Index
Access control
basic description of, 187–208
buffer overflows and, 139, 155
compartmentalization and, 204–207
CORBA and, 55
database security and, 382–396
fine-grained privileges and, 207–208
flags, 155
JDB system for, 58–59
Lists (ACLs), 204
mandatory, 207
modifying ownership, 194–195
modifying file attributes, 190–193
programmatic interface and, 195–197
setuid programming and, 197–202
TOCTOU problems and, 222–225
UNIX and for, 187–202
using views for, 385–387
Windows NT and, 202–204
access() function, 215
ACLs (Access Control Lists), 204
Activation records, 153
ActiveX controls (Microsoft), 11, 272
assessing the security of, 301
competition for, 449
cryptography libraries and, 272, 274, 277
database security and, 382
passwords authentication and, 375
Aggregate functions, 392–393
Aiken, Alexander, 184
Algorithms. See also specific algorithms
community resources and, 112–113
false advertising regarding, 112
open-source software and, 69–72, 74–75, 78
publishing, 82
proprietary, 450
Amazon.com, 18, 297, 455–456
American Express, 63. See also Credit cards
American Standard Code for Information Interchange (ASCII). See ASCII (American Standard Code for Information Interchange)
amkCrypt, 274
Analysis. See also Auditing
appropriate timing of, 117
architectural security, 118–126
auditing and, 118–126
as a creative activity, 33
findings, reporting, 125–126
implementation, 117–118, 126–133
security engineers and, 36–37
testing and, relationship of, 42
which goes astray, 41–43
Anna Kournikova worm, 1
Anonymity, as a security goal, 21–22
Anti-debugger measures, 416–418
AOL (America Online)
Instant Messenger for Netscape, 11
marketing techniques, 20
traffic monitoring, 20
APIs (application program interfaces), 52, 101–102, 106
auditing and, 127
in cryptography libraries, 274–280
firewalls and, 433
race conditions and, 214
random number generation and, 260
Applet(s). See also Java
attacks, types of, 91
enforcing protection when running, 53
untrusted, 52
Application proxies, 428
Applied Cryptography (Schneier), 256, 267, 439
Arbaugh, Bill, 16
argv() function, 144, 169, 312
Arrays, 318
Art of Computer Programming, The (Knuth), 234
ASCII (American Standard Code for Information Interchange), 147, 171, 182–183, 293–294, 302
database security and, 388
digital signatures and, 464
text, encrypting, 388
“Asleep at the Wheel” (Lake), 3–4
ATH variable, 320
ATMs (automatic teller machines), 66
Attackers, use of the term, 25–27. See also Malicious hackers
Attack trees, 120–125
Attributes, modifying, 190–193
Audio players, 110
Auditing. See also Analysis; Monitoring
architectural security analysis and, 117, 118–126
attack trees and, 120–125
basic description of, 19–20, 115–133
implementation security analysis and, 126–133
logs, 20
open-source software and, 84–85
reports, 125–126
security scanners and, 132–133
security engineers and, 38
as a security goal, 19
tools, source-level, 128–130
using RATS for, 130–132
Authentication
biometric, 64–66
call-level, 57
connect, 57
CORBA and, 55
credit card, 97–98
cryptographic, 66
DCOM and, 56–58
default, 57
defense in depth and, 66–67
design for security and, 37
failure modes and, 97–98
host-based, 61–63
IP spoofing and, 62
levels, 56–58
packet integrity-level, 57
packet-level, 57–58
packet privacy-level, 58
password, 335–380
proxy-level, 432
remote execution and, 414–415
security goals and, 22–23, 440–441
technologies, 61–67
trust management and, 308
of untrusted clients, 415
using physical tokens, 63–65
AutoDesk, 421
Axis Powers, 71. See also World War II
Back Orifice 2000, 178
Bacon, Francis, 187
base64 encoding, 226, 349, 387, 401
Battle plans, creating, 121
Beizer, Boris, 15
Bellovin, Steven M., 1, 86, 427
Berra, Yogi, 267
Best-match policy, 189
buffer overflow and, 140, 178–179
client-side security and, 401, 408, 425
extracting secrets from, 109–110
setting suid bits on, 140
trust management and, 307, 309
bind() function, 333
Biometric authentication, 64–66
Birthday attacks, 461
Bishop, Matt, 320
ciphers, 283
client-side security and, 408–409
using, in CBC mode, 282
Blumb-Blumb-Shub PRNG, 236–237, 241, 244
Boneh, Dan, 269
Boolean flags, 139
Brainstorming sessions, 125
Brazil, 381
Brewer, Eric, 136
Browser(s)
attacks, 254–255
CAs and, 299
as consumer-ware, 17
firewalls and, 433
license files and, 411
operating systems and, fuzzy boundaries between, 11–13
surfing data collected through, 21
untrusted applets and, 52
BSAFE library, 277–278
BSS (block storage segment), 151
Buffer(s). See also Buffer overflows
attack code and, 177–185
input, 148–149
internal, 147–148
tamperproofing and, 420
UNIX and, 178–185
use of the term, 138
Windows and, 185
Buffer overflow(s), 24, 25, 87–88. See also Buffers
basic description of, 135–186
defending against, 141–142
entropy handling and, 256–257
gotchas related to, 141–147
open-source software and, 79–81
securing the weakest link and, 93–94
selecting technologies and, 51, 52
smashing stacks and, 151–155
stack overflows and, 159–177
testing and, 39
tools which address, 150–151
trust management and, 309
Bugs. See also Debugging; Errors
announcing, 88–89
responding to misuse with, 419–420
C (high-level language), 8, 50–51, 53, 274, 303
access control and, 201–202
buffer overflows and, 94, 138–139, 141, 148–151, 154–156, 159–161, 164–165, 171–174, 177–179, 181
client-side security and, 421
firewalls and, 433
format string attacks and, 329–330
input validation and, 329
libraries, 141
open-source software and, 73–74, 84, 88
passwords authentication and, 339–350
popularity of, 84
race conditions and, 216, 222–223
random number generation and, 261–262
risks of using, 88
trust management and, 317–319
C++ (high-level language), 10, 50, 54
auditing and, 129
buffer overflow and, 137, 148, 154
cryptography libraries and, 275–276
risks of using, 88
Cache poisoning attacks, 63
Caesar, Julius, 231
Callbacks, 412
Canadian Trusted Computer Products Evaluation Criteria, 44
Capabilities, 207–208
Capture/replay attacks, 26, 459
Carnegie Mellon University, 8
Carnivore system (FBI), 21
CAs (certificate authorities), 297–301, 455
Case-sensitivity, 363
CAST ciphers, 283
CBC (cipher block chaining) mode, 270, 282–284, 408, 446, 447
CDs (compact discs), 305, 398, 400–415
CERT/CC (CERT Coordination Center) advisories, 2, 8
regarding buffer overflows, 87, 135, 136–137
regarding character sets, 324
CFB (cipher feedback), 270, 283–284, 447
CGI (Common Gateway Interface), 320–325, 327–329, 333–334
CGI.pm module, 334
Challenge/response systems, 413–315
