cosmic rays or heat-induced faults

Related Topics up

Topic: database security (12 items)
Topic: distributed system security (17 items)
Topic: encryption (45 items)
Topic: limitations of system security (39 items)
Topic: operating system security (18 items)
Topic: reliability of distributed systems (35 items)
Topic: security by audit trail (18 items)
Topic: security of remotely executed code (24 items)
Topic: security by secure domains (45 items)
Topic: World-Wide Web
(42 items)

Updated barberCB 6/05
Copyright © 2002-2008 by C. Bradford Barber. All rights reserved.
Thesa is a trademark of C. Bradford Barber.