Title :
An automated approach for identifying potential vulnerabilities in software
Author :
Ghosh, Anup K. ; O´Connor, Tom ; McGraw, Gary
Author_Institution :
Reliable Software Technol. Corp., Sterling, VA, USA
Abstract :
The paper presents results from analyzing the vulnerability of security-critical software applications to malicious threats and anomalous events using an automated fault injection analysis approach. The work is based on the well understood premise that a large proportion of security violations result from errors in software source code and configuration. The methodology employs software fault injection to force anomalous program states during the execution of software and observes their corresponding effects on system security. If insecure behaviour is detected, the perturbed location that resulted in the violation is isolated for further analysis and possibly retrofitting with fault tolerant mechanisms
Keywords :
safety-critical software; security of data; software fault tolerance; system monitoring; anomalous events; anomalous program states; automated approach; automated fault injection analysis approach; fault tolerant mechanisms; insecure behaviour detection; malicious threats; perturbed location; potential software vulnerabilities; security violations; security-critical software applications; software fault injection; software source code; system security; Application software; Capability maturity model; Computer security; Performance analysis; Protocols; Software debugging; Software performance; Software quality; Software testing; Software tools;
Conference_Titel :
Security and Privacy, 1998. Proceedings. 1998 IEEE Symposium on
Conference_Location :
Oakland, CA
Print_ISBN :
0-8186-8386-4
DOI :
10.1109/SECPRI.1998.674827
