Operating System security vulnerabilities

Operating System security vulnerabilities

Introduction

It is quite commonly acknowledged that it is very difficult to achieve software free of fault. While great amount of testing may cut off a significant proportion of flaws, it is not possible to completely eliminate them. In the past, a defect density varying from three to six faults per one thousand lines of software code has been quite common. Hence, the researchers have made various attempts for estimating, the number of defects in a specific release version of a software, in a quantitative manner.

Such measures assist in the determination of the resources which require being assigned for testing a specific piece of software for the fact that the vulnerabilities to operating system security are deemed as being a special case of software faults, a similar measure to estimate the security vulnerabilities is necessary. This paper presents the quantitative analysis of the number of vulnerabilities in various recent operating systems. This type of classification of vulnerabilities may be employed for evaluating the metrics that may guide through the allotment of resources for scheduling, security testing, and the establishment of security patches.

Related Work

Some work has been done recently on the quantitative aspects of security however there are several significant issues which are yet to be covered. The widely acknowledged metrics are required, which are meaningful, useful, and practical. There are varying scopes of quantitative analysis of security. On the basis of the way to analyze the systems, the appropriate metric may be varying (Alhazmi, et.al., 2004). Burgess has made some contribution employing the backgrounds of reliability and dependability. They have attempted to assess and measure the security from this standpoint. They have put in contrast the security attributes and the reliability of the systems. They have suggested the employment of effort rather than time for characterizing the accretion of vulnerabilities (Burgess, 2001).

Nevertheless, they did not mention the way to analyze the effort. An emphasis has been placed by some other researchers on designing and modeling tools which would create the possibility for some sort of security assessment. A framework has been proposed by Haldar & Aravind for comparing and measuring the systems security by splitting the system into smaller components and taking into consideration their respective importance and possibilities of failure (Haldar & Aravind, 2010).

Lindskog has analyzed a number of systems employing the vulnerability data documented by CERT. Lindskog has also analyzed some actual statistical data for studying the development of collective vulnerabilities that are found. An understanding is required to be developed regarding the processes that control the delivery rates of the vulnerabilities. With the availability of increasing amount of data, the models may be verified and enhanced. The objective is to be confident that the current model would facilitate the users and developers in better assessing the security of such systems (Lindskog, 2000).

Observations on Common Security Vulnerabilities

Observations regarding the vulnerabilities of widespread operating systems that are mainly extracted from the information gathered in the security analysis are demonstrated in this section of the ...