Character(s)
client-side security and, 402
length of passwords, 358
trust management and, 321–322
chdir() function, 222, 224, 225, 333
CHECK option, 386–387
basic description of, 457
hash functions and, 441, 457, 458
symmetric algorithms and, 447
Chipsets, 244–245
chmod() function, 190, 191–192, 195, 333
Choke points, 105
Chosen ciphertext attacks, 443
Chosen plaintext attacks, 443, 454
chown() function, 190, 193–196, 200, 333
chroot() function, 200, 204–207, 333
available, list of, 283–284
basic description of, 440
key length settings for, 284–285
PRNGs and, 233
reusing, 269–270
symmetric, 444–451
text attacks, 442–443
Civilized Engineer, The (Florman), 115
Class(es)
nested, 53
Classifications, of information, 21
Client(s). See also Client/server models
passwords authentication and, 374
proxies, 430–432
-side security, 325–327, 397–426
untrusted, authenticating, 415
Client/server models, 22, 74. See also Clients; Servers
EJB and, 58–59
failure modes and, 99–100
firewalls and, 430
selecting technologies and, 54, 58–59
Code
attack, 177–185
atomic, 212
auditing, 127–128
coverage, using, as a metric, 39
good-enough, 127
mobile, 10, 18, 91–92, 102, 107
obfuscation, 74–75, 399, 421–426
reuse of, disadvantages of, 12
reverse engineering, 73–74
untrusted, 127
user-level (user space), 59
Cold Fusion server, 86
Cold War, 397
“Command/response” protocols, 429
Comments
database security and, 388
for stack inspection code, 171–172
Common Evaluation Methodology, 44–46
Community resources, 92, 112–113
Compartmentalization, principle of, 92, 102–104, 204–207
comp.lang.java.security newsgroup, 18
concat_arguments function, 164–168, 172–176
concat.c, 166, 171, 174, 175–177
concat.s, 174–175
Confidentiality, as a security goal, 20, 440
Congress (United States), 463
connect() function, 333
Constants, 195
Consumer-ware, 17
Containers, 54
Copy protection schemes, 400–415
CORBA (Common Object Request Broker Architecture), 54–56, 59
Corporate Espionage (Winkler), 25
Counter mode, 446–447
Counterpane Labs, 362
COUNT() function, 392, 393, 394
Crack (program), 356, 363, 367
Cracker, use of the term, 4
Crash(es)
dialog boxes, 72
file locking and, 227
as a sign of an exploitable vulnerability, 72
CREATE VIEW command, 386
failure modes and, 97–98
information, storage of, 392–395
password-based schemes and, 66
as physical tokens, 63–64
promoting privacy and, 107–108
Critical section, 213
CRLs (Certificate Revocation Lists), 299
CrypGenRandom() function, 260
Cryptanalysis, 441
crypt() function, 337–338, 343, 349, 351
Cryptix library, 278–279
Cryptlib library, 272–275, 279–280
Crypto++ library, 275–276
Cryptography. See also Public key cryptography
applying, 267–305
attacks on, 442–444
basic description of, 439–464
deriving requirements and, 34
during World War II, 71, 303–304
eavesdropping and, 25
export laws, 271
goals of, 440–442
libraries, 272–279
programming with, 279–295
random number generation and, 232–265
securing the weakest link and, 93–96
Spafford on, 2
types of, 444
writing your own, refraining from, 268–270
Cryptography Research, 444
C Traps and Pitfalls (Koenig), 78
ctx variable, 281
“Current time” technique, 235
Customer support, passwords procured through, 22–23, 94, 111, 355
Cut-and-paste attacks, 270
Daemen, John, 449
Dante, 434
access control for, 381–396
auditing and, 119, 125, 129–132
connection pooling, 54
field protection in, 387–391
password, adding users to, 339–350
promoting privacy and, 107–108
statistical attacks and, 391–395
trust management and, 308, 325–327
Database Security (Castano), 381
Data segment, of memory, 152
DCOM (Distributed Component Object Model), 54, 56–58
Debugging, 74, 416–419, 425. See also Bugs; Errors
antidebugger measures and, 416–418
buffer overflows and, 167, 171, 176, 179–180
tamperproofing and, 416–418
Decompilers, 73–74
Decoys, 421
Defense in depth, principle of, 92, 96–97
Denial-of-service attacks, 10, 14–15, 50, 356
Department of Commerce (United States), 449
Department of Defense (United States), 43–44
Department of Defense Trusted Computer System Evaluation Criteria(“Orange Book”), 43–44
Dependability, overall importance of, 13
Depth, defense in, principle of, 92, 96–97
DES (Data Encryption Standard), 71, 74, 282–283, 448–450
passwords authentication and, 337–338
public keys and, 451
Design. See also Development
implementation and, complex interrelation of, 18
for security, notion of, 13–14, 37–38
Design of Everyday Things, The (Norman), 106
DESX ciphers, 283
Determinism, 231–265
Development. See also Design
cryptography export laws and, 271
first-to-market pressures and, 17, 24, 29
penetrate-and-patch approach and, 15–16
spiral model of, 30–32
teams, rapid, 41
waterfall model of, 31–32
which goes astray, 41
Device drivers
basic description of, 60
calls to, 60–61
compartmentalization and, 103
Dialog boxes, effectiveness of, 106, 107
Dice rolling technique, for selecting passwords, 358–362, 363
Diceware, 363
Dictionary attacks, 338
DIEHARD, 257
Differential power analysis (DPA), 24, 443
Diffie-Hellman algorithm
cryptography libraries and, 273, 274, 276, 277
used with DSA, 454
Digital cameras. See Cameras
Digital signatures, 410, 413, 459
basic description of, 462–464
DSA (Digital Signature Algorithm) for, 269, 273, 274, 276, 410, 454
PKI and, 463
Directories
backward traversal of, 328
file locking and, 226–227
Disassemblers, 73
Disclosure, full, principle of, 5, 7, 81–82
Disgruntled employees, 110
Disraeli, Benjamin, 397
Distributed object platforms, choosing, 54–59
DLLs (Dynamically Linked Libraries), 185, 317
dlopen() function, 317
DMAC, 276
DNA, 66
DNS (Domain Name Service) names, 61–63
Doctor Faustus (Marlowe), 49
Documentation
auditing and, 120
cryptography libraries and, 273, 275, 276, 277, 278
failure to read, on the part of users, 106
Domain names, 61–63
Dongles, 414
DOS (Disk Operating System), 60
DoubleClick, 20
Double encryption, 449
DPA (differential power analysis), 21, 443
DSA (Digital Signature Algorithm), 269, 273, 274, 276, 410, 454. See also Digital signatures
DVD (digital video disc) viewers, 110
Dynamic allocation, 140
Eavesdropping
basic description of, 25
deriving requirements and, 34
key secrecy and, 109
ECB (electronic code book) mode, 270, 283–284, 447
ECC (elliptic curve cryptography), 273, 277, 279, 454
Echelon, 21
eEye, 72
Efficiency
C programming and, 148–149
cryptography libraries and, 273, 275, 276, 278
entropy handling and, 256
as the justification for a language choice, 50
