Abstract
A theoretical foundation for penetration analysis of computer systems is presented, which is based on a hypothesis and a set of formalized design properties that characterize penetration resistance. By separating the policy-enforcement mechanisms of a system from the mechanisms necessary to protect the system itself, and by using a unified framework for representing a large set of penetration scenarios, we develop an extensible model for penetration analysis. Furthermore, we illustrate how the model is used to implement automated tools for penetration analysis. The model and tools only address system-penetration patterns caused by unprivileged users' code interactions with a system.
Get full access to this article
View all access options for this article.