DocumentCode
2793099
Title
Modeling Software VulnerabilitiesWith Vulnerability Cause Graphs
Author
Byers, David ; Ardi, Shanai ; Shahmehri, Nahid ; Duma, Claudiu
Author_Institution
Dept. of Comput. & Inf. Sci., Linkopings Universitet, Linkoping
fYear
2006
fDate
24-27 Sept. 2006
Firstpage
411
Lastpage
422
Abstract
When vulnerabilities are discovered in software, which often happens after deployment, they must be addressed as part of ongoing software maintenance. A mature software development organization should analyze vulnerabilities in order to determine how they, and similar vulnerabilities, can be prevented in the future. In this paper we present a structured method for analyzing and documenting the causes of software vulnerabilities. Applied during software maintenance, the method generates the information needed for improving the software development process, to prevent similar vulnerabilities in future releases. Our approach is based on vulnerability cause graphs, a structured representation of causes of software vulnerabilities
Keywords
safety-critical software; software maintenance; software development organization; software maintenance; software security; software vulnerability modeling; vulnerability cause graphs; Computer worms; Data security; Databases; Information analysis; Information science; Information security; National security; Programming; Software maintenance; Software performance; software security; vulnerability modeling;
fLanguage
English
Publisher
ieee
Conference_Titel
Software Maintenance, 2006. ICSM '06. 22nd IEEE International Conference on
Conference_Location
Philadelphia, PA
ISSN
1063-6773
Print_ISBN
0-7695-2354-4
Type
conf
DOI
10.1109/ICSM.2006.40
Filename
4021368
Link To Document