EGADS (Entropy-Gathering and Distribution System), 225, 226, 256, 259–260, 264
EGID (effective GID), 188, 198
race conditions and, 220
trust management and, 317
EJB (Enterprise Java Beans), 54, 58–59
El Gamal algorithm, 273, 276, 454, 464
Electronic Privacy Information Center, 20
announcing security bugs via, 88–89
distribution lists, 88–89
trust management and, 311–314
Employees. See also Personnel, security
disgruntled, 110
trust in, 110
Emulex Corporation, 21
Encryption. See also Cryptography; Keys
AES, 272, 274, 276–277, 301, 375, 382, 449-450
auditing and, 119
code obfuscation and, 74–75, 399, 421–426
DES (Data Encryption Standard) and, 71, 74, 282–283, 337–338, 448–451
disabling, 106
double, 449
of program parts, 423–426
security by obscurity and, 45, 69–75, 268, 336
Spafford on, 2
End-of-file (EOF) character, 141
Engineering
methods, 18
reverse, 73–74
Engineering of Software, The (Hamlet), 15
Engineers, security
role of, 32–39
use of the term hacker by, 3–5
Enigma machine, 71
Entropy
EGADS (Entropy-Gathering and Distribution System) and, 225, 226, 256, 259–260, 264
estimating, 241–255
gateways, 259–260
gathering, 225–226, 232, 235, 238, 241–255, 259–260, 264
handling, 255–258
secret Netscape messages and, 254–255
Environment variables, 316–318
Ethernet, 412
EUID (effective UID), 188, 190, 196–201
race conditions and, 215–216, 220
trust management and, 311, 317
eval() function, 333
EVP_bc_cfb() function, 283
EVP_bf_cbc() function, 282, 283
EVP_bf_ecb() function, 283
EVP_bf_ofb() function, 283
EVP_cast_cbc() function, 283
EVP_cast_cfb() function, 283
EVP_cast_ecb() function, 283
EVP_cast_ofb() function, 283
EVP_CIPHER_CTX_ctrl() function, 284–285
EVP_CIPHER_CTX_set_key_length() function, 284
EVP_DecryptFinal() function, 292
EVP_DecryptInit() function, 286
EVP_DecryptUpdate() function, 286
EVP_des_cbc() function, 283
EVP_des_cfb() function, 283
EVP_des_ecb() function, 283
EVP_des_ede_cbc() function, 284
EVP_des_ede_cfb() function, 284
EVP_des_ede() function, 283
EVP_des_ede_ofb() function, 284
EVP_des_ofb() function, 283
EVP_desx_cbc() function, 283
EVP_DigestFinal() function, 287
EVP_DigestUpdate() function, 287
EVP_enc_null() function, 283
EVP_EncryptFinal() function, 285–286, 291
EVP_EncryptInit() function, 282
EVP_EncryptUpdate() function, 285–286, 291
EVP_idea_cbc() function, 284
EVP_idea_cfb() function, 284
EVP_idea_ecb() function, 284
EVP_idea_ofb() function, 284
EVP interface, 279–280
performing hashing with, 286–287
public key encryption with, 287–292
EVP_rc2_40_cbc() function, 284
EVP_rc2_64_cbc() function, 284
EVP_rc2_cbc() function, 284
EVP_rc2_cfb() function, 284
EVP_rc2_ecb() function, 284
EVP_rc2_ofb() function, 284
EVP_rc4_40() function, 284
EVP_rc4() function, 284
EVP_rc5_32_12_16_cbc() function, 284
EVP_rc5_32_12_16_cfb() function, 284
Exception handling, 50. See also Errors
Exclusive OR (XOR), 71, 181, 418, 424–425
applying cryptography and, 268, 270, 283, 302
data integrity and, 270
DES and, 283
one-time pads and, 302
random number generation and, 233, 255, 256
execl() function, 145, 180–181
execve() function, 201, 312, 314
Expiration dates, for licenses, 413
Export laws, 271
Extensible systems, 9, 10, 12–13
Facial features. See Biometric authentication
Factorization, 401–302
Failure
Florman on, 115
planning for, 97–100
to read documentation, on the part of users, 106
Fallback schemes, 98–99
Fault trees, 121
FBI (Federal Bureau of Investigation), 18, 110
fchown() function, 196
fcntl() function, 333
Federal Criteria (United States), 44
Feedback, soliciting, 120
Felten, Ed, 107
fgets() function, 141–142, 149, 153
Field(s)
hidden input, 322–325
protection, 387–391
File(s). See also Filenames
attributes, modifying, 190–193
descriptors, 315
locking, 226–227
temporary, 225–226
buffer overflows and, 144
patterns, input validation and, 332
prefixes, 226
restrictions on, 144
timestamps and, 197
FILE object, 220
Fine-grained privileges, 207–208
fingerd, 135
Fingerprints
biometric authentication and, 64–66
cryptographic, 457
basic description of, 427–437
Common Criteria and, 44–45
defense in depth and, 97
open-source software and, 85
packet-filtering, 428–430, 434
peer-to-peer connectivity and, 435–437
promoting privacy and, 108–109
securing the weakest link and, 94
SOCKS and, 433–435
strategies for, 427–430
toolkits, 85
Firewalls and Internet Security (Cheswick and Bellovin), 1, 427
FIST, 79
Fithen, Bill, 16
Flawfinder, 129
FlexLM, 413
foo, 192
foobar, 330
fopen() function, 226
fork() function, 201
Format string attacks, 329–330
FORTRAN, 50
Foster, Jeffrey, 136
FrontPage (Microsoft), 105
Frost, Robert, 427
fscanf() function, 142, 146, 152
fstat() function, 220
FTP (File Transfer Protocol), 430, 458, 460
FUD (fear, uncertainty, and doubt), 62–63, 88, 112
Full disclosure, principle of, 5, 7, 81–82
Functionality
CORBA and, 55
of cryptography libraries, 273
database security and, 387
mobile code and, 11
of Trojan horses, 39
passwords authentication and, 375–376
PRNGs and, 235
Functions
access() function, 215
argc() function, 168–169
argv() function, 144, 169, 312
bind() function, 333
chdir() function, 222, 224, 225, 333
chmod() function, 190, 191–192, 195, 333
chown() function, 190, 193–196, 200, 333
chroot() function, 200, 204–207, 333
concat_arguments function, 164–168, 172–177
connect() function, 333
COUNT() function, 392, 393, 394
CrypGenRandom() function, 260
crypt() function, 337–338, 343, 349, 351
dlopen() function, 317
eval() function, 333
EVP_bc_cfb() function, 283
EVP_bf_cbc() function, 282, 283
EVP_bf_ecb() function, 283
EVP_bf_ofb() function, 283
EVP_cast_cbc() function, 283
EVP_cast_cfb() function, 283
EVP_cast_ecb() function, 283
EVP_cast_ofb() function, 283
EVP_CIPHER_CTX_ctrl() function, 284–285
EVP_CIPHER_CTX_set_key_length() function, 284
EVP_DecryptFinal() function, 292
EVP_DecryptInit() function, 286
EVP_DecryptUpdate() function, 286
EVP_des_cbc() function, 283
EVP_des_cfb() function, 283
EVP_des_ecb() function, 283
EVP_des_ede_cbc() function, 284
EVP_des_ede_cfb() function, 284
EVP_des_ede() function, 283
EVP_des_ede_ofb() function, 284
EVP_des_ofb() function, 283
EVP_desx_cbc() function, 283
EVP_DigestFinal() function, 287
EVP_DigestUpdate() function, 287
EVP_enc_null() function, 283
EVP_EncryptFinal() function, 285–286, 291
EVP_EncryptInit() function, 282
EVP_EncryptUpdate() function, 285–286, 291
EVP_idea_cbc() function, 284
EVP_idea_cfb() function, 284
EVP_idea_ecb() function, 284
EVP_idea_ofb() function, 284
EVP_rc2_40_cbc() function, 284
EVP_rc2_64_cbc() function, 284
