BF Security Concepts
Irena Bojanova, Inventor/Creator, PI & Lead, NIST Bugs Framework (BF), 2014 – ~~~~
`A BF security bug or weakness type relates to a distinct software, firmware (including microcode), or hardware circuit logic execution phase defined by a set of BF operations and their input operands and output results.
A BF operation is the minimal input-process-output code that can produce or propagate an improper name, data, type, address, or size.`
The BF defines the concepts of bug, fault, error, final error, weakness, vulnerability, exploit vector, and failure in the context of cybersecurity to provide the level of detail and granularity needed to understand the causation within a weakness and the causation and propagation between weaknesses and between vulnerabilities.
A security bug is a code or specification defect (i.e., an operation defect) in software, firmware, or hardware circuit logic — that is, proper operands over an improper operation. The specification includes the operation metadata and algorithm.
A bug could be introduced by a programmer, result from a design flaw, or be induced by a hardware defect (e.g., due to overheating). A bug could also resurface from a design flaw (e.g., an unaccounted-for system configuration or environment).
A fault is a name, data, type, address, or size error (i.e., an operand error) — that is, an improper operand over a proper operation.
A fault could result from a bug or another fault or be induced by a hardware defect. In the case of low-level storage (e.g., cache and CPU registers), there is no type fault.
An error is the result of an operation with a bug or faulty operand that propagates to a fault of an operand of another operation.
A security final error is an undefined or exploitable system behavior. A final error results from an operation with a bug or faulty operand.
A security weakness is a ⟨bug, operation⟩→error, ⟨fault, operation⟩→error, ⟨bug, operation⟩→final error, or ⟨fault, operation⟩→final error causal triple.
A security vulnerability is a causal chain of weaknesses that starts with a bug or hardware defect-induced fault, propagates through errors that become faults, and ends with a final error that introduces an exploit vector.
The first weakness concerns the root cause of the vulnerability, and the last weakness concerns its sink.
A security exploit vector is the pathway for the exploitation of a vulnerability.
A security failure is a violation of a system security requirement caused by the exploitation of a security vulnerability.
The BF security concept definitions are contextually visualized in Figure 1. Following the blue solid initial arrow, a security vulnerability may start with a software or firmware security bug (i.e., a code or specification defect within an operation). Following the green dashed arrow, a vulnerability chain may also start from a hardware defect-induced fault.
Figure 1. BF security concepts..
Fixing the bug or hardware defect-induced fault will resolve the vulnerability, as well as any other vulnerability with the same root cause. Fixing a propagated fault, including the cause of the final error at the sink, will only mitigate the vulnerability. Occasionally, several vulnerabilities must converge at their final errors for an exploit to be harmful. Fixing the bug or starting fault of at least one of the chains would avoid the failure. An exploit of a vulnerability may result in a fault starting a new faults-only vulnerability. Fixing the bug or starting fault of the first vulnerability will resolve the entire chain of vulnerabilities.