Re: Taxonomies

From: Alex Russell (alex@netWindows.org)
Date: 04/02/02


Date: Tue, 2 Apr 2002 19:39:29 +0000
From: Alex Russell <alex@netWindows.org>
To: "Marco de Vivo [UCV]" <mdevivo@reacciun.ve>

When you say "Howard" in terms of taxonomy, are you referring to Howard &
Longstaff? If so, you should really read Krsul as Howard's taxonomy is
nothing but an attribute accumulation system. Howard's taxonomy does not
provide repeatable methodologies or decision trees. Furthermore, it fails
to detail workable definitions for the language he introduces, rendering
it impotent for classifying anything other than laboratory situations and
making discussion between researchers (the point of a taxonomy) no easier
than before his paper.

Krsul [97 and thesis with Prof Spafford] makes a much better attempt at
rationally analyzing taxonomies and providing binary decision points. It
has failings, but is the best attempt at an attack classification taxonomy
(IMHO) to date.

Good luck.

-- 
Alex Russell
http://netWindows.org
http://alex.netWindows.org

"Marco de Vivo [UCV]" <mdevivo@reacciun.ve> wrote:

> Hi fellows.- > > Could some of you give some advice about sites/urls/papers/books etc. > discussing taxonomies related to: > > Attacks > Vulnerabilities > Incidents > Breaches > Security > Protection > Forensics (Does any taxonomy about this, indeed exist?) > Any mix of the above > > > I am familiarized with the following taxonomies: > > Howard's > SRI's > Lindqvist & Jonssen's > Cohen's > Cheswick & Bellovin's > Landwehr's > Neumann & Parker's > > > Thank you for your help > > Marco