EVP_rc2_cbc() function, 284
EVP_rc2_cfb() function, 284
EVP_rc2_ecb() function, 284
EVP_rc2_ofb() function, 284
EVP_rc4_40() function, 284
EVP_rc4() function, 284
EVP_rc5_32_12_16_cbc() function, 284
EVP_rc5_32_12_16_cfb() function, 284
execl() function, 144, 180–181
execve() function, 201, 312, 314
fchown() function, 196
fcntl() function, 333
fgets() function, 142, 149, 153
fopen() function, 226
fork() function, 201
fscanf() function, 143, 144, 152
fstat() function, 220
generate_raw_response() function, 375
getenv() function, 132, 149, 319
getopt_long() function, 153
getrlimit() function, 316
gets() function, 136, 142, 148, 152
getuid() function, 198
glob() function, 332
ioctl() function, 333
ksg() function, 391
lstat() function, 220
main() function, 152, 159–160, 162–163, 172, 176
malloc() function, 138, 140, 147, 154, 369, 375, 402
MAX() function, 392
MIN() function, 392
mknod() function, 222
munlock() function, 344
open() function, 220, 226–227, 327, 329, 328, 332, 333
popen() function, 206, 300, 318–319
printf() function, 157, 177, 330
print() function, 328
putenv() function, 319
Raccept() function, 434
rand() function, 234, 241, 303, 363
random() function, 231, 234–235
randomize() function, 239, 240
Rbind() function, 434
rc5_32_12_16_ofb() function, 284
Rconnect() function, 434
Rgetpeername() function, 434
Rgetsockname() function, 434
Rread() function, 434
Rrecvfrom() function, 434
Rrecv () function, 434
Rsend() function, 434
Rsendmsg() function, 434
Rsendto() function, 434
Rwrite() function, 434
scanf() function, 136, 142, 146, 152
setpriority() function, 206, 333
setrlimit() function, 316
snprintf() function, 81, 145, 149, 153
socket() function, 333
socketpair() function, 333
sprintf() function, 81, 129, 136, 142, 144–145, 152
sscanf() function, 142, 146, 152
stat() function, 220
stderr function, 315
stdin function, 315
stdio function, 132
stdout function, 315
strcat() function, 132, 137, 142, 144, 152
strcpy() function, 77, 80, 128, 136, 141–143, 149, 152, 166, 168
streadd() function, 143, 146, 152
strecpy() function, 142–144, 146, 152
strlen() function, 143
strncat() function, 144
strncpy() function, 81, 143, 148, 153, 184
strtrns() function, 143, 147, 152
SUM() function, 392
syscall() function, 333
sysopen() function, 334
system() function, 206, 319–321, 332
test() function, 160, 161, 163
truncate() function, 333
unlink() function, 222, 224–226, 333
unmask() function, 333
unmount() function, 222
unsetenv() function, 319
vfscanf() function, 143, 146, 152
vsprintf() function, 142, 144, 152
FUZZ (program), 50
Gambling programs, 238–241
Game software, 397–398, 413–315
Garbage
collection, 253
input validation and, 330
trust management and, 314
Geiger counters, electronic, 243
generate_raw_response() function, 375
Genetics, 66
Germany, 46, 71. See also Europe
getenv() function, 132, 149, 319
getopt_long() function, 153
getrlimit() function, 316
gets() function, 136, 141–142, 148, 152
getuid() function, 198
GIDs (group IDs), 187–190, 196, 198
input validation and, 333
trust management and, 311, 317
Gilliam, Terry, 381
Global Identifier, 21
glob() function, 332
GNU
debuggers, 179
Mailman, 84–85
GNU C compilers, 150
Goals
Goldberg, Ian, 254
Government(s). See also Legislation
export laws, 271
intelligence secrets, 21
security clearance systems, 100–101
tracking systems, which degrade privacy, 20
U.S. Congress, 463
U.S. Department of Commerce, 449
U.S. Department of Defense, 43–44
U.S. Federal Bureau of Investigation, 18, 110
U.S. National Security Agency, 43, 448, 449
U.S. Securities and Exchange Commission, 19
GRANT command, 383–385
GUIs (graphical user interfaces), 55, 127, 240
Gutmann, Peter, 225, 246, 272, 400, 414
Hacker(s). See also Malicious hackers
open-source software and, 81–82
and the principle of full disclosure, 7, 27, 81–82
use of the term, 3–5
Hamlet, Dick, 15
Handsard (Disraeli), 397
Hanssen, Richard P., 110–111
Hardware
client-side security and, 414
solutions for entropy gathering, 242–245
Hash(es). See also Hashing algorithms
additional uses for, 295–297
basic description of, 441
cryptography libraries and, 272, 276, 278
database security and, 387–391
passwords authentication and, 336–337, 350, 367
Hashing algorithms. See also Hashes; specific algorithms
basic description of, 286–287, 457–462
recommended types of, 461–462
Header files, 279–280
Heap(s)
allocation, 154
overflows, 139–140, 150, 155–159
Herd, following the, 111–112
Hiding secrets, difficulties involved with, 109–111
basic description of, 26
passwords authentication and, 366
promoting privacy as a defense against, 107
HMAC (Hash Message Authentication Code), 270, 273, 274, 277, 278, 294–295. See also Hashes; Hashing algorithms
Hollebeek, Tim, 71
hostname command, 412
HP/UX, 217
HTML (HyperText Markup Language), 323, 328, 329
HTTP (HyperText Transfer Protocol), 293, 297, 324. See also HTTPS (Secure HTTP)
daemon, 333
input validation and, 333
HTTPS (Secure HTTP), 429, 436. See also HTTP (HyperText Transfer Protocol)
IBM (International Business Machines), 449
iD Software, 399
IDEA (International Data Encryption Algorithm), 272, 274, 284
IEEE Computer (journal), 16
IFS variable, 318–320
IIOP (Internet Inter-Orb Protocol), 54–55, 59
IIS (Microsoft Internet Information Server), 72–73
IMAP (Internet Message Access Protocol), 300, 460
iMode devices, 23
Impersonation, 58
Implementation
auditing and, 116–120, 126–127
design and, complex interrelation of, 17–18
security analysis, 117–118, 126–133
trust management and, 309
Industry Standard, The, 3
Information
conflicting, discovery of, 120
-gathering phase, of architectural security analysis, 118–120
hiding mechanisms, 52–53
personal, storage of, 392–395
Information Technology Security Evaluation Criteria (ITSEC), 44
Initialization vectors (IVs), 282, 291
Input validation
basic description of, 307–334
client-side security and, 325–327
detecting problems related to, 331–334
format string attacks and, 329–330
invoking other programs safely and, 319–320
protection from hostile callers and, 314–319
INSERT statement, 383
Intellectual property, 69
Internet
Service Providers (ISPs), 21
“time,” phenomenon of, 15, 19, 27
worm of 1988, 135
Invisible Computer, The (Norman), 29
ioctl() function, 333
IP (Internet Protocol)
Stunnel and, 300
ISO (International Standards Organization), 325, 388
ISPs (Internet Service Providers), 21
IV (initialization vectors), 282, 291
Java, 50, 52–54. See also JVM (Java Virtual Machine)
access control and, 206–207
