Assessing software designs using capture-recapture methods

The number of faults not discovered by the design review can be estimated by using capture-recapture methods. Since these methods were developed for wildlife population estimation, the assumptions used to derive them do not match design review applications. The authors report on a Monte Carlo simulation to study the effects of broken assumptions on maximum likelihood estimators (MLEs) and jackknife estimators (JEs) of faults remaining. It is found that the MLE performs satisfactorily if faults are classified into a small number of homogeneous groups. Without grouping, the MLE can perform poorly, but it generally does better than the JE     

软件脆弱性分类方法研究

分析了在分类标准、分类规则、框架结构以及分类视角等方面具有特色的软件脆弱性分类方法;在此基础上,提炼出脆弱性分类的要素,并对经典的分类法进行多角度的比较分析,总结出每个分类法的特点和主要问题,讨论了现今脆弱性分类研究的关键问题和发展趋势。     

Economics of software vulnerability disclosure

Information security breaches frequently exploit software flaws or vulnerabilities, causing significant economic losses. Considerable debate exists about how to disclose such vulnerabilities. A coherent theoretical framework helps identify the key data elements needed to develop a sensible way of handling vulnerability disclosure     

AHP-DRASTIC: software for specific aquifer vulnerability assessment using DRASTIC model and GIS

A software package AHP-DRASTIC has been developed to derive ratings and weights of modified DRASTIC model parameters for use in specific aquifer vulnerability assessment studies. The software is integrated with ArcView Geographical Information System (GIS) software for modelling aquifer vulnerability, to predict areas which are more likely than others to become contaminated as a result of activities at or near the land surface. The ranges of a few of the DRASTIC model parameters have been modified to adapt to local hydrogeologic settings. Analytic Hierarchy Process (AHP) has been used to compute the ratings and weights of the criteria and sub-criteria of all parameters used in the DRASTIC model. The output from AHP generates a MS Access database for these parameters, which is then interfaced with ArcView using Avenue Scripts. AHP-DRASTIC is aimed at providing user-friendly GUI interfaced with GIS for the estimation of weights and ranks of the thematic layers used for aquifer vulnerability assessment. Contingency table analysis indicates that all wells in low and high vulnerability category have concentrations less than 10 ppm and more than 10 ppm, respectively. The model is validated with groundwater quality data and the results have shown strong relationship between DRASTIC Specific Vulnerability Index and nitrate-as-nitrogen concentrations with a correlation co-efficient of 0.84 at 0.01 level.     

软件安全缺陷发掘模型研究进展*

软件安全缺陷发掘模型在评估软件安全等级、预测软件剩余安全缺陷数量、确定为保证软件安全所需投入的资源等方面有着重要的意义。本文综述了软件安全缺陷发掘模型研究的进展状况,详细介绍了主要软件安全缺陷发掘模型的内容和原理,并对这些模型的特点和性能进行了比较和分析,最后提出了几个软件安全缺陷发掘模型研究领域需要进一步研究的问题。     

An historical perspective of software vulnerability management

The intent of this article is to provide the reader with an historical perspective of software vulnerability assessment. This historical overview will examine the lessons learned from the periods of formal approaches as applied to system certification and validation; to the periods where ‘simplistic’ tools are introduced to perform the tasks of vulnerability assessment; then to an overview of a macroscopic approach for studying the fundamental output of the complex nonlinear system known as software development; and finally to the present, where state-of-the-art tools and methodologies are beginning to apply principles of formal methods to the evaluation of software. The events and lessons learned from each of these periods will become evident to the reader, concluding with a requirement set and an outline for moving vulnerability analysis into the future.     

Assessing the maintainability of software product line feature models using structural metrics

A software product line is a unified representation of a set of conceptually similar software systems that share many common features and satisfy the requirements of a particular domain. Within the context of software product lines, feature models are tree-like structures that are widely used for modeling and representing the inherent commonality and variability of software product lines. Given the fact that many different software systems can be spawned from a single software product line, it can be anticipated that a low-quality design can ripple through to many spawned software systems. Therefore, the need for early indicators of external quality attributes is recognized in order to avoid the implications of defective and low-quality design during the late stages of production. In this paper, we propose a set of structural metrics for software product line feature models and theoretically validate them using valid measurement-theoretic principles. Further, we investigate through controlled experimentation whether these structural metrics can be good predictors (early indicators) of the three main subcharacteristics of maintainability: analyzability, changeability, and understandability. More specifically, a four-step analysis is conducted: (1) investigating whether feature model structural metrics are correlated with feature model maintainability through the employment of classical statistical correlation techniques; (2) understanding how well each of the structural metrics can serve as discriminatory references for maintainability; (3) identifying the sufficient set of structural metrics for evaluating each of the subcharacteristics of maintainability; and (4) evaluating how well different prediction models based on the proposed structural metrics can perform in indicating the maintainability of a feature model. Results obtained from the controlled experiment support the idea that useful prediction models can be built for the purpose of evaluating feature model maintainability using early structural metrics. Some of the structural metrics show significant correlation with the subjective perception of the subjects about the maintainability of the feature models.     

A distributed framework for demand-driven software vulnerability detection

Security testing aims at detecting program security flaws through a set of test cases and has become an active area of research. The challenge is how to efficiently produce test cases that are highly effective in detecting security flaws. This paper presents a novel distributed demand-driven security testing system to address this challenge. It leverages how end users use the software to increase the coverage of essential paths for security testing. The proposed system consists of many client sites and one testing site. The software under test is installed at each client site. Whenever a new path is about to be exercised by a user input, it will be sent to the testing site for security testing. At the testing site, symbolic execution is used to check any potential vulnerability on this new path. If a vulnerability is detected, a signature is automatically generated and updated to all client sites for protection. The benefits are as follows. First, it allows us to focus testing on essential paths, i.e., the paths that are actually being explored by users or attackers. Second, it stops an attacker from exploiting an unreported vulnerability at the client site. A prototype system has been implemented to evaluate the performance of the proposed system. The results show that it is both effective and efficient in practice.     

A novel approach to evaluate software vulnerability prioritization

The aim of this study is to formulate an analysis model which can express the security grades of software vulnerability and serve as a basis for evaluating danger level of information program or filtering hazardous weaknesses of the system and improve it to counter the threat of different danger factors. Through the utilization of fuzzy analytic hierarchy process (FAHP), we will organize the crossover factors of the software blind spots and build an evaluation framework. First of all, via the fuzzy Delphi method the aspects and relative determinants affecting security will be filtered out. Then we will identify the value equation of each factor and settle down the fuzzy synthetic decision making model of software vulnerability. Thanks to this model we will be able to analyze the various degrees to which the vulnerability is affecting the security and this information will serve as a basis for future ameliorations of the system itself. The higher the security score obtained therefore imply securer system. Beside this, this study also propose an improvement from the traditional fuzzy synthetic decision making model for measuring the fuzziness between enhancement and independence of various aspects and criteria. Furthermore taking into consideration the subjectivity of human in reality and constructing the fuzzy integral decision making model. Through case study, we show that the evaluation model in question is practical and can be applied on the new software vulnerabilities and measure their degree of penetration. The fuzzy integral decision making emphasize through formulation the multiply-add effect between different factors influencing information security.     

Combined software and hardware fault injection vulnerability detection

Innovations in Systems and Software Engineering - Fault injection is a well-known method to test the robustness and security vulnerabilities of software. Software-based and hardware-based...     

Assessing traceability of software engineering artifacts

The generation of traceability links or traceability matrices is vital to many software engineering activities. It is also person-power intensive, time-consuming, error-prone, and lacks tool support. The activities that require traceability information include, but are not limited to, risk analysis, impact analysis, criticality assessment, test coverage analysis, and verification and validation of software systems. Information Retrieval (IR) techniques have been shown to assist with the automated generation of traceability links by reducing the time it takes to generate the traceability mapping. Researchers have applied techniques such as Latent Semantic Indexing (LSI), vector space retrieval, and probabilistic IR and have enjoyed some success. This paper concentrates on examining issues not previously widely studied in the context of traceability: the importance of the vocabulary base used for tracing and the evaluation and assessment of traceability mappings and methods using secondary measures. We examine these areas and perform empirical studies to understand the importance of each to the traceability of software engineering artifacts.     

用信息熵度量软件项目人员流动风险

风险能导致软件项目失败,从而给企业带来损失;它是软件工程的研究热点之一,人员流动风险是软件项目过程中的重大风险,然而却很少有人关注。信息熵能有效度量子系统的均匀程度,提出一种基于信息熵的定量的人员流动风险度量模型;人员对软件项目的影响越均匀,风险越小,否则,关键人员的流动将对项目造成重大影响。不仅论述了模型的合理性,而且给出了模型实例,模型中需要的数据可从企业内部获得。实践表明该模型科学合理,可以作为企业控制软件项目人员流动风险的依据。     

基于配置模糊的软件漏洞检测方法

为了检测特定配置条件下的软件漏洞,提出了一种配置模糊测试方法.它通过改变被测程序的配置检测一些只在特定运行时特定配置下才能表现出来的软件漏洞.应用程序运行在部署环境下时,配置模糊测试技术连续不断的模糊应用程序的配置信息,检查软件是否违反了“安全准则”,若违反,则表示存在一个安全漏洞,配置模糊测试技术执行测试时利用的是正在运行的一个应用程序的副本,因此不会影响应用程序的状态.描述了配置模糊测试方法的原型实现,并通过实验验证了该方法的高效性.     

面向源代码的软件漏洞静态检测综述

软件静态漏洞检测依据分析对象主要分为二进制漏洞检测和源代码漏洞检测。由于源代码含有更为丰富的语义信息而备受代码审查人员的青睐。针对现有的源代码漏洞检测研究工作，从基于代码相似性的漏洞检测、基于符号执行的漏洞检测、基于规则的漏洞检测以及基于机器学习的漏洞检测4个方面进行了总结，并以基于源代码相似性的漏洞检测系统和面向源代码的软件漏洞智能检测系统两个具体方案为例详细介绍了漏洞检测过程。     

Periodicity in software vulnerability discovery,patching and exploitation

Periodicity in key processes related to software vulnerabilities need to be taken into account for assessing security at a given time. Here, we examine the actual multi-year field datasets for some of the most used software systems (operating systems and Web-related software) for potential annual variations in vulnerability discovery processes. We also examine weekly periodicity in the patching and exploitation of the vulnerabilities. Accurate projections of the vulnerability discovery process are required to optimally allocate the effort needed to develop patches for handling discovered vulnerabilities. A time series analysis that combines the periodic pattern and longer-term trends allows the developers to predict future needs more accurately. We analyze eighteen datasets of software systems for annual seasonality in their vulnerability discovery processes. This analysis shows that there are indeed repetitive annual patterns. Next, some of the datasets from a large number of major organizations that record the result of daily scans are examined for potential weekly periodicity and its statistical significance. The results show a 7-day periodicity in the presence of unpatched vulnerabilities, as well as in the exploitation pattern. The seasonal index approach is used to examine the statistical significance of the observed periodicity. The autocorrelation function is used to identify the exact periodicity. The results show that periodicity needs to be considered for optimal resource allocations and for evaluation of security risks.     

基于机器学习的软件脆弱性分析方法综述

随着被披露脆弱性代码样本数量的不断增加和机器学习方法的广泛应用,基于机器学习的软件脆弱性分析逐渐成为信息安全领域的热点研究方向。首先,通过分析已有研究工作,提出了基于机器学习的软件脆弱性挖掘框架;然后,从程序分析角度对已有研究工作进行了分类综述;最后,对研究成果进行了对比分析,并分析了当前基于机器学习的脆弱性分析方法面临的挑战,展望了未来的发展方向。     

一种基于fuzzing技术的漏洞发掘新思路*

目前检测软件缓冲区溢出漏洞仅局限于手工分析、二进制补丁比较及fuzzing技术等,这些技术要么对人工分析依赖程度高,要么盲目性太大,致使漏洞发掘效率极为低下。结合fuzzing技术、数据流动态分析技术以及异常自动分析技术等,提出一种新的缓冲区溢出漏洞发掘思路。新思路克服了已有缓冲区溢出漏洞发掘技术的缺点,能有效发掘网络服务器软件中潜在的未知安全漏洞（0day）,提高了缓冲区溢出漏洞发掘效率和自动化程度。     

Assessing the risk due to software faults: estimates of failure rate versus evidence of perfection

In the debate over the assessment of software reliability (or safety), as applied to critical software, two extreme positions can be discerned: the ‘statistical’ position, which requires that the claims of reliability be supported by statistical inference from realistic testing or operation, and the ‘perfectionist’ position, which requires convincing indications that the software is free from defects. These two positions naturally lead to requiring different kinds of supporting evidence, and actually to stating the dependability requirements in different ways, not allowing any direct comparison. There is often confusion about the relationship between statements about software failure rates and about software correctness, and about which evidence can support either kind of statement. This note clarifies the meaning of the two kinds of statement and how they relate to the probability of failure-free operation, and discusses their practical merits, especially for high required reliability or safety. © 1998 John Wiley & Sons, Ltd.