More Web Proxy on the site http://driver.im/

research-article

Impact of inheritance on vulnerability propagation at design phase

Authors:

R. A. KhanAuthors Info & Claims

ACM SIGSOFT Software Engineering Notes, Volume 34, Issue 4

Pages 1 - 5

https://doi.org/10.1145/1543405.1543411

Published: 06 July 2009 Publication History

Abstract

The design phase of software development provides the foundation for secure software. Reducing vulnerability at this phase minimizes rework in subsequent development phases. Currently, no efficient measure or method is available to reduce this vulnerability. In or-der to address this problem, we have proposed an algorithm to measure vulnerability propagation for an object-oriented design that calculates the Attribute Vulnerability Ratio (AVR).

References

[1]

Ozment, A.,(2007): Improving vulnerability discovery models. In QoP'07-ACM Workshop on Quality of Protection. 29 Oct 2007, ACM Press, pp. 6--11.

Digital Library

[2]

Alhazmi, O.H., Malaiya, Y.K. (2005):Modeling the vulnerability discovery process. In ISSRE'05- IEEE Symp. On Software Reliability Engineering, 8-11 Nov 2005,IEEE, pp. 1--10.

Digital Library

[3]

Alhazmi, O.A., Malaiya, Y.K. Ray, I. (2005) Security vulnerabilities in software systems: A quantitative perspective. Data and Applications Security 2005, LNCS 3654, pp. 281--294.

Digital Library

[4]

Viega, J., Bloch J.T., Kohno T., McGraw G.(2000): ITS4: A static vulnerability scanner for C and C++ code. In ACSAC'00- IEEE Conf. on Computer Security Applications, 11-15 Dec 2000, IEEE, pp. 257--267.

Digital Library

[5]

D. DaCosta, C. Dahn, S. Mancoridis, and V. Prevelakis, "Characterizing the 'security vulnerability likelihood' of softawre functions," Proc. IEEE Conf. Software Maintenance, (ICSM'03), IEEE, 22-26 Sep. 2003, pp. 266--274.

Digital Library

[6]

Chen, H., Wanger, D. (2002): MOPS: an Infrastructure for Examining Security Properties of Software. Technical Report: CSD-02-1197, 2002, ACM, pp. 235--236.

Digital Library

[7]

Tevis, J.-E. J., Hamilton, Jr., J.A. (2004): Methods for the prevention, detection and removal of software security vulnerabilities. In ACMSE'04-Southeast Conference, 2-3 Apr, 2004, ACM Press, pp. 197--202.

Digital Library

[8]

Hadavi, M.A., Sangehi, H.M., Hamishagi, V.S., Shirazi, H. (2008): Software security: A vulnerability -- activity revisit. In ARES'08-IEEE Conf. on Availability, Reliability and Security, 4-7 Mar 2008, IEEE, pp. 866--872.

Digital Library

[9]

Torr, P.(2005): Demystifying the threat-modeling process. IEEE Security&Privacy, vol. 3, Sep-Oct 2005, IEEE, pp. 66--70.

Digital Library

[10]

McGraw, G. (2004): Software security. IEEE Security&Privacy, vol. 2,Jan-Feb 2004, IEEE, pp. 80--83.

Digital Library

[11]

Chung, C.M., Wang, C.C., Lee, M.C. (1994): Class hierarchy based metric for object oriented design," In TENCON'94- Conf.on Frontiers of Computer Technology, 22-26 Aug 1994, IEEE, pp. 986--991.

[12]

Spooner, D.L. The impact of inheritance on security in object-oriented database systems. Available at: http://www.cs.rpi.edu/research/ps/88-27.ps

[13]

Kaomea, P. (1996): Beyond security: A Data Quality Perspective on defensive Information Warfare. In MIT IQ Conference-1996 International Conference on Information Quality, Sponsored by UC Berkeley CITM, 1996.

[14]

Agrawal, A. Chandra, S., Khan, R.A. (2009): An Efficient Measurement of Object Oriented Vulnerability. In ARES'09- IEEE Conf. Availability, Reliability and Security, 16-19 March 2009, IEEE, pp. 618--622.

[15]

McGraw, G. (2003): From the ground up: The DIMACS software security workshop. IEEE Security&Privacy, vol. 1, Mar-Apr 2003, pp. 59--66.

Digital Library

[16]

Taylor, B., Azadegan, S.(2006): Threading Secure Coding Principles and Risk Analysis into the Undergraduate Computer Science and Information System Curriculum. In conf. on Information Security Curriculum Developemnt, 2006, ACM, pp. 24--29.

Digital Library

[17]

Moha, N. (2003): Detection and Correction of Design Defects in Object Oriented Architectures. In WOOR'03- Workshop On Object Oriented Reengineering, 21 July 2003, pp. 949--950, available at: http://www.etud.iro.umontreal.ca/~mohanaou/paper/ECOOP06/Moha06-DS_ECOOP.pdf

Digital Library

[18]

Nichols, E.A., Peterson, G.(2007): A Metric Framework to Drive Application Security Improvement, IEEE Security and Privacy, Mar-Apr 2007, IEEE, pp. 88--91.

Digital Library

[19]

Scandariato, R., Win, Joosen W.(2006): Towards a Measuring Framework for Security Properties of Software. In QoP'06- Workshop on Quality of Protection, October 2006, ACM, pp. 27--30.

Digital Library

[20]

Chandra S., Khan, R.A. (2008): Object Oriented Software Security Estimation Life Cycle - Design Phase Perspective. Journal of Software Engineering, vol. 2, 2008, pp. 39--46.

