A Proposed Taxonomy of Software Weapons

Abstract: The terms and classification schemes used in the computer security field today are not standardised. Thus the field is hard to take in, there is a risk of misunderstandings, and there is a risk that the scientific work is being hampered. Therefore this report presents a proposal for a taxonomy of software based IT weapons. After an account of the theories governing the formation of a taxonomy, and a presentation of the requisites, seven taxonomies from different parts of the computer security field are evaluated. Then the proposed new taxonomy is introduced and the inclusion of each of the 15 categories is motivated and discussed in separate sections. Each section also contains a part briefly outlining the possible countermeasures to be used against weapons with that specific characteristic. The final part of the report contains a discussion of the general defences against software weapons, together with a presentation of some open issues regarding the taxonomy. There is also a part discussing possible uses for the taxonomy. Finally the report is summarised.