Categorization of Software Errors that led to Security Breaches
نویسندگان
چکیده
A set of errors known to have led to security breaches in computer systems was analyzed. The analysis led to a categorization of these errors. After examining several proposed schemes for the categorization of software errors a new scheme was developed and used. This scheme classi es errors by their cause, the nature of their impact, and the type of change, or x, made to remove the error. The errors considered in this work are found in a database maintained by the COAST laboratory. The categorization is the rst step in the investigation of the e ectiveness of various measures of code coverage in revealing software errors that might lead to security breaches.
منابع مشابه
Quantitative evaluation of software security: an approach based on UML/SecAM and evidence theory
Quantitative and model-based prediction of security in the architecture design stage facilitates early detection of design faults hence reducing modification costs in subsequent stages of software life cycle. However, an important question arises with respect to the accuracy of input parameters. In practice, security parameters can rarely be estimated accurately due to the lack of sufficient kn...
متن کاملA Tool-Chain for High-Assurance Cryptographic Software
cryptographic implementations, as is shown by frequent (and in some cases catastrophic) security breaches directly attributed to implementation errors in widely used cryptographic libraries [L1,L2]. One of the causes of these breaches in widely tested software is the semantic gap between theoretical cryptographic specifications and their concrete implementations. Effectively closing this gap is...
متن کاملAn Analysis of HIPAA Breach Data
As software developers, we have a responsibility to protect our user’s data. When this data is protected health information (PHI), breaches can have serious financial and reputational consequences. The goal of this research is to analyze trends in breaches of PHI that point to software design guidelines that can prevent or lessen the impact of breaches. We examine the US Office of Civil Rights ...
متن کاملUsing CSP to Detect Errors in the TMN Protocol
In this paper we use FDR, a model checker for CSP, to detect errors in the TMN protocol TMN90]. We model the protocol and a very general intruder as CSP processes, and use the model checker to test whether the intruder can successfully attack the protocol. We consider three variants on the protocol, and discover a total of ten diierent attacks leading to breaches of security.
متن کاملEvaluation with Virtual Prototyping and Static Analysis of the Security of Hardware and Software Systems against Laser Attacks
Laser allows attackers to realize very efficient attacks which threaten the security of digital systems [FA06]. These attacks consist in using a laser to inject errors at specific times targeting specific components in the digital system. This digital system is a hardware architecture which executes a software application. The injected errors can then be propagated or masked, both by the hardwa...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 1998