• DocumentCode
    1565458
  • Title

    A Cause-Based Approach to Preventing Software Vulnerabilities

  • Author

    Byers, David ; Shahmehri, Nahid

  • Author_Institution
    Dept. of Comput. & Inf. Sci., Linkopings Univ., Linkoping
  • fYear
    2008
  • Firstpage
    276
  • Lastpage
    283
  • Abstract
    Security is often an afterthought in software development, sometimes even bolted on during deployment or in maintenance through add-on security software and penetrate-and-patch maintenance. We think that security needs to be an integral part of software development and that preventing vulnerabilities by addressing their causes is as important as detecting and fixing them. In this paper we present a method for determining how to prevent vulnerabilities from being introduced during software development. Our method allows developers to select the set of activities that suits them best while being assured that those activities will prevent vulnerabilities. Our method is based on formal modeling of vulnerability causes and is independent of the software development process being used.
  • Keywords
    program verification; security of data; software maintenance; add-on security software; cause-based approach; formal model; penetrate-and-patch maintenance; software development; software vulnerability prevention; Availability; Buffer overflow; Computer security; Databases; Documentation; Information science; Information security; Logic gates; Parallel programming; Software maintenance; Security modeling; Software security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Availability, Reliability and Security, 2008. ARES 08. Third International Conference on
  • Conference_Location
    Barcelona
  • Print_ISBN
    978-0-7695-3102-1
  • Type

    conf

  • DOI
    10.1109/ARES.2008.12
  • Filename
    4529348