Classify each of the following vulnerabilities using the Protection Analysis Mode( PA) model. Assume that the classification is for the implementation level. Remember to justify your answers. (a) The presence of the “wiz” command in the sendmail program (b) The failure to handle the IFS shell variable by loadmodule (c) The failure to select an Administrator password that was difficult to guess (d) The failure of the Burroughs system to detect offline changes to files Protection Analysis Mode( PA) model:
Classify each of the following vulnerabilities using the Protection Analysis Mode( PA) model. Assume that the classification is
for the implementation level. Remember to justify your answers.
(a) The presence of the “wiz” command in the sendmail
(b) The failure to handle the IFS shell variable by loadmodule
(c) The failure to select an Administrator password that was difficult to guess
(d) The failure of the Burroughs system to detect offline changes to files
Protection Analysis Mode( PA) model:
Improper protection domain initialization and enforcement
a. Improper choice of initial protection domain
b. Improper isolation of implementation detail
c. Improper change, consistency of data over time
d. Improper naming
e. Improper deallocation or deletion
2. Improper validation, validation of operands, queue management
3. Improper synchronization
a. Improper indivisibility, interrupted atomic operations
b. Improper sequencing, serialization
4. Improper choice of operand or operation
Step by step
Solved in 2 steps