Information Technology Reference
In-Depth Information
R S = R PD
R PD
R S
R S
R PD
R all
R all
R all
Fig. 6. Condition N1
Fig. 7. Condition N2
Fig. 8. Condition N3
R exc ess = R PD
R S
R PD
R S
R PD
R all
R all
Fig. 9. Vulnerability Tests in Negative Specification
As in positive case, here we need both tests when we check the 'Equity' condition.
To check the 'Negative Secrecy' we need only Test N1. And we need to provide the
Test N2 to check the 'Negative Availability'.
The above mentioned conditions and tests can be successfully extended to support
users operations, because of granular nature of the sets to be compared.
Therefore, in positive case of OSCV detection, as well as in negative mode, we
need to fulfill the following flowchart:
parsing the criteria format specifications,
comparing the sets of the security configurations (according to Conditions above),
analyzing the results of the sets comparison (according to Tests above).
To make this algorithm a mechanical procedure, we have designed and built a
vulnerability detection tool — the Vulnerability Criteria Processing Unit (VCPU).
4 The Criteria Calculus Procedure
Formal approaches are not intuitive. We do map our technique onto executive
implementation. To automate the OSCVs detection according to the technique
mentioned above, we have developed the Vulnerability Criteria Processing Unit
( VCPU ). This utility is a calculus facility for the Safety Problem Resolver , the part of
the Safety Evaluation Workshop ( SEW ). Original conception of the SEW was
presented in [8], and the current paper discloses the theoretical basis of the SEW's
core component.
Search WWH ::




Custom Search