The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)
Center for Education and Research in Information Assurance and Security

Protection Errors in Operating Systems: Validation of Critical Conditions

Author

Jim Carlstedt

Entry type

misc

Abstract

This report describes a class of operation system protection errors known as \"insufficient validation of critical conditions,\" or simply \"validaion errors,\" and outlines a scheme for finding them. This class of errors is recognized as a very broad one, lying outside the scope of the basic protection mechanisms of existing systems; the extent of the problem is illustrated by a set of validation errors taken from current systems. Considerations for validity conditions and their attachment to variables and to various types of control points in procedures are explored, and categories of validation methods noted. The notion of critiality itself is analyzed, and criteria suggested for determining which variables and control points are most critical in the protection sense. Because a search for validation errors can involve substantial information processing, the report references existing or developing tools and techniques applicable to this task.

Institution

Univeristy of Southern California

Key alpha

Carlstedt

Organization

Information Sciences Institute

Pages

1-28

Publication Date

0000-00-00

Contents

Abstract...........................................v Acknowledgements....................vi 1. Introduction...............................1 2. Motivation for the Study...........3 3. Validation as a Branch of Protection...................................6 4. Target System Normalization............................8 4.1 Target System Definition and Identification.................8 4.2 System communication Graph....................................8 4.3 Production of the Comunication Graph.......10 5. Validation Policy....................12 5.1 Validity Conditions and Critical Items.....................12 5.2 Input and Output Conditions.........................12 5.3 Functional Validity versus Integrity...............................13 6. Criticality Criteria...................15 6.1 The Chicken-and-egg View.....................................15 6.2 Fundamental Criticality.............................15 6.3 Influentiality....................16 6.4 Influencibility..................17 6.5 Incompleteness of Criticality Criteria...............18 7. Validation Mechanisms and Their Specification..................19 7.1 Enforcement of Specifications....................19 7.2 Explicit Input and Output Validation...........................19 7.3 Generalized Validation...........................21 8. Sufficiency Evaluation...........22 8.1 Overall Scheme.............22 8.2 Section Evaluation: Derivation of Conditions...22 8.3 Condition Derivation Across Loops....................24 8.4 Termination and Continuation Considerations.................25 References.................................27

Keywords

criticality, errors, validation of critical conditions

Language

English

Location

A hard-copy of this is in the Papers Cabinet

Subject

Critical conditions, operating system errors

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.