Security analysis and enhancements of computer operating systems

Abbott, R.P.; Chin, Jay; Donnelley, James E.; Konigsford, William L.; Tokubo, S.; Webb, D. A.

doi:10.6028/nbs.ir.76-1041

Cited by 71 publications

(61 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Earlier, in the infancy of penetration testing, it was believed that flaws would fall into recognizable patterns, and tools could be built to seek out these generic pattern during penetration testing [ABB076,CARL75,HOLL74,TRAT76]. Unfortunately, the large number of different processors, operating systems, and programming languages used to build TCBs, with their different syntax and semantics made it difficult and impractical to apply such pattern-matching tools to penetration testing.…”

Section: Automated Aidsmentioning

confidence: 99%

Protective Mechanisms against Apoptic Neurodegeneration in the Substantia Nigra

Aronin¹

2000

View full text Add to dashboard Cite

Subject Terms Document Classification unclassified Classification of SF298 unclassified Classification of Abstract unclassified Limitation of Abstract unlimited Number of Pages 66 REPORT DOCUMENTATION PAGEForm Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing this collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA 22202-4302, and Penetration testing is required for National Computer Security Center (NCSC) security evaluations of systems and products for the B2, B3, and Al class ratings of the Trusted Computer System Evaluation Criteria (TCSEC). This guideline is a definitive statement of what constitutes good penetration testing, where it fits in the DOD Standard Software Engineering and TCSEC life cycles, and how it is done according to the best available practice, the Flaw Hypothesis Methodology (PHM). A review of theTCSEC assurance products is presented, as they form evidence of a chain of reasoning on the compliance of the target system to a given evaluation class, and against which penetration testing is mounted. Flaws in the evidence are the products of penetration testing. To exemplify the methodology, results of past experience are provided throughout. The guideline concludes with a short review of new R&D approaches broadly considered penetration testing. An extensive bibliography is provided of work in the field, as are a set of Appendices that provide practical management guidance in planning and performing penetration testing. PHM). A review of the TCSEC assurance products is presented, as they form evidence of a chain of reasoning on the compliance of the target system to a given evaluation class, and against which penetration testing is mounted. Flaws in the evidence are the products of penetration testing. To exemplify the methodology, results of past experience are provided throughout. The guideline concludes with a short review of new R&D approaches broadly considered penetration testing. An extensive bibliography is provided of work in the field, as are a set of Appendices that provide practical management guidance in planning and performing penetration testing.

show abstract

Section: Automated Aidsmentioning

confidence: 99%

Protective Mechanisms against Apoptic Neurodegeneration in the Substantia Nigra

Aronin¹

2000

View full text Add to dashboard Cite

show abstract

“…We've previously used a method 5,6 in which we chose a set of experiments because they covered all classes of two flaw domains, as enumerated in the seminal Research into Secure Operating Systems (RISOS) and Protection Analysis (PA) reports, 7,8 which are generally accepted as complete. (Note: when referring to the classes enumerated in the PA report, we use the revised hierarchy described by Peter Neumann.…”

Section: Our Idea For Designing Experimentsmentioning

confidence: 99%

I Am a Scientist, Not a Philosopher!

Peisert

Bishop

2007

IEEE Secur. Privacy Mag.

View full text Add to dashboard Cite

“…One, the RISOS study [1], focused on flaws in operating systems; the other, the Program Analysis (PA) study [4], included both operating systems and programs. Interestingly enough, the taxonomies both presented were similar, in that the classes of flaws could be mapped to one another.…”

Section: Introductionmentioning

confidence: 99%

A Critical Analysis of Vulnerability Taxonomies

Bishop¹,

Bailey²

1996

View full text Add to dashboard Cite

Security analysis and enhancements of computer operating systems

Cited by 71 publications

References 5 publications

Protective Mechanisms against Apoptic Neurodegeneration in the Substantia Nigra

Protective Mechanisms against Apoptic Neurodegeneration in the Substantia Nigra

I Am a Scientist, Not a Philosopher!

A Critical Analysis of Vulnerability Taxonomies

Contact Info

Product

Resources

About