Scalable trust establishment with software reputation
作者: Sven Bugiel , Lucas Vincenco Davi , Steffen Schulz
关键词:
摘要: Users and administrators are often faced with the choice between different software solutions, sometimes even have to assess security of complete systems. With sufficient time resources, such decisions can be based on extensive testing review. However, in practice this is too expensive consuming.In paper, we present a pragmatic, but scalable approach for trustworthiness assessment programs their history. The used to, e.g. automatically sort an App store by record or complex systems remote attestation schemes. Our prototype implementation popular Debian GNU/Linux system achieves good prediction accuracy individual as well entire
acm.org
tu-darmstadt.de
sci-hub.se 参考文章(17)
Ju An Wang, Hao Wang, Minzhe Guo, Min Xia, Security metrics for software systems Proceedings of the 47th Annual Southeast Regional Conference on - ACM-SE 47. pp. 47- ,(2009) , 10.1145/1566445.1566509
Ahmad-Reza Sadeghi, Christian Stüble, Property-based attestation for computing platforms Proceedings of the 2004 workshop on New security paradigms - NSPW '04. pp. 67- 77 ,(2005) , 10.1145/1065907.1066038
Nachiappan Nagappan, Thomas Ball, Andreas Zeller, Mining metrics to predict component failures Proceeding of the 28th international conference on Software engineering - ICSE '06. pp. 452- 461 ,(2006) , 10.1145/1134285.1134349
O.H. Alhazmi, Y.K. Malaiya, I. Ray, Measuring, analyzing and predicting security vulnerabilities in software systems Computers & Security. ,vol. 26, pp. 219- 228 ,(2007) , 10.1016/J.COSE.2006.10.002
E. Shi, A. Perrig, L. Van Doorn, BIND: a fine-grained attestation service for secure distributed systems ieee symposium on security and privacy. pp. 154- 168 ,(2005) , 10.1109/SP.2005.4
Jonathan M. McCune, Yanlin Li, Ning Qu, Zongwei Zhou, Anupam Datta, Virgil Gligor, Adrian Perrig, TrustVisor: Efficient TCB Reduction and Attestation ieee symposium on security and privacy. pp. 143- 158 ,(2010) , 10.1109/SP.2010.17
Trent Jaeger, Reiner Sailer, Umesh Shankar, PRIMA Proceedings of the eleventh ACM symposium on Access control models and technologies - SACMAT '06. pp. 19- 28 ,(2006) , 10.1145/1133058.1133063
Thomas Zimmermann, Nachiappan Nagappan, Laurie Williams, Searching for a Needle in a Haystack: Predicting Security Vulnerabilities for Windows Vista international conference on software testing, verification, and validation. pp. 421- 428 ,(2010) , 10.1109/ICST.2010.32
Tal Garfinkel, Ben Pfaff, Jim Chow, Mendel Rosenblum, Dan Boneh, Terra: a virtual machine-based platform for trusted computing symposium on operating systems principles. ,vol. 37, pp. 193- 206 ,(2003) , 10.1145/1165389.945464
Stephan Neuhaus, Thomas Zimmermann, Christian Holler, Andreas Zeller, Predicting vulnerable software components computer and communications security. pp. 529- 540 ,(2007) , 10.1145/1315245.1315311