Modeling Software VulnerabilitiesWith Vulