Software reliability: measurement, prediction, application
Software reliability: measurement, prediction, application
Handbook of software reliability engineering
Handbook of software reliability engineering
Terra: a virtual machine-based platform for trusted computing
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
BIND: A Fine-Grained Attestation Service for Secure Distributed Systems
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Property-based attestation for computing platforms: caring about properties, not mechanisms
NSPW '04 Proceedings of the 2004 workshop on New security paradigms
PRIMA: policy-reduced integrity measurement architecture
Proceedings of the eleventh ACM symposium on Access control models and technologies
Mining metrics to predict component failures
Proceedings of the 28th international conference on Software engineering
Design and implementation of a TCG-based integrity measurement architecture
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Semantic remote attestation: a virtual machine directed approach to trusted computing
VM'04 Proceedings of the 3rd conference on Virtual Machine Research And Technology Symposium - Volume 3
Predicting vulnerable software components
Proceedings of the 14th ACM conference on Computer and communications security
Flicker: an execution infrastructure for tcb minimization
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Property-Based Attestation without a Trusted Third Party
ISC '08 Proceedings of the 11th international conference on Information Security
Security metrics for software systems
Proceedings of the 47th Annual Southeast Regional Conference
Searching for a Needle in a Haystack: Predicting Security Vulnerabilities for Windows Vista
ICST '10 Proceedings of the 2010 Third International Conference on Software Testing, Verification and Validation
TrustVisor: Efficient TCB Reduction and Attestation
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
The beauty and the beast: vulnerabilities in red hat’s packages
USENIX'09 Proceedings of the 2009 conference on USENIX Annual technical conference
Hi-index | 0.00 |
Users and administrators are often faced with the choice between different software solutions, sometimes even have to assess the security of complete software systems. With sufficient time and resources, such decisions can be based on extensive testing and review. However, in practice this is often too expensive and time consuming. In this paper, we present a pragmatic, but scalable approach for the trustworthiness assessment of software programs based on their security history. The approach can be used to, e.g. automatically sort programs in an App store by their security record or to assess the trustworthiness of complex software systems in remote attestation schemes. Our prototype implementation for the popular Debian GNU/Linux system achieves good prediction accuracy for individual programs as well as entire systems.