advantages of, 88
attack applets, 91
basic description of, 58–59
Beans, Enterprise (EJB), 54, 58–59
buffer overflows and, 136, 150
class-loading mechanism, 12
client-side security and, 421–422
Crypto API, 278
Cryptography Extension (JCE) package, 278
cryptography libraries and, 279–280
decompilers and, 73
misconceptions about, 83
newsgroups, 18
Noting Interface (JNI), 278
open-source software and, 70, 73, 88
race conditions and, 210–213, 228–229
random number generation and, 263–265
Remote Method Invocation (RMI), 54, 99
stack inspection in, 56
Java Cryptography (Knudsen), 264
JavaScript, 323
java.security.SecureRandom class, 263–265
java.util.Random class, 263
JCE (Java Cryptography Extension) package, 278
JNI (Java Noting Interface), 278
JVM (Java Virtual Machine), 9, 52–53
access control and, 207
client-side security and, 421
open-source software and, 73
race conditions and, 212–213, 228–239
Kaner, Cem, 15
Karst disaster, 102
Kerberos: A Network Authentication System (Tung), 305
entropy gathering and, 253
input validation and, 329
Key(s). See also Public key cryptography
advertising related to, 112
basic description of, 66–67
creating, 280
license, for CDs, 398, 400–415
maintaining the secrecy of, 109
master, 450
one-time pads and, 301–305
as physical tokens, 63–64
securing the weakest link and, 93–94
session, 450–451
KISS (Keep It Simple, Stupid!) principle, 104–107
Known ciphertext attacks, 442–443
Known plaintext attacks, 443
Knudsen, Jonathan, 264
Knuth, Donald, 234
Kocher, Paul, 443–444
Koenig, Andrew, 78
ksg() function, 391
Lake, David, 3–4
Lamps, 244
Languages. See Programming languages
LANs (local area networks), 27
Lava Lite lamps, 244
Lavarand, 244
LD_LIBRARY_PATH environment variable, 317
LD_PRELOAD environment variable, 318
Least privilege, principle of, 92, 100–102
Millennium Digital Commerce Act, 463–464
Software Piracy Act, 398
Levy, Elias, 135
LFSR (linear feedback shift register), 256, 258
libcrypto.a, 279–280
Libraries, 128, 130, 141, 272–279
License(s)
files, 410–411
information, hiding, 400
open-source, 79
schemes, challenge-based, 413–315
site, 412–413
Life cycle(s)
auditing and, 115
compression of, by Internet time, 18–19
design for security and, 37
model for system vulnerabilities, 16
risk management and, 30–32, 33, 34–39
security personnel and, 32, 33, 34–39
trust management and, 308
Linus’ Law, 76
applying cryptography and, 282, 293, 296
heap overflows and, 155–159
passwords authentication and, 343
race conditions and, 227
random number generation and, 260–261
LISP, 50
Locking files, 226–227
Logical ANDs, 123
Login. See also Passwords
attempts, bad, 355
counters, 355
two-password, 356
Logs
buffer overflows and, 140
monitoring, 20
start-up, 198–200
Love Bug virus, 1
ls command, 192
lstat() function, 220
MAC (message authentication code), 62, 107, 293–294
basic description of, 459–460
cryptography libraries and, 273, 276, 278
data integrity and, 270
input validation and, 324
license files and, 411
stream ciphers and, 446
McHugh, John, 16
Macintosh, 263
MacLennan, Bruce, 96
Macros, 316
Macrovision, 414
Mailing lists, 7–8
main() function, 151, 161–162, 163–164, 174, 177
Malicious hackers. See also Hackers
black box testing and, 42
character sets and, 324–325
goal of, 4
open-source software and, 72–74, 82
principle of least privilege and, 101
promoting privacy and, 108
red teaming and, 42–43
reverse engineering by, 73–74
use of the term, 3–5
malloc() function, 138, 140, 147, 154, 369, 375, 402
Man-in-the-middle attacks, 124, 366, 454–456
“Many-eyeballs phenomenon,” 76–82, 87
Marketing techniques, invasive, 20
Marlowe, Christopher, 49
Marsaglia, George, 257
MasterCard, 97. See also Credit cards
Mature threat model, 46
MAX() function, 392
MAXPATHLEN, 146
MD2 hash algorithm, 286–287
MD4 hash algorithm, 286–287, 461–462
MD5 hash algorithm, 237, 274, 277
appropriate uses for, 461–462
EVP interface and, 286–287
passwords authentication and, 337
trust management and, 310
Memory. See also Memory heaps
allocation, 154
checksums and, 418–419
client-side security and, 399, 402, 418–420
code obfuscation and, 399
encryption keys and, 67
managers, 53
passwords authentication and, 344, 351
pointers, 157
process space protection and, 60
regions, that are almost always present, 151
swapping, 53
tamperproofing and, 420
allocation, 154
overflows, 139–140, 150–151, 155–159
Mending Wall (Frost), 427
Message digest, 457
Microprocessor(s), 247, 296–297
entropy gathering and, 253
instruction caches, 417–418
tamperproofing and, 416–418
Microsoft
certificates, forged, 299
fallacy regarding, 82–83
FrontPage, 105
Global Identifier, 21
Internet Explorer browser, 11–13
Internet Information Server (IIS), 72–73
Outlook, 72
SQL Server, 382
Visual Studio, 130
VPN (Virtual Private Network), 269
Military secrets, 18, 71, 303–304
Millennium Digital Commerce Act, 463–464
MIME (Multipurpose Internet Mail Extensions), 293
MIN() function, 392
Mind share, 17
Misuse, responding to, 419–421
MIT (Massachusetts Institute of Technology), 3
Mitchell, Don, 253
Mitnick, Kevin, 444
mkkey, 415
mknod() function, 222
dialog boxes and, 107
principle of least privilege and, 102
Monitoring. See also Auditing
as a security goal, 20
taint mode and, 52
variables, 52
Mouse events, reading, 247
Mozilla, 70
MSIE (Microsoft Internet Explorer), 11–13
Multilevel security, as a security goal, 21
munlock() function, 344
MySQL, 382
Named pipes, 201
Napster, 435
NAT (network address translation), 429, 434–435
National Security Agency (NSA), 43, 448, 449
N-bit collisions, 295, 296–297
“Need to know,” notion of, 100–101
Netrek, 415
Directory Server, 159
license files and, 411
messages, secret, 254–255
public key cryptography and, 455–456
random number generation and, 299
Network and Distributed Systems Security 2000 conference, 136
Network cards, 62
Neumann, Peter, 8
new operator, 154
Nielson, Jakob, 106
NIST (National Institute of Standards and Technology), 44, 260, 449–450
NNTP (Network News Transfer Protocol), 297
Nondisclosure agreements, 431
Nonrepudiation, of data, 441
Norman, Donald, 29
NSA (National Security Agency), 43, 448, 449
NullPointerExceptions, 50
number_matches variable, 152
NVLAP (National Voluntary Laboratory Accreditation Program), 44, 45
Obfuscation, code, 74–75, 399, 421–426
Object-oriented languages, 52–53
Obscurity, security by, 45, 69–75, 268, 336
ODBC (Open Database Connectivity), 326
OFB (output feedback) mode, 270, 283–284, 447
Office (Microsoft), 21, 317, 398, 400
OMG (Object Management Group), 54
