FEATURE BASED VULNERABILITIES: GUIDING SECURE DEVELOPMENT

This paper surveys network security as it is affected by the presence of features and their implementation with a focus on network features involving identification and routing. In the context of this paper, a feature is defined to be the smallest unit of meaningful functionality. The survey is based on the hypothesis that understanding vulnerabilities introduced by features and attacks on features can aid in secure development. The utility of a system can be measured by the number, quality, and availability of its features. Therefore, exposure to attacks is related to the number of features a system provides. This has increasing importance as computer sales depend on ever more feature rich products. Network security must consider the trade off between essential features with security needs. This paper exposes some of the open problems and fundamental challenges in security, and examines possible ways to approach them because secure development must find a way to eliminate the set of flaws in a system not just patch vulnerabilities as attacks against them arise.