Assessment of windows system security using vulnerability relationship graph
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
OSDC: adapting ODC for developing more secure software
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Hi-index | 0.00 |
Testing for software security is a lengthy, complex and costlyprocess. Currently, security testing is done using penetrationanalysis and formal verification of security kernels. Thesemethods are not complete and are difficult to use. Hence it isessential to focus testing effort in areas that have a greaternumber of security vulnerabilities to develop secure softwareas well as meet budget and time constraints. We propose atesting strategy based on a classification of vulnerabilities todevelop secure and stable systems. This taxonomy will enablea system testing and maintenance group to understand thedistribution of security vulnerabilities and prioritize theirtesting effort according to the impact the vulnerabilities haveon the system. This is based on Landwehr's classificationscheme for security flaws and we evaluated it using a databaseof 1360 operating system vulnerabilities. This analysisindicates vulnerabilities tend to be focused in relatively fewareas and associated with a small number of softwareengineering issues.