open() function, 220, 226–227, 327, 329, 328, 332, 333
OpenBSD, 85
OpenPGP, 269
Open-source software
advantages/disadvantages of, 86–87
basic description of, 69–89
buffer overflows and, 87–88
economic incentives for, 76–77
“many-eyeballs phenomenon” and, 76–82, 87
embedding, into your application, 298
IVs and, 282
key length settings, 285
library, 274–275
passwords authentication and, 375
public key encryption with, 287–292
simple program using, 280–286
threading and, 293
tunneling mechanisms and, 299–300
use of, in this book, 279
Operating systems. See also specific operating systems
compartmentalization and, 104
browsers and, fuzzy boundaries between, 11–13
process space protection and, 59–60
Oracle Security (Theriault), 381
Orange Book (Department of Defense Trusted Computer System Evaluation Criteria), 43–44
ORB (object request broker), 54–55
OR clause, 395
Osiris, 87
otp-common.c, 378–379
otp-common.h, 374–375
otp-server.c, 376–377
Outlook (Microsoft), 72
Over-the-shoulder attacks, 324
Ownership, modifying, 194–195
Packet(s)
sniffing, 255
Pairgain Technologies, 23
Palm Pilot, 60
Parallel ports, 243
Pascal, 239
passwd file, 216–219
advice for selecting, 356–365
buffer overflows and, 155
character length of, 358
collecting, with Trojan horses, 9
databases and, 339–350, 382, 387
design for security and, 37
dice rolling technique for selecting, 358–362, 363
encryption algorithms, 70–72
input validation and, 324, 329, 332
one-time, 365–379
pass phrases as, 362–363
procured through social engineering attacks, 22–23, 94, 111, 355
race conditions and, 215, 216–219
resetting, 155
security by obscurity and, 70–75
use of, with credit cards, 66
users who forget, 94–96
PasswordSafe, 362
Patches, problems with, 15–16
PATH variable, 318–319, 320, 331
PCs (personal computers), 10, 37. See also Windows (Microsoft)
entropy gathering and, 243, 244
PRNGs and, 236
as single-user devices, 60
Peer-to-peer connectivity, 435–437
Penetrate-and-patch approach, 15–16
Pentium processors, 244, 296–297
auditing and, 129
input validation and, 321, 327–329, 331–334
security manpage (perlsec), 334
Permissions. See also Privileges
compartmentalization and, 103–104
how they work, 189–190
principle of least privilege and, 101
root, 101
setting, 189–190
trust management and, 311–319
UNIX and, 189–190
Windows NT and, 202–204
Personal information, storage of, 392–395
Personnel, security. See also Employees
qualifications of, 32–33
risk management and, 32–39
role of, 32–33
PGP (Pretty Good Privacy), 261, 272, 279, 310
PGPsdk, 279
Physical tokens, 63–65
PIDs (process identifiers), 254, 333, 328
PIN (personal identification number) numbers, 66, 366, 369
PKIs (public key infrastructures), 298, 453–455, 459
pLab, 257
Plaintext
attacks, 443
use of the term, 440
Playback attacks, 459–460
Policies
authentication and, 22–23
enforcement of, security as, 14
race conditions and, 228–229
Polling, 246
POP (Post Office Protocol), 70, 74, 460
popen() function, 206, 300, 318–319
PPTP (Point-to-Point Tunneling Protocol), 269
Prevention, as a security goal, 19
printf() function, 157, 177, 330
print() function, 328
Privacy
database security and, 391–395
invasion of, issues related to, 412
laws, 20
least, principle of, 92, 100–102
passwords authentication and, 336
promoting, principle of, 92, 107–109
as a security goal, 20
Privacy Foundation, 20
Private keys. See also Keys
basic description of, 451
untrusted clients and, 415
Privileges. See also Permissions
buffer overflows and, 139–141, 155–159
database security and, 383–385
fine-grained, 207–208
firewalls and, 431
heap overflows and, 155–159
root, 103, 110–111, 140–141, 189–190, 200–201
trust management and, 311–319
Windows NT and, 202–204
PRNGs (pseudorandom number generators). See also Random number generation
attacks against, 238–241
basic description of, 231, 232–237
Blumb-Blumb-Shub, 236–237, 241, 244
entropy handling and, 255–258
examples of, 234–236
password authentication and, 343
SSL and, 254–255
using data from, as IVs, 282
Process space protection, 59–61
entropy gathering and, 253
instruction caches, 417–418
tamperproofing and, 416–418
Programmatic interface, 195–197
Programming languages. See also specific languages
type-safe, 150
program_name buffer, 80
Proprietary algorithms, 450
Protection
modifiers, 53
process space, 59–61
Protocol(s)
FTP (File Transfer Protocol), 430, 458, 460
HTTP (HyperText Transfer Protocol), 293, 297, 324, 333, 429, 431, 435
IIOP (Internet Inter-Orb Protocol), 54–55, 59
IMAP (Internet Message Access Protocol), 300, 460
NNTP (Network News Transfer Protocol), 297
POP (Post Office Protocol), 70, 74, 460
PPTP (Point-to-Point Tunneling Protocol), 269
SMTP (Simple Mail Transport Protocol), 101, 200, 432
SOAP (Simple Object Access Protocol), 94
SSH (Secure Shell Protocol), 122–124, 269, 366
TCP (Transmission Control Protocol), 7–8, 85–86, 433
WAP (Wireless Application Protocol), 23
Pruning node, of attack trees, 122
pthread.h, 252
ptrace, 206
Public key cryptography. See also Cryptography
basic description of, 451–456
cryptography libraries and, 273, 274, 276
license files and, 410
mathematical problems and, 301
with OpenSSL, 287–292
untrusted clients and, 415
PUBLIC keyword, 384
Purify (Rational Software), 149
putenv() function, 319
applying cryptography and, 274
auditing and, 129
trust management and, 322
raccept() function, 434
basic description of, 209–229
broken passwd files and, 216–219
file locking and, 226–227
temporary files and, 225–226
RAM (random-access memory), 344. See also Memory
ramdisks, 225
rand() function, 234, 241, 303, 363
random() function, 231, 234–235
randomize() function, 239, 240
Random number generation, 24, 231–265, 299, 343, 368. See also PRNGs (pseudorandom number generators)
Java and, 263–265
Linux and, 260–261
Rapid development teams, 41
RATS (Rough Auditing Tools for Security), 129–132
RBG 1210 (Tundra), 244
rbind() function, 434
RC4 algorithm, 93, 113, 272, 274, 277, 284
rc5_32_12_16_ofb() function, 284
rconnect() function, 434
Red Hat Linux, 84, 87, 296. See also Linux
Red Hat Package Manager, 87
Red Hat Secure Web Server, 84
Related-key attacks, 443
Remote execution, 414–415
Requirements
auditing and, 120
deriving, 34–35
documents, 31
risk management and, 30–32
Reuse, of code, disadvantages of, 14
REVOKE command, 385
rgetpeername() function, 434
rgetsockname() function, 434
Rijndael algorithm, 449
RIPEMD-160, 272, 273, 274, 278
appropriate uses for, 462
EVP interface and, 286–287
Risk(s). See also Risk management
