14,521 Hits in 6.6 sec

First principles vulnerability assessment

James A. Kupsch, Barton P. Miller, Elisa Heymann, Eduardo César
2010 Proceedings of the 2010 ACM workshop on Cloud computing security workshop - CCSW '10  
We are now using the results of this comparison study to guide our future research into improving automated software assessment.  ...  FPVA finds new threats to a system and is not dependent on a list of known threats. Manual assessment is labor-intensive, making the use of automated assessment tools quite attractive.  ...  Our special thanks to TASC Inc. for their help in validating and extending our study of automated analysis tools.  ... 
doi:10.1145/1866835.1866852 dblp:conf/ccs/KupschMHC10 fatcat:xxusme4w4nbpvoblttwtqren54

The Coming Era of AlphaHacking? A Survey of Automatic Software Vulnerability Detection, Exploitation and Patching Techniques [article]

Tiantian Ji, Yue Wu, Chang Wang, Xi Zhang, Zhongru Wang
2018 arXiv   pre-print
In this paper, we give an extensive survey of former representative works related to the underlying technologies of a CRS, including vulnerability detection, exploitation and patching.  ...  Utilizing automated system to detect, exploit and patch software vulnerabilities seems so attractive because of its scalability and cost-efficiency compared with the human expert based solution.  ...  At the same time, software security is becoming an emerging worldwide challenge. Software vulnerabilities are one of the root causes of security problems.  ... 
arXiv:1805.11001v2 fatcat:uh5ndhgmt5gpdk4opritn5fnsq

Proposed T-Model to cover 4S quality metrics based on empirical study of root cause of software failures

Dheeraj Chhillar, Kalpana Sharma
2019 International Journal of Electrical and Computer Engineering (IJECE)  
A survey of more than 50 senior IT professionals was done to understand root cause of their software project failures.  ...  <span>There are various root causes of software failures. Few years ago, software used to fail mainly due to functionality related bugs.  ...  IT INDUSTRY SURVEY A survey of 50 senior IT professionals was done to know root cause of software failures and to figure out which phase is most time consuming.  ... 
doi:10.11591/ijece.v9i2.pp1122-1130 fatcat:p3z2coovzfdgfou5qau2r7nthe

Characterizing and Understanding Software Security Vulnerabilities in Machine Learning Libraries [article]

Nima Shiri Harzevili, Jiho Shin, Junjie Wang, Song Wang
2022 arXiv   pre-print
The findings of this study can assist developers in having a better understanding of software security vulnerabilities across different ML libraries and gain a better insight into their weaknesses of them  ...  To do so, in total, we collected 596 security-related commits to exploring five major factors: 1) vulnerability types, 2) root causes, 3) symptoms, 4) fixing patterns, and 5) fixing efforts of security  ...  Availability We make the dataset and source code of our experiments available at Deep-Learning-Security-Vulnerabilities/.  ... 
arXiv:2203.06502v1 fatcat:5kdx4h44w5h4jmzvlp34l63ije

Vulnerabilities as Blind Spots in Developer's Heuristic-Based Decision-Making Processes

Justin Cappos, Yanyan Zhuang, Daniela Oliveira, Marissa Rosenthal, Kuo-Chuan Yeh
2014 Proceedings of the 2014 workshop on New Security Paradigms Workshop - NSPW '14  
ABSTRACT Despite the security community's emphasis on the importance of building secure software, the number of new vulnerabilities found in our systems is increasing.  ...  This paper discusses a new hypothesis to explain this problem and introduces a new security paradigm where software vulnerabilities are viewed as blind spots in developer's heuristicbased decision-making  ...  Acknowledgments We would like to thank our shepherd Julie Boxwell Ard for guidance in writing the pre-proceeding version of the paper and to the NSPW 2014 anonymous reviewers for valuable feedback.  ... 
doi:10.1145/2683467.2683472 dblp:conf/nspw/CapposZORY14 fatcat:hsoxemyshjgijlm3g5k6zcolgu

A Survey Report on Security for Testing Phase of Software Development Process

2014 International Journal of Research and Applications  
Given the need and significance of phased approach of security testing, this article proposes a prescriptive framework elaborating security testing activities to be carried out while integrating it within  ...  Software security test process elaborates various testing activities and describes which activity is to be carried out when.  ...  It appears feasible that a majority of software vulnerabilities to be traced back to a relatively small number of causes, if addressed security testing at development process.  ... 
doi:10.17812/ijra.1.1(2)2014 fatcat:hw7yin7gr5g4xcbr2byhur6hmy

DMAT : A New Network and Computer Attack Classification

Wei JIANG, College of Computer Science, Beijing University of Technology,Beijing 100124, China, Zhi - hong TIAN, Xiang CUI, School of Computer, National University of Defense Technology, Changsha 410073, China, Key Laboratory of Information and Network Security, Ministry of Public Security, Shanghai 201204, China, School of Computer Science a nd Technology, Harbin Institute of Technology, Haerbin 150001, China, The Institute of Computing Technology of the Chinese Academy of Sciences , Beijing 100 080 , China
2013 Journal of Engineering Science and Technology Review  
With the rapid development of computer network and information technology, the Internet has been suffering from a variety of security attacks over the past few years.  ...  In this paper, we study computer and network attacks, and introduce a classification of them and propose a cyber attack classification called DMAT (Defense-oriented Multidimensional Attack Taxonomy).  ...  The worm spread itself using a common type of vulnerability known as a buffer overflow.  ... 
doi:10.25103/jestr.065.15 fatcat:xjyczrphizhs3dmh2ckgzluqxm

