Detection of the Operating System Configuration Vulnerabilities with Safety Evaluation Facility

Peter D. Zegzhda, Dmitry P. Zegzhda, Maxim O. Kalinin

Abstract

In this paper, we address to formal verification methodologies and the system analyzing facility to verify property of the operating systems safety. Using our technique it becomes possible to discover security drawbacks in any IT-system based on access control model of 'state machine' style. Through our case study of model checking in Sample Vulnerability Checking (SVC), we show how the evaluation tool can be applied in Microsoft Windows 2000 to specify and verify safety problem of system security.

References

  1. J. McLean. Security Model, In Encyclopedia of Software Engineering, Wiley Press, 1994.
  2. J. Goguen and J. Meseguer. Security Policies and security models, In Proceedings of the 1982 IEEE Symp. on Research in Security and Privacy, IEEE Computer Security Press.
  3. L.J. LaPadula and D.E. Bell. Secure computer systems: A mathematical model, ESD-TR278, VOL.2, The Mitre Corp., Bedford, MA, 1973.
  4. M.H. Harrison, W.L. R.uzzo, and J.D. Ullman. Protection in operating systems, Communications of the ACM, 19(8):461-471, 1976.
  5. M. Bishop and L. Snyder. The transfer of information and authority in a protection system, In Proceedings of the 7th ACM Symp. on Operating System Principles, pp. 45-54, 1979.
  6. S. Castano, M.G. Fugini, G. Martella, P. Samarati. Database Security, Addison-Wesley, 1995.
  7. S. Jajodia, P. Samarati, and V.S. Subrahmanian. A Logical Language for Expressing Authorizations. Proc. of the IEEE Symposium on Security and Privacy, Oakland, CA, 1997.
  8. 2. J.A. Hoagland, R. Panday, and K.N. Levitt. Security Policy Specification Using a Graphical Approach. Tech. report CSE-98-3, UC Davis Computer Science Dept., 1998.
  9. 3. N. Damianou, N. Dulay, E. Lupu, M. Sloman. The Ponder Policy Specification Language. Proc. Policy 2001: Workshop on Policies for Distributed Systems and Networks, Bristol, UK, 2001.
  10. P.D. Zegzhda, D.P. Zegzhda, M.O. Kalinin. Logical Resolving for Security Evaluation, MMM-ACNS, pp. 147-156, 2003.
  11. Trusted Computer System Evaluation Criteria, DOD 5200.28-STD, Dec 1985.
  12. Common Criteria for Information Technology Security Evaluation, Part, 1: Introduction and General Model, Version 2.1. CCIMB-99, Aug 1999.
Download


Paper Citation


in Harvard Style

D. Zegzhda P., P. Zegzhda D. and O. Kalinin M. (2005). Detection of the Operating System Configuration Vulnerabilities with Safety Evaluation Facility . In Proceedings of the 3rd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2005) ISBN 972-8865-25-2, pages 263-276. DOI: 10.5220/0002564902630276


in Bibtex Style

@conference{wosis05,
author={Peter D. Zegzhda and Dmitry P. Zegzhda and Maxim O. Kalinin},
title={Detection of the Operating System Configuration Vulnerabilities with Safety Evaluation Facility},
booktitle={Proceedings of the 3rd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2005)},
year={2005},
pages={263-276},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002564902630276},
isbn={972-8865-25-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2005)
TI - Detection of the Operating System Configuration Vulnerabilities with Safety Evaluation Facility
SN - 972-8865-25-2
AU - D. Zegzhda P.
AU - P. Zegzhda D.
AU - O. Kalinin M.
PY - 2005
SP - 263
EP - 276
DO - 10.5220/0002564902630276