Sciweavers

ESSOS
2009
Springer
14 years 4 months ago
Idea: Measuring the Effect of Code Complexity on Static Analysis Results
Abstract. To understand the effect of code complexity on static analysis, thirty-five format string vulnerabilities were studied. We analyzed two code samples for each vulnerabilit...
James Walden, Adam Messer, Alex Kuhl
ESSOS
2009
Springer
14 years 4 months ago
Pattern-Based Confidentiality-Preserving Refinement
Abstract. We present an approach to security requirements engineering, which makes use of special kinds of problem frames that serve to structure, characterize, analyze, and solve ...
Holger Schmidt
ESSOS
2009
Springer
14 years 5 months ago
Systematically Eradicating Data Injection Attacks Using Security-Oriented Program Transformations
Injection attacks and their defense require a lot of creativity from attackers and secure system developers. Unfortunately, as attackers rely increasingly on systematic approaches ...
Munawar Hafiz, Paul Adamczyk, Ralph E. Johnson
ESSOS
2009
Springer
14 years 7 months ago
Idea: Trusted Emergency Management
Through first-responder access to sensitive information for which they have not been pre-vetted, lives and property can be saved. We describe enhancements to a trusted emergency i...
Timothy E. Levin, Cynthia E. Irvine, Terry Benzel,...
ESSOS
2009
Springer
14 years 7 months ago
Report: Measuring the Attack Surfaces of Enterprise Software
Abstract. Software vendors are increasingly concerned about mitigating the security risk of their software. Code quality improvement is a traditional approach to mitigate security ...
Pratyusa K. Manadhata, Yücel Karabulut, Jeann...
ESSOS
2009
Springer
14 years 7 months ago
MEDS: The Memory Error Detection System
Abstract. Memory errors continue to be a major source of software failure. To address this issue, we present MEDS (Memory Error Detection System), a system for detecting memory err...
Jason Hiser, Clark L. Coleman, Michele Co, Jack W....
ESSOS
2009
Springer
14 years 7 months ago
Protection Poker: Structuring Software Security Risk Assessment and Knowledge Transfer
Discovery of security vulnerabilities is on the rise. As a result, software development teams must place a higher priority on preventing the injection of vulnerabilities in softwar...
Laurie Williams, Michael Gegick, Andrew Meneely
ESSOS
2009
Springer
14 years 7 months ago
Toward Non-security Failures as a Predictor of Security Faults and Failures
In the search for metrics that can predict the presence of vulnerabilities early in the software life cycle, there may be some benefit to choosing metrics from the non-security rea...
Michael Gegick, Pete Rotella, Laurie Williams
ESSOS
2009
Springer
14 years 7 months ago
Report: Extensibility and Implementation Independence of the .NET Cryptographic API
Abstract. When a vulnerability is discovered in a cryptographic algorithm, or in a specific implementation of that algorithm, it is important that software using that algorithm or...
Pieter Philippaerts, Cédric Boon, Frank Pie...