• DocumentCode
    2793099
  • Title

    Modeling Software VulnerabilitiesWith Vulnerability Cause Graphs

  • Author

    Byers, David ; Ardi, Shanai ; Shahmehri, Nahid ; Duma, Claudiu

  • Author_Institution
    Dept. of Comput. & Inf. Sci., Linkopings Universitet, Linkoping
  • fYear
    2006
  • fDate
    24-27 Sept. 2006
  • Firstpage
    411
  • Lastpage
    422
  • Abstract
    When vulnerabilities are discovered in software, which often happens after deployment, they must be addressed as part of ongoing software maintenance. A mature software development organization should analyze vulnerabilities in order to determine how they, and similar vulnerabilities, can be prevented in the future. In this paper we present a structured method for analyzing and documenting the causes of software vulnerabilities. Applied during software maintenance, the method generates the information needed for improving the software development process, to prevent similar vulnerabilities in future releases. Our approach is based on vulnerability cause graphs, a structured representation of causes of software vulnerabilities
  • Keywords
    safety-critical software; software maintenance; software development organization; software maintenance; software security; software vulnerability modeling; vulnerability cause graphs; Computer worms; Data security; Databases; Information analysis; Information science; Information security; National security; Programming; Software maintenance; Software performance; software security; vulnerability modeling;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Software Maintenance, 2006. ICSM '06. 22nd IEEE International Conference on
  • Conference_Location
    Philadelphia, PA
  • ISSN
    1063-6773
  • Print_ISBN
    0-7695-2354-4
  • Type

    conf

  • DOI
    10.1109/ICSM.2006.40
  • Filename
    4021368