Sciweavers

DSN
2000
IEEE

Testing for Software Vulnerability Using Environment Perturbation

14 years 3 months ago
Testing for Software Vulnerability Using Environment Perturbation
We describe an methodology for testing a software system for possible security flaws. Based on the observation that most security flaws are caused by the program’s inappropriate interactions with the environment, and triggered by user’s malicious perturbation on the environment (which we call an environment fault), we view the security testing problem as the problem of testing for the fault-tolerance properties of a software system. We consider each environment perturbation as a fault and the resulting security compromise a failure in the toleration of such faults. Our approach is based on the well known technique of fault-injection. Environment faults are injected into the system under test and system behavior observed. The failure to tolerate faults is an indicator of a potential security flaw in the system. An Environment-Application Interaction (EAI) fault model is proposed which guides us to decide what faults to inject. Based on EAI, we have developed a security testing m...
Wenliang Du, Aditya P. Mathur
Added 30 Jul 2010
Updated 30 Jul 2010
Type Conference
Year 2000
Where DSN
Authors Wenliang Du, Aditya P. Mathur
Comments (0)