52 Computer Windows of Vulnerability: A Case Study Analysis C omplex information and communication systems give rise to design, implementation, and management errors. These errors can lead to a vulnerability—a flaw in an information technology product that could allow violations of security policy. Anecdotal evidence alone suggests that known and patchable vulnerabilities cause the majority of ...

Resume This article analyses three methods of remote voting in an uncontrolled environment: postal voting, internet voting and hybrid voting. It breaks down the voting process into different stages and compares their vulnerabilities considering criteria that must be respected in any democratic vote: confidentiality, anonymity, transparency, vote unicity and authenticity. Whether for safety or r...

Bittorrent (BT) traffic had been reported to contribute to 30% of the Internet traffic nowadays and the number of participants have been growing rapidly. For such a protocol that significantly involved in the Internet traffic, the robustness and security must be evaluated carefully. In this paper, we analyze the BT protocol and identify several potential vulnerabilities available for malicious ...

In this paper, we present a model for vulnerability analysis that enables us to mitigate the complexity of modern systems through well-defined layers of abstraction. We use this model to build a new framework for vulnerability classification. Finally, we present our results classifying buffer overflow vulnerabilities.

This report presents a graph-based approach to network vulnerability analysis. The method is flexible, allowing analysis of attacks from both outside and inside the network. It can analyze risks to a specific network asset, or examine the universe of possible consequences following a successful attack. The analysis system requires as input a database of common attacks, broken into atomic steps,...

Increasing the safety of vehicles is an important goal for vehicle manufacturers. These manufacturers often turn to simulations to understand how to improve a vehicle’s design as real-world safety tests are expensive and time consuming. Understanding the results of these simulations, however, is challenging due to the complexity of the data, which often includes both spatial and nonspatial data...

The increasing number of attacks on internet-based systems calls for security measures on behalf those systems’ operators. Beside classical methods and tools for penetration testing, there exist additional approaches using publicly available search engines. We present an alternative approach using contactless vulnerability analysis with both classical and subject-specific search engines. Based ...

Due to the increasing dependency on networked computer system, it is important to make a network reliable and dependent. This is even more relevant as new threats of attack are constantly being revealed, compromising the security of systems. This paper addresses this problem by presenting an attack injection methodology for the automatic discovery of vulnerabilities in software components. The ...

This paper presents a vulnerability analysis course especially developed for practitioners and experiences gained from it. The described course is a compact three days course initially aimed to educate practitioners in the process of finding security weaknesses in their own products. After giving an overview of the course, the paper presents results from two different types of course evaluation...

This paper focuses on the development of a method for road network vulnerability analysis, from the perspective of capacity degradation, which seeks to identify the critical infrastructures in the road network and the operational performance of the whole traffic system. This research involves defining the traffic utility index and modeling vulnerability of road segment, route, OD (Origin Destin...