Sciweavers

SP
1998
IEEE

An Automated Approach for Identifying Potential Vulnerabilities in Software

14 years 4 months ago
An Automated Approach for Identifying Potential Vulnerabilities in Software
This paper presents results from analyzing the vulnerability of security-critical software applications to malicious threats and anomalous events using an automated fault injection analysis approach. The work is based on the well-understood premise that a large proportion of security violations result from errors in software source code and con guration. The methodology employs software fault injection to force anomalous program states during the execution of software and observes their corresponding e ects on system security. If insecure behavior is detected, the perturbed location that resulted in the violation is isolated for further analysis and possibly retro tting with faulttolerant mechanisms. 1 Analyzing the behavior of software It is now well understood that a vast majority of security intrusions are made possible by aws in software. One need only look at the annals of Bugtraq for empirical evidence of this assertion.1 To address this problem, computer security researchers an...
Anup K. Ghosh, Tom O'Connor, Gary McGraw
Added 05 Aug 2010
Updated 05 Aug 2010
Type Conference
Year 1998
Where SP
Authors Anup K. Ghosh, Tom O'Connor, Gary McGraw
Comments (0)