keynote

Public Access

History and Future of Automated Vulnerability Analysis

Author:

Adam DoupéAuthors Info & Claims

SACMAT '19: Proceedings of the 24th ACM Symposium on Access Control Models and Technologies

Page 147

https://doi.org/10.1145/3322431.3326331

Published: 28 May 2019 Publication History

PDF eReader

Abstract

The software upon which our modern society operates is riddled with security vulnerabilities. These vulnerabilities allow hackers access to our sensitive data and make our system insecure. To identify vulnerabilities in software, human experts, or vulnerability researchers, are employed. These human experts are quite expensive. And, more fundamentally, human experts cannot analyze every change made to every piece of software (any of which could introduce a security vulnerability). Therefore, automated vulnerability analysis techniques were developed to automatically perform the process of identifying security vulnerabilities in software systems. These tools attempt to democratize the vulnerability analysis process: allowing any developer to identify vulnerabilities in their software automatically, thus finding such vulnerabilities before a malicious hacker.

In this keynote, I will discuss the history of automated vulnerability analysis, from both the binary and the web perspective. Binary fuzzing and black-box web application vulnerability analysis have many aspects in common, yet are often thought of separately. From this, I will discuss the future of automated vulnerability analysis, and how we can achieve the effectiveness of a human vulnerability researcher.

Cited By

View all

Rosch-Grace DStraub J(2022)From Quantum Fuzzing to the Multiverse: Possible Effective Uses of Quantum NoiseAdvances in Information and Communication10.1007/978-3-030-98012-2_30(399-410)Online publication date: 8-Mar-2022
https://doi.org/10.1007/978-3-030-98012-2_30

Index Terms

History and Future of Automated Vulnerability Analysis
1. Security and privacy
  1. Software and application security
    1. Web application security
  2. Systems security
    1. Vulnerability management
      1. Vulnerability scanners

Recommendations

Supporting automated vulnerability analysis using formalized vulnerability signatures
ASE '12: Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering

Adopting publicly accessible platforms such as cloud computing model to host IT systems has become a leading trend. Although this helps to minimize cost and increase availability and reachability of applications, it has serious implications on ...
Measuring and ranking attacks based on vulnerability analysis

As the number of software vulnerabilities increases, the research on software vulnerabilities becomes a focusing point in information security. A vulnerability could be exploited to attack the information asset with the weakness related to the ...
Determination of Security Threat Classes on the basis of Vulnerability Analysis for Automated Countermeasure Selection
ARES '18: Proceedings of the 13th International Conference on Availability, Reliability and Security

Currently the task of automated security monitoring and responding to security incidents is highly relevant. The authors propose an approach to determine weaknesses of the analyzed system on the basis of its known vulnerabilities for further ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

SACMAT '19: Proceedings of the 24th ACM Symposium on Access Control Models and Technologies

May 2019

243 pages

ISBN:9781450367530

DOI:10.1145/3322431

General Chair:
Florian Kerschbaum
University of Waterloo, Canada
,
Program Chairs:
Atefeh Mashatan
Ryerson University, Canada
,
Jianwei Niu
University of Texas at San Antonio, USA
,
Adam J. Lee
University of Pittsburgh, USA

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 May 2019

Check for updates

Author Tags

Qualifiers

Keynote

Funding Sources

National Science Foundation

Conference

SACMAT '19

Sponsor:

SIGSAC

SACMAT '19: The 24th ACM Symposium on Access Control Models and Technologies

June 3 - 6, 2019

Toronto ON, Canada

Acceptance Rates

SACMAT '19 Paper Acceptance Rate 12 of 52 submissions, 23%;

Overall Acceptance Rate 177 of 597 submissions, 30%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
562
Total Downloads

Downloads (Last 12 months)71
Downloads (Last 6 weeks)10

Reflects downloads up to 18 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Rosch-Grace DStraub J(2022)From Quantum Fuzzing to the Multiverse: Possible Effective Uses of Quantum NoiseAdvances in Information and Communication10.1007/978-3-030-98012-2_30(399-410)Online publication date: 8-Mar-2022
https://doi.org/10.1007/978-3-030-98012-2_30

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Supporting automated vulnerability analysis using formalized vulnerability signatures

Measuring and ranking attacks based on vulnerability analysis

Determination of Security Threat Classes on the basis of Vulnerability Analysis for Automated Countermeasure Selection