[Me] :- Let’s look at various attacks through the operating system?
[Guruji]:- ok, while we do that let’s exclude the file system.
OS attack # 1
Exhaust the amount of physical memory
· Does the application handle cases when no more free memory is available on the heap?
· C/C++ coders: When was the last time you checked if your “new” call returned null?
· Can also test under varying amounts of memory or generating other memory faults
OS attack # 2
Inject Network Faults
· Explore network traffic, load on a particular port, or loss of services (e.g. network is down, port unavailable)
· Useful to examine performance
· E.g., on versions of IE can lose current page if network shut down
Some of these system faults are difficult to generate, e.g.
· Out of memory
· Locked memory
· Out of disk space
· CRC errors
[Me] :- Do any tools exist to simulate the system software
[Guruji]:- yes, Tester can inject faults of choosing
· Ex. Canned HEAT or Holodeck from Florida Institute of TechnologyVirtual machine, e.g. VM Ware of Virtual Server