Title :
Analysis of a Security Incident of Open Source Middleware – Case Analysis of 2008 Debian Incident of OpenSSL
Author :
Nishimura, Takeshi ; Sato, Hiroyuki
Author_Institution :
Inf. Technol. Center, Univ. of Tokyo, Tokyo, Japan
Abstract :
Open source software is proved to be very useful in saving time and cost in building software of complex functions. Security is not an exception of this trend. A problem in securityware is the guarantee of its quality on security. In this paper, we analyze 2008 Debian incident on OpenSSL. The vulnerability on pseudo-random number generation is identified apart from the announcement of Debian. Furthermore, we have made an experiment on about 7,200,000,000 predictable key generations, and proved that the vulnerability brought in this incident is not a severe one.
Keywords :
middleware; public domain software; random number generation; security of data; software quality; OpenSSL; case analysis; open source middleware; pseudo-random number generation; security quality; securityware; Application software; Certification; Cost function; IEEE news; Informatics; Information analysis; Information security; Middleware; Open source software; Software quality; Debian; OpenSSL; digital certificate; incident analysis; vulnerability;
Conference_Titel :
Applications and the Internet, 2009. SAINT '09. Ninth Annual International Symposium on
Conference_Location :
Bellevue, WA
Print_ISBN :
978-1-4244-4776-3
Electronic_ISBN :
978-0-7695-3700-9
DOI :
10.1109/SAINT.2009.73
