Using Software Structure to Predict Vulnerability Exploitation Potential
作者: Awad A. Younis , Yashwant K. Malaiya
关键词: Computer science 、 Vulnerability (computing) 、 Vulnerability management 、 Attack surface 、 Exploit 、 Support vector machine 、 Risk analysis (engineering) 、 Computer security 、 Function (engineering) 、 Metric (unit) 、 Software
摘要: … on source code analysis, a link between vulnerability location … specifically intended for measuring vulnerability exploitability. … vulnerability location is not available, we can use static code …
colostate.edu 参考文章(23)
Emmanuel Aroms, NIST Special Publication 800-30 Risk Management Guide for Information Technology Systems ,(2012)
David Brumley, Thanassis Avgerinos, Sang Kil Cha, Brent Lim Tze Hao, AEG: Automatic Exploit Generation network and distributed system security symposium. ,(2011) , 10.1184/R1/6468296.V1
O.H. Alhazmi, Y.K. Malaiya, Modeling the vulnerability discovery process international symposium on software reliability engineering. pp. 129- 138 ,(2005) , 10.1109/ISSRE.2005.30
Michael Howard, Jon Pincus, Jeannette M. Wing, Measuring Relative Attack Surfaces Springer, Boston, MA. pp. 109- 137 ,(2005) , 10.1007/0-387-24006-3_8
Mehran Bozorgi, Lawrence K. Saul, Stefan Savage, Geoffrey M. Voelker, Beyond heuristics: learning to classify vulnerabilities and predict exploits knowledge discovery and data mining. pp. 105- 114 ,(2010) , 10.1145/1835804.1835821
O. Sami Saydjari, Is risk a good security metric? Proceedings of the 2nd ACM workshop on Quality of protection - QoP '06. pp. 59- 60 ,(2006) , 10.1145/1179494.1179508
J. McHugh, W.L. Fithen, W.A. Arbaugh, Windows of vulnerability: a case study analysis IEEE Computer. ,vol. 33, pp. 52- 59 ,(2000) , 10.1109/2.889093
Awad A. Younis, Yashwant K. Malaiya, Indrajit Ray, Using Attack Surface Entry Points and Reachability Analysis to Assess the Risk of Software Vulnerability Exploitability high assurance systems engineering. pp. 1- 8 ,(2014) , 10.1109/HASE.2014.10
Pratyusa Manadhata, Jeannette Wing, Mark Flynn, Miles McQueen, Measuring the attack surfaces of two FTP daemons Proceedings of the 2nd ACM workshop on Quality of protection - QoP '06. pp. 3- 10 ,(2006) , 10.1145/1179494.1179497
Susan Horwitz, Thomas Reps, David Binkley, Interprocedural slicing using dependence graphs ACM Transactions on Programming Languages and Systems. ,vol. 12, pp. 26- 60 ,(1990) , 10.1145/77606.77608