assessment/identification of, 35–37
getting people to think about security and, 40
ranking, in order of severity, 121, 126
technical trends and, 9–13
two main types of, 24
Risk management. See also Risks
auditing and, 116
basic description of, 3, 29–48
Common Criteria and, 35, 43–46
deriving requirements and, 34–35
design for security and, 37–38
Internet time and, 19
open-source software and, 79
practice of, 40–43
security personnel and, 32–33
security pitfalls and, 24–26
selecting technologies and, 50
RISKS Digest forum, 8–9
RMI (Java Remote Method Invocation), 54, 99
Root
permissions, 103, 110–111, 140–141, 189–190, 200–201
shells, 139
Rosencrantz and Guildenstern Are Dead (Stoppard), 307
RPM (Red Hat Package Manager), 87
rread() function, 434
rrecvfrom() function, 434
rrecv () function, 434
RSA algorithm, 93, 236, 269. See also RSA Security
basic description of, 452–454
client-side security and, 410
cryptography libraries and, 273, 276
digital signatures and, 464
factorization and, 301–302
keys, using hashes to protect, 295
untrusted clients and, 415
RSA Security, 82, 113. See also RSA algorithm
BSAFE library, 277–278
SecurID, 366
rsend() function, 434
rsendmsg() function, 434
rsendto() function, 434
rwrite() function, 434
safe_dir, 223
SafeDisk, 414
SafeWord, 366
Samba, 87
Sandboxing, 52, 102, 206–207, 228
scanf() function, 137, 142, 146, 152
Scanners, security, 132–133
Schneider, Fred, 69
Schneier, Bruce, 7–8, 13, 40, 256, 267, 439, 442, 448
sci.crypt newsgroup, 388
Scripting, cross-site, 325
Script kiddies, 5
<script> tag, 324
Secrets and Lies (Schneier), 13, 40, 439
Secure Computing, 366
SecurID, 366
Securing Java (McGraw), 52
Securities and Exchange Commission (SEC), 19
Security
goals, 18–24
notices, 88–89
pitfalls, 24–26
relative character of, 18
reliability and, comparison of, 15
technical trends affecting, 9–13
use of the term, 14
Security of Data and Transaction Processing (Atluri), 381
Security personnel
qualifications of, 32–33
risk management and, 32–39
role of, 32–33
Seed, use of the term, 232
SELECT statement, 383–386
Sendmail, 101
Server(s). See also Client/server models
buffer overflows and, 141
callbacks to, 412
client-side security and, 325–327
defense in depth and, 97
disabling encryption and, 106
firewalls and, 428
open-source software and, 74, 86
passwords and, 74, 374, 375–376
promoting privacy and, 107
proxies, 432–433
SSL-enable IMAP, 300
trust management and, 309, 325–327
Session keys, 450–451. See also Keys
setpriority() function, 206, 333
setrlimit() function, 316
setuid, 163, 188, 197–202, 314, 319
SHA algorithms, 237, 260, 263, 264, 273
appropriate uses for, 462
basic description of, 458
cryptography libraries and, 272, 274, 276, 278
EVP interface and, 286–287
finding a collision using, 296–297
passwords authentication and, 337, 349, 350
trust management and, 326–327
Shopping carts, 105
SHOW TABLES command, 387
Shrink-wrapped software, 75, 121, 125
Side-channel attacks, 443–444
SIDs (security IDs), 202
Signal-to-noise ratios, 7
Signatures, digital, 410, 413, 459. See also Signatures, handwritten
basic description of, 462–464
DSA (Digital Signature Algorithm) for, 269, 273, 274, 276, 410, 454
PKI and, 463
Signatures, handwritten, 64–66. See also Signatures, digital
Simplicity, as a key goal, 27, 29, 92, 104–107
Skepticism, advantages of, 112
S/Key, 366–369
smap, 432
Common Criteria and, 44, 45–46
as physical tokens, 63–64
Smart Card Security User’s Group, 43, 45–46
Smashing stacks, 135, 139, 150–155, 182. See also Stacks
Smashing the Stack for Fun and Profit (Levy and One), 135, 182
Smith, David L., 21
SMTP (Simple Mail Transport Protocol), 101, 200, 432
Snake Oil FAQ, 112
Sniffing-based attacks, 324
snprintf() function, 81, 145, 149, 153
SOAP (Simple Object Access Protocol), 94
Social engineering attacks, 22–23, 94, 111, 355
socket() function, 333
socketpair() function, 333
SOCKS, 433–435
Software
key role of, 2–3
security pitfalls, 24–26
security, technical trends affecting, 9–13
Software Engineering Institute, 8
Software Security Group, 238
Software Testing Techniques (Beizer), 15
South Park: Bigger, Longer, and Uncut, 335
SPA (Software Piracy Act), 398
Spafford, Gene, 2
SPARC Solaris, 182
SPARC SunOS, 182–183
Specification(s)
formality of, 35
risk assessment and, 36
vague, problems caused by, 17–18
Spiral model, of development, 30–32
Spoofing attacks, 22, 23, 62–63, 295
spool directory, 203
sprintf() function, 81, 129, 137, 142, 144–145, 152
SQL (Structured Query Language), 325–327, 392
INSERT statement, 383
SELECT statement, 383–386
UPDATE statement, 383
SQL Server (Microsoft), 382
src parameter, 143
sscanf() function, 142, 146, 152
SSH (Secure Shell Protocol), 122–124, 269, 366
SSL (Secure Socket Layer), 21–22, 93, 382
applying cryptography and, 270, 297–301
data integrity and, 270
failure modes and, 99–100
firewalls and, 430
functionality provided by, 267
implementations, in cryptography libraries, 277
Netscape’s early implementations of, 254–255
problems with, 456
session keys, 254–255
TLS and, 297–301
use of hybrid cryptography by, 452
decoding, 160–165
inspection, 56
nonexecutable, 150
overflows, 159–177
smashing, 135, 139, 150, 151–155
Stackguard tool, 150–151
stat() function, 220
Statistical attacks, 391–395
stderr function, 315
stdin function, 315
stdio function, 132
stdout function, 315
Sticky bits, 190
Stock(s)
price manipulation, 23
quotes, Web portals which provide, 107
transactions, capture of, 26
Stoppard, Tom, 307
strcat() function, 132, 137, 142, 144, 152
strcpy() function, 77, 80, 128, 137, 141, 142, 149, 152, 160, 168–169
streadd() function, 143, 146–147
strecpy() function, 143–145, 146, 152
strncat() function, 144
strncpy() function, 81, 143, 149, 153, 184
strtrns() function, 143, 147, 152
Stunnel, 299–300
suid root programs, 140
SUM() function, 392
super_user variable, 156–157, 158
Symmetric algorithms
basic description of, 444–451
cryptography libraries and, 272, 274, 276, 277, 278
security of, 447–451
types of, 445–447
Symptoms of problems
fixing, without addressing underlying causes, 16
searching for, 127–128
syscall() function, 333
sysopen() function, 334
system() function, 206, 319–321, 332
Tables. See also Databases
filtering, 385–387
virtual, 385–387
Taint mode (Perl), 52, 331–334
Tampering. See also Tamper-proofing
basic description of, 25
key secrecy and, 109
Tamper-proofing. See also Tampering
anti-debugger measures and, 416–418
basic description of, 416–421
checksums and, 418–420
