Software engineering risk analysis and management
Software engineering risk analysis and management
A taxonomy of computer program security flaws
ACM Computing Surveys (CSUR)
The design and implementation of tripwire: a file system integrity checker
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
Network and internetwork security: principles and practice
Network and internetwork security: principles and practice
Activity monitoring: noticing interesting changes in behavior
KDD '99 Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining
Towards a taxonomy of intrusion-detection systems
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on computer network security
Using the Common Criteria for It Security Evaluation
Using the Common Criteria for It Security Evaluation
Security attribute evaluation method: a cost-benefit approach
Proceedings of the 24th International Conference on Software Engineering
Secure Coding: Principles and Practices
Secure Coding: Principles and Practices
Protecting C programs from attacks via invalid pointer dereferences
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
Exploiting Software: How to Break Code
Exploiting Software: How to Break Code
A taxonomy of DDoS attack and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review
Internet infrastructure security: a taxonomy
IEEE Network: The Magazine of Global Internetworking
Hi-index | 0.00 |
The potential for problems due to malicious code increases in direct proportion with the number of COTS software used in a system. Because of this, many practitioners have used a variety of techniques to address potential attacks. Yet, little guidance has been offered as to which techniques work best, when, and under what conditions. To rectify this problem, we have created a framework that can be used to help those interested in addressing vulnerabilities with a solution. The framework matches defenses to attacks using a risk-based approach that focuses on providing cost-effective protection.