The SDSC storage resource broker
CASCON '98 Proceedings of the 1998 conference of the Centre for Advanced Studies on Collaborative research
An Online Credential Repository for the Grid: MyProxy
HPDC '01 Proceedings of the 10th IEEE International Symposium on High Performance Distributed Computing
Threat Modeling
Distributed computing in practice: the Condor experience: Research Articles
Concurrency and Computation: Practice & Experience - Grid Performance
Cyber War: The Next Threat to National Security and What to Do About It
Cyber War: The Next Threat to National Security and What to Do About It
Distributed web security for science gateways
Proceedings of the 2011 ACM workshop on Gateway computing environments
Automated tracing and visualization of software security structure and properties
Proceedings of the Ninth International Symposium on Visualization for Cyber Security
Hi-index | 0.00 |
Clouds and Grids offer significant challenges to providing secure infrastructure software. As part of a our effort to secure such middleware, we present First Principles Vulnerability Assessment (FPVA), a new analyst-centric (manual) technique that aims to focus the analyst's attention on the parts of the software system and its resources that are most likely to contain vulnerabilities that would provide access to high-value assets. FPVA finds new threats to a system and is not dependent on a list of known threats. Manual assessment is labor-intensive, making the use of automated assessment tools quite attractive. We compared the results of FPVA to those of the top commercial tools, providing the first significant evaluation of these tools against a real-world known collection of serious vulnerabilities. While these tools can find common problems in a program's source code, they miss a significant number of serious vulnerabilities found by FPVA. We are now using the results of this comparison study to guide our future research into improving automated software assessment.