responding to misuse and, 419–420
“Tao of Windows Buffer Overflow” (Dildog), 185
TCP (Transmission Control Protocol)
CERT advisory regarding, 8
firewalls and, 433
wrappers, 85–86
Technical support, passwords procured through, 22–23, 94, 111, 355
TELNET, 23, 108–109, 311, 366, 460
Temporary files, 225–226
Terrorism, 271
Testing
basic description of, 38–39
black box, 42
first-to-market pressures and, 17
functional, 39
Internet time and, 27
measuring the effectiveness of, 39
recommended books on, 15
scheduling, 17
security engineers and, 38–39
Testing Computer Software (Kaner), 15
Texas Hold ’em Poker, 239–241
Text segment, of memory, 152
Thompson, Ken, 309
Threading, 293
Tickets, basic description of, 62. See also Cookies
Time
current, technique, 235
-of-check race condition, 128, 196, 214–222
-of-use race condition, 128, 196, 214–222
zones, setting, 318
Tiny Entropy Gateway, 252
TOCTOU race conditions, 128, 196, 213–222
to_match variable, 152–154
Topology, 25
Traceability, as a security goal, 19
Transactions. See also Credit cards
authentication and, 23
open-source systems for, 78
promoting privacy and, 107–108
symmetric cryptography and, 446
Trend analysis, 98
Triple DES, 272, 274, 375, 449–450
Tripwire, 87
FBI security breaches and, 111
open-source software and, 85–86, 87
trust management and, 309–310
TrueRand, 253
truncate() function, 333
Trust, 18, 102. See also Trust management
community resources and, 113
in employees, 110
extension of, problems with, 61, 110, 111–112
principle of least privilege and, 100–102
relationships, basic description of, 308–311
Trusted Mach, 61
Trust management. See also Trust
basic description of, 307–334
client-side security and, 325–327
invoking other programs safely and, 319–320
Perl and, 327–329
problems from the Web and, 322–325
protection from hostile callers and, 314–319
“Try-each-key-out” approach, 442
Tundra, 244
Tung, Brian, 305
Tunneling mechanisms, 298, 429–431
Turing, Alan, 71
Turing Award, 309
“Twenty Years of Attacks Against the RSA Cryptosystem” (Boneh), 269
Type confusion attack, 91
Type-safe languages, 150. See also Java
Type safety verification attacks, 91
TZ variable, 318
Ubiquitous networks, 9–13
UIDs (user IDs), 187–190, 193, 196, 198, 201, 203–204
input validation and, 333
race conditions and, 215, 218, 222–223
umask command, 194–195, 197, 226, 314
United Kingdom, 46. See also Europe
UNIX
access control and, 187–202, 204–208
attack code and, 177–185
auditing and, 129
browsers and, 11
buffer overflows and, 140, 141, 178–185
client-side security and, 412
CORBA and, 56
database security and, 385
design for security and, 37
device drivers and, 60
entropy gathering and, 253
FBI security breaches and, 110–111
kernel, 329
open-source software and, 80
passwords authentication and, 339, 344
permissions, 189–190
principle of least privilege and, 101
privilege model, 103
PRNGs and, 259–260
process space protection and, 60
race conditions and, 217
random number generation and, 259–260, 263
representation of, in vulnerability data, 4
selecting technologies and, 52, 56, 60–61
trust management and, 311, 317, 329
use of the term hacker and, 25
unlink() function, 222, 224–226, 333
unmask() function, 333
unmount() function, 222
unsetenv() function, 319
Untrusted applets, 52. See also Applets
UPDATE statement, 383
URLs (Uniform Resource Locators), 22, 323, 324
Usability, 105–106, 358, 367–368
client-side security and, 399
Usability Engineering (Nielson), 106
User(s)
space, 59
-specific information, 410–411
User IDs (UIDs), 187–190, 193, 196, 198, 201, 203–204
input validation and, 333
race conditions and, 215, 218, 222–223
Validation, input
basic description of, 307–334
client-side security and, 325–327
detecting problems related to, 331–334
format string attacks and, 329–330
invoking other programs safely and, 319–320
protection from hostile callers and, 314–319
Variables. See also Variables (listed by name)
buffer overflows and, 151–152, 159–160, 162–165, 172
environment, 316–318
heap overflows and, 155–159
monitoring, 52
private, 53
renaming, 74–75
tamperproofing and, 420
Variables (listed by name). See also Variables
ATH variable, 320
ctx variable, 281
IFS variable, 318–320
LD_LIBRARY_PATH variable, 317
LD_PRELOAD variable, 318
number_matches variable, 152
PATH variable, 318–319, 320, 331
super_user variable, 156–157, 158
to_match variable, 152–154
TZ variable, 318
Vectors, initialization (IVs), 282, 291
vfscanf() function, 143, 146, 152
Views, using, for access control, 385–387
Visa International, 35, 45–46, 97. See also Credit cards
Visual Studio (Microsoft), 130
vsprintf() function, 142, 144, 152
Vulnerability
data, 6–9
detection, difficulties involved with, 79–81
life cycle model for, 16
WAP (Wireless Application Protocol), 23
Waterfall model, of development, 31–32
Weakest link, securing the, 92, 93–86, 97
Web browser(s). See also Web sites
attacks, 254–255
CAs and, 299
as consumer-ware, 17
cookies and, 21–22
firewalls and, 433
license files and, 411
operating systems and, fuzzy boundaries between, 11–13
surfing data collected through, 22
untrusted applets and, 52
Web site(s). See also Web browsers
cross-site scripting and, 325
public key crytography and, 455–456
Web Spoofing (Felten), 23
WHERE clause, 386–387
white board, 125
white space, 318
Windows (Microsoft). See also Windows NT (Microsoft)
access control and, 202
API, 101–102
applying cryptography and, 272, 276, 293
auditing and, 129
browsers and, fuzzy boundaries between, 11
buffer overflows and, 178, 184–185
crash dialog, 72
DCOM and, 57
design for security and, 37
kernel, 11
open-source software and, 70, 72
process space protection and, 60
race conditions and, 214
random number generation and, 260
registry, 70
software, representation of, in vulnerability data, 4
trust management and, 317–318
Windows NT (Microsoft). See also Windows (Microsoft)
access control, 202–204
kernel, 11
process space protection and, 60
random number generation and, 260
“Windows of Vulnerability: A Case Study Analysis” (Arbaugh, Fithen, and McHugh), 16
Winkler, Ira, 22–23
wordencode.c, 369–374
wordlist.dat, 364
WORLD privileges, 56
World War II, cryptography during, 71, 303–304
wrapconcat.c, 166–167
wu-ftpd, 79–81
x86 platform, 155, 160, 162, 172, 260, 417
XOR (Exclusive OR), 71, 181, 418, 424–425
applying cryptography and, 268, 270, 283, 302
data integrity and, 270
DES and, 283
one-time pads and, 302
random number generation and, 233, 255, 256
XP (extreme programming), 35
xterm, 140
X Windows, 247