[21]

Agrawal, A., Khan, R.A., Chandra, S. (2008): Software security process-development life cycle perspective. CSI communications, August 2008, vol.32, no.5, pp.39--42.

[22]

Bansia, J.(2002): A Hierarchical Model for Object- Oriented Design Quality Assessment. IEEE Transaction on Software Engineering, vol. 28, 2002, IEEE,pp. 4--11.

Digital Library

[23]

Viega, J., McGraw G.(2005): Building Secure Software. Addition Wesley, 2005.

[24]

Manadhata, P., Wing, J.M.(2005): An Attack Surface Metric. CMU-CS-05-155, Available at: http://www.cs.cmu.edu/%7Ewing/publications/CMU-CS-05-155.pdf.

Cited By

Sotos Martínez EVillanueva NOrellana L(2021)A Survey on the State of the Art of Vulnerability Assessment Techniques14th International Conference on Computational Intelligence in Security for Information Systems and 12th International Conference on European Transnational Educational (CISIS 2021 and ICEUTE 2021)10.1007/978-3-030-87872-6_20(203-213)Online publication date: 22-Sep-2021
https://doi.org/10.1007/978-3-030-87872-6_20
Cao YDong YWei XWu X(2019)AADL Vulnerability Modeling and Security Analysis Method2019 IEEE 19th International Conference on Software Quality, Reliability and Security Companion (QRS-C)10.1109/QRS-C.2019.00080(399-406)Online publication date: Jul-2019
https://doi.org/10.1109/QRS-C.2019.00080
Jinan SKefeng PXuefeng CJunfu Z(2017)Security Patterns from Intelligent Data: A Map of Software Vulnerability Analysis2017 IEEE 3rd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing, (HPSC) and IEEE International Conference on Intelligent Data and Security (IDS)10.1109/BigDataSecurity.2017.9(18-25)Online publication date: May-2017
https://doi.org/10.1109/BigDataSecurity.2017.9
Show More Cited By

Index Terms

Recommendations

Fuzzing vulnerability discovery techniques: Survey, challenges and future directions
Abstract
Fuzzing is a powerful tool for vulnerability discovery in software, with much progress being made in the field in recent years. There is limited literature available on the fuzzing vulnerability discovery approaches. Hence, in this ...
Attack Potential in Impact and Complexity
ARES '17: Proceedings of the 12th International Conference on Availability, Reliability and Security

Vulnerability exploitation is reportedly one of the main attack vectors against computer systems. Yet, most vulnerabilities remain unexploited by attackers. It is therefore of central importance to identify vulnerabilities that carry a high 'potential ...
Predicting Severity of Software Vulnerability Based on Grey System Theory
Proceedings of the ICA3PP International Workshops and Symposiums on Algorithms and Architectures for Parallel Processing - Volume 9532

Vulnerabilities usually represents the risk level of software, therefore, it is of high value to predict vulnerabilities so as to evaluate the security level of software. Current researches mainly focus on predicting the number of vulnerabilities or the ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM SIGSOFT Software Engineering Notes

ACM SIGSOFT Software Engineering Notes Volume 34, Issue 4

July 2009

152 pages

ISSN:0163-5948

DOI:10.1145/1543405

Issue’s Table of Contents

Copyright © 2009 Authors.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 July 2009

Published in SIGSOFT Volume 34, Issue 4

Check for updates

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
301
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Sotos Martínez EVillanueva NOrellana L(2021)A Survey on the State of the Art of Vulnerability Assessment Techniques14th International Conference on Computational Intelligence in Security for Information Systems and 12th International Conference on European Transnational Educational (CISIS 2021 and ICEUTE 2021)10.1007/978-3-030-87872-6_20(203-213)Online publication date: 22-Sep-2021
https://doi.org/10.1007/978-3-030-87872-6_20
Cao YDong YWei XWu X(2019)AADL Vulnerability Modeling and Security Analysis Method2019 IEEE 19th International Conference on Software Quality, Reliability and Security Companion (QRS-C)10.1109/QRS-C.2019.00080(399-406)Online publication date: Jul-2019
https://doi.org/10.1109/QRS-C.2019.00080
Jinan SKefeng PXuefeng CJunfu Z(2017)Security Patterns from Intelligent Data: A Map of Software Vulnerability Analysis2017 IEEE 3rd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing, (HPSC) and IEEE International Conference on Intelligent Data and Security (IDS)10.1109/BigDataSecurity.2017.9(18-25)Online publication date: May-2017
https://doi.org/10.1109/BigDataSecurity.2017.9
Alshammari BFidge CCorney D(2016)Developing Secure Systems: A Comparative Study of Existing MethodologiesLecture Notes on Software Engineering10.7763/LNSE.2016.V4.2394:2(139-146)Online publication date: May-2016
https://doi.org/10.7763/LNSE.2016.V4.239
Agrawal AKhan R(2011)A framework for vulnerability minimization — Object oriented design perspective2011 2nd International Conference on Computer and Communication Technology (ICCCT-2011)10.1109/ICCCT.2011.6075131(499-504)Online publication date: Sep-2011
https://doi.org/10.1109/ICCCT.2011.6075131
Agrawal AKhan R(2011)Assessing and Improving Encapsulation for Minimizing Vulnerability of an Object Oriented DesignComputational Intelligence and Information Technology10.1007/978-3-642-25734-6_90(531-533)Online publication date: 2011
https://doi.org/10.1007/978-3-642-25734-6_90
Agrawal AKhan R(2009)OO VulnerabilityNetwork Security10.1016/S1353-4858(09)70111-42009:10(13-17)Online publication date: 1-Oct-2009
https://dl.acm.org/doi/10.1016/S1353-4858%2809%2970111-4

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents