Formal Definition and Categprization of Vulnerabilities using Take-Grant Protection Model

In this paper, we first propose formal definitions of vulnerability , exploit , and attak in computer systems. The presented definition of vulnerability is based on its likely effect on the system. Which is often overlooked. Then we suggest an impact based categorization of vulnerabilities and their formal definition model to define the categories , the categorization is independent of take-grant protection models. A broad examples of vulnerabilities are presented to show the categorization usefulness.