Towards a Theory of Penetration-Resistant Systems and Its Applications

Article type: Research Article

Authors: Gupta, Sarbari | Gligor, Virgil D.

Affiliations: Dept of Electrical Engineering, University of Maryland, College Park, Maryland 20742, USA

Abstract: A theoretical foundation for penetration analysis of computer systems is presented, which is based on a hypothesis and a set of formalized design properties that characterize penetration resistance. By separating the policy-enforcement mechanisms of a system from the mechanisms necessary to protect the system itself, and by using a unified framework for representing a large set of penetration scenarios, we develop an extensible model for penetration analysis. Furthermore, we illustrate how the model is used to implement automated tools for penetration analysis. The model and tools only address system-penetration patterns caused by unprivileged users' code interactions with a system.

DOI: 10.3233/JCS-1992-1202

Journal: Journal of Computer Security, vol. 1, no. 2, pp. 133-158, 1992