Root Kits

Winfried E. Kühnhauser
2004 ACM SIGOPS Operating Systems Review  
This paper is a survey of the works of root kits from an operating systems point of view.  ...  Root Kits are tool boxes containing a collection of highly skilled tools for attacking computer systems.  ...  Summary The starting point of this paper was a survey of the works of root kits.  ... 
doi:10.1145/974104.974105 fatcat:zw5c227c7rdpzmq7rmo5e3w2vq

Mechanisms Of Internet Security Attacks

J. Dubois, P. Jreije
2008 Zenodo  
Internet security attack could endanger the privacy of World Wide Web users and the integrity of their data.  ...  In this paper, various types of internet security attack mechanisms are explored and it is pointed out that when different types of attacks are combined together, network security can suffer disastrous  ...  Root Kits A root kit is a piece of software that, once installed on a victim's machine, opens up a port to allow a hacker to communicate with the machine and take full control of the system.  ... 
doi:10.5281/zenodo.1327923 fatcat:dslh65n5hzbebkttko5tahf5wm

Security Testing of Web Applications: Issues and Challenges

Arunima Jaiswal, Gaurav Raj, Dheerendra Singh
2014 International Journal of Computer Applications  
Fonseca Jose et al. (2008) [14] focuses on the root cause of most security attacks are the vulnerabilities created by the  ...  Due to the rising explosion in the security vulnerabilities, there occurs a need to understand its unique challenges and issues which will eventually serve as a useful input for the security testing tool  ...  security testing of web applications. [5] Automatic Test Approach of Web Application for Security (AutoInspect Fonseca Jose et al. (2008) [14] focuses on the root cause of most security attacks are the  ... 
doi:10.5120/15334-3667 fatcat:d6l2nmlvwjakfax535ngwmptyu

The Intelligent Software Systems: The Practical Implementation of Software Security Vulnerabilities Detection Modeling

Musoni Wilson, Umutesi Liliane, Mbanzabugabo Jean Baptiste
2020 OALib  
There are a number of skills that are required and used to make good software.  ...  This paper presents a description of security objectives and best algorithms to address vulnerability issues to provide better results from planned attacks.  ...  Conflicts of Interest The authors declare no conflicts of interest regarding the publication of this paper.  ... 
doi:10.4236/oalib.1106831 fatcat:cmnozyi76bbsvi76awficx4bea

Software analysis for security

Spiros Mancoridis
2008 2008 Frontiers of Software Maintenance  
This is a survey of the processes, practices, and technologies that can help software maintenance engineers improve the security of software systems.  ...  In addition to surveying the state-of-the-art, research challenges pertaining to software security are posed to the software maintenance research community.  ...  A worse scenario would involve the exploiting of a security vulnerability to gain root access to the operating system of the device.  ... 
doi:10.1109/fosm.2008.4659254 fatcat:lvh7wsvj7rbkfkdv5on762agva

Knowledge representation standards and interchange formats for causal graphs

D.R. Throop, J.T. Malin, L. Fleming
2005 2005 IEEE Aerospace Conference  
12 -In many domains, automated reasoning tools must represent graphs of causally linked events.  ...  We survey existing practice and emerging interchange formats in each of these fields.  ...  Root cause analysis allows inclusion of causes that were not present in the actual sequence -alternative conditions which could have caused or prevented the loss, if they had been present.  ... 
doi:10.1109/aero.2005.1559747 fatcat:p2z7pgrmybgkfjudkl525pz6jq

Analyzing and defending against web-based malware

Jian Chang, Krishna K. Venkatasubramanian, Andrew G. West, Insup Lee
2013 ACM Computing Surveys  
First, we study the attack model, the root-cause, and the vulnerabilities that enable these attacks. Second, we analyze the status quo of the web-based malware problem.  ...  In this paper, we survey the state-of-the-art research regarding the analysis of -and defense againstweb-based malware attacks.  ...  operate by addressing one or more of the root causes. 2.4.1.  ... 
doi:10.1145/2501654.2501663 fatcat:kvmuw7n5wzcq5e4jtpxovxwmue

Vulnerability Assessment in Autonomic Networks and Services: A Survey

Martin Barrere, Remi Badonnel, Olivier Festor
2014 IEEE Communications Surveys and Tutorials  
We focus in this survey on the assessment of vulnerabilities in autonomic environments.  ...  Autonomic networks and services are exposed to a large variety of security risks.  ...  While each network device may present a secure state, a combination of them may cause a distributed vulnerable state across the network.  ... 
doi:10.1109/surv.2013.082713.00154 fatcat:r6zfjuo4vreujkhd7ao2pjmicy
« Previous Showing results 1 — 15 out of 14,521 results