Software Security Vulnerabilities Seen As Feature Interactions

نویسنده

  • Guy-Vincent Jourdan
چکیده

The security of software applications is an important domain, and one that mixes formalisms (e.g. when dealing with cryptography and security protocols) with very ad hoc, low level practical solutions. In this paper, we look at a subset of the “security” field: the production of secure, general purpose software from a software engineering viewpoint. We call this simply “software security”. We show that, when we analyze this particular subset of the field, many if not most problems turn out to be instances of feature interactions problems. We illustrate our claim by looking at three of the top ten most common vulnerabilities in Web application as published by OWASP (the three that are in fact software security issues) and show that in each instance, we can express the problem as a feature interactions problem. We also reach the same conclusion with one of the latest generalized software security vulnerability, “ClickJacking”.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Feature interaction: the security threat from within software systems

Security engineering is about protecting assets from harm. The feature interaction problem occurs when the composition of features leads to undesirable system behaviours. Usually, this problem manifests itself as conflicting actions of features on a shared context. Security requirements may be violated by feature interactions creating security vulnerabilities which can potentially be exploited ...

متن کامل

Manipulating Program Functionality to Eliminate Security Vulnerabilities

Security vulnerabilities can be seen as excess undesirable functionality present in a software system. We present several mechanisms that can either excise or change system functionality in ways that may 1) eliminate security vulnerabilities while 2) enabling the system to continue to deliver acceptable service.

متن کامل

Predicting Unknown Vulnerabilities using Software Metrics and Maturity Models

We face an increasing reliance on software-based services, applications, platforms, and infrastructures to accomplish daily activities. It is possible to introduce vulnerabilities during any software life cycle and these vulnerabilities could lead to security attacks. It is known that as the software complexity increases, discovering a new security vulnerability introduced by subsequent updates...

متن کامل

Improving Security Using Extensible Lightweight Static Analysis

0 7 4 0 7 4 5 9 / 0 2 / $ 1 7 . 0 0 © 2 0 0 2 I E E E education, better interface design, and security-conscious defaults. With software implementation flaws, however, the problems are typically both preventable and well understood. Analyzing reports of security attacks quickly reveals that most attacks do not result from clever attackers discovering new kinds of flaws, but rather stem from rep...

متن کامل

Extracting Feature Sequences in Software Vulnerabilities Based on Closed Sequential Pattern Mining

Feature Extraction is significant for determining security vulnerabilities in software. Mining closed sequential patterns provides complete and condensed information for non-redundant frequent sequences generation. In this paper, we discuss the feature interaction problem and propose an efficient algorithm to extract features in vulnerability sequences. Each closed sequential pattern represents...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2009