A Taxonomy of Computer Program Security Flaws, with Examples

Abstract

An organized record of actual flaws can be useful to designers, implementors, and evaluators of computer systems. This paper provides a taxonomy for computer program security flaws together with an appendix that carefully documents 50 actual security flaws. These flaws have all been described previously in the open literature, but in widely separated places. For those new to the field of computer security, they provide a good introduction to the characteristics of security flaws and how they can arise. Because these flaws were not randomly selected from a valid statistical sample of such flaws, we make no strong claims concerning the likely distribution of actual security flaws within the taxonomy. However, this taxonomy can be used to organize and abstract more representative samples. Data organized this way could be used to focus efforts to remove security flaws and prevent their introduction.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Nov 19, 1993
Accession Number
ADA274500

Entities

People

  • Alan R. Bull
  • Carl E. Landwehr
  • John P. Mcdermott
  • William S. Choi

Organizations

  • United States Naval Research Laboratory

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Application Software
  • Computer Access Control
  • Computer Program Documentation
  • Computer Program Reliability
  • Computer Programming
  • Computer Programs
  • Computers
  • Cybersecurity
  • Databases
  • Debugging
  • Instruction Set Architecture
  • Operating Systems
  • Software Development
  • Statistical Samples
  • System Software
  • Systems Engineering

Fields of Study

  • Computer science

Readers

  • Educational Psychology
  • Instructional Design and Training Evaluation.

Technology Areas

  • Cyber