Article Preview
Top1. Introduction
There have been several attempts of bringing some order to security classifications, variously called “Top Ten Vulnerabilities”, “Seven Deadly Sins” or “Pernicious Kingdoms” (Tsipenyuk et al., 2005) The latter classification, by McGraw and collaborators, is the most scientific one. It borrows the idea of a taxonomy from biology. McGraw predicts that more sophisticated attacks will become increasingly dangerous, such as the class of “Time and State” attacks.
This paper, as an extension of a workshop paper (Corcalciuc, 2012), reasons about “Time and State” attacks and offers a method of building taxonomy trees based on layers of abstract concepts. We notice that attacks frequently exploit a theoretical concept rather than local defects in software packages. We leverage concepts from programming theory in order to make “Time and State” attacks more precise.
The terminology of “Kingdoms”, “Phylum”, “Order” and “Species” are only crudely related to our taxonomy and we adopt only the structure of the biological taxonomy. We use that terminology in order to provide a distinction between abstract security concepts and code- level safety issues on the lower layers of the tree.
Compared to biology, in terms of security, vulnerabilities with common traits on the upper layers will be grouped together. We limit the article to the Time-of-Check-To-Time-of-Use (TOCTTOU) and “Signals and Events” as illustrated in Figure 1. Additionally, we attempt to classify Denial-of-Service (DoS) and explain how DoS can be both a Kingdom or appear by consequence tied to other Kingdoms.
Figure 1. Our taxonomy is annotated using McGraw's terminology. Each level describes a level of abstraction and every vulnerability can be classified by following the tree structure of a given attack. The upper layers are populated with abstract concepts such as TOCTTOU, signals and even more broadly DoS and reach down to lower layers where attacks distinguish themselves by local defects in a software package.
The “Kingdom” (Singer, 1950) rank is reserved for very high level classifications with a broad variety of descendants. The upper layers are reserved for abstract concepts which trickle down to the lower levels of the tree. In biology, the “Phylum” rank is a grouping of organisms based on a general abstraction of structure (Valentine, 2004). Thus, the “Phylum” is populated by the abstraction layer holding formal concepts such as traces, states and predicates.
The connection between our taxonomy and the rank ``Order'' is that biological ranks group elements together based on small but important differences. For example, Zoology makes a distinction between moths and butterflies - which is not a trivial distinction. In our taxonomy, ``Order'' represents general elements of flow control and refactoring (Fowler, 1999) the result of which may slightly change the code but sufficient enough in order to distinguish between a program and the re-factored equivalent.
“Species”, being the last layer of the biological classification, represent individual instances of the upper ranks. Similar to biology, where around 10 million different species of bacteria are distinguished, our taxonomy reserves this layer for all known and classified instances of a certain vulnerability. For example, in various software packages and listed on the numerous software vulnerability sites such as CERT or CVE.
Although these ranks were selectively chosen with the intent of relating to McGraw's classification, it is plausible to extend the number of layers. For example, “Time and State” would be a superior layer that could be added before the rank of “Kingdoms”, perhaps named “Domain”. For example, we explore software vulnerabilities stemming from the code-level however, privacy and cryptography might be other high-level concepts, perhaps placed at the level of “Phylum”. One instance thereof, might be information leakage or weak cryptographic keys and would extend the taxonomical tree.