CLASSES OF VULNERABILITIES AND ATTACKS

PASCAL MEUNIER

Purdue University CERIAS, West Lafayette, Indiana

1 INTRODUCTION

The analysis of the nature of flaws, vulnerabilities, weaknesses, and the attacks they enable has fascinated computer scientists. A better understanding of vulnerabilities and attacks can be achieved by grouping them based on common properties and similarities. Many groups and “types” are commonly discussed in computer security texts and secure programming materials. These popular classifications usually capture a defect or a weak technology that enables attacks or present an appealing, succinct, and useful point of view for discussing vulnerabilities. It is common to refer to the set of vulnerabilities that enable attack scenario X as “X vulnerabilities”, for example, “cross-site scripting (XSS) vulnerabilities”. Sometimes the name of a technology is used instead of the name of an attack, for example, “format string vulnerabilities”. However, the popular vulnerability types suffer from many defects, such as ambiguities and overlapping classifications. A single vulnerability may belong to several popular types simultaneously or at different times, when the analysis is performed from a different point of view or from a different level of abstraction. A systematic grouping can achieve the status of a scientific classification if it meets rigorous criteria, such as reproducibility, objectivity, and lack of ambiguity. First, popular classifications are reviewed and ...