Software Security Vulnerabilities Seen As Feature Interactions
نویسنده
چکیده
The security of software applications is an important domain, and one that mixes formalisms (e.g. when dealing with cryptography and security protocols) with very ad hoc, low level practical solutions. In this paper, we look at a subset of the “security” field: the production of secure, general purpose software from a software engineering viewpoint. We call this simply “software security”. We show that, when we analyze this particular subset of the field, many if not most problems turn out to be instances of feature interactions problems. We illustrate our claim by looking at three of the top ten most common vulnerabilities in Web application as published by OWASP (the three that are in fact software security issues) and show that in each instance, we can express the problem as a feature interactions problem. We also reach the same conclusion with one of the latest generalized software security vulnerability, “ClickJacking”.
منابع مشابه
Feature interaction: the security threat from within software systems
Security engineering is about protecting assets from harm. The feature interaction problem occurs when the composition of features leads to undesirable system behaviours. Usually, this problem manifests itself as conflicting actions of features on a shared context. Security requirements may be violated by feature interactions creating security vulnerabilities which can potentially be exploited ...
متن کاملManipulating Program Functionality to Eliminate Security Vulnerabilities
Security vulnerabilities can be seen as excess undesirable functionality present in a software system. We present several mechanisms that can either excise or change system functionality in ways that may 1) eliminate security vulnerabilities while 2) enabling the system to continue to deliver acceptable service.
متن کاملPredicting Unknown Vulnerabilities using Software Metrics and Maturity Models
We face an increasing reliance on software-based services, applications, platforms, and infrastructures to accomplish daily activities. It is possible to introduce vulnerabilities during any software life cycle and these vulnerabilities could lead to security attacks. It is known that as the software complexity increases, discovering a new security vulnerability introduced by subsequent updates...
متن کاملImproving Security Using Extensible Lightweight Static Analysis
0 7 4 0 7 4 5 9 / 0 2 / $ 1 7 . 0 0 © 2 0 0 2 I E E E education, better interface design, and security-conscious defaults. With software implementation flaws, however, the problems are typically both preventable and well understood. Analyzing reports of security attacks quickly reveals that most attacks do not result from clever attackers discovering new kinds of flaws, but rather stem from rep...
متن کاملExtracting Feature Sequences in Software Vulnerabilities Based on Closed Sequential Pattern Mining
Feature Extraction is significant for determining security vulnerabilities in software. Mining closed sequential patterns provides complete and condensed information for non-redundant frequent sequences generation. In this paper, we discuss the feature interaction problem and propose an efficient algorithm to extract features in vulnerability sequences. Each closed sequential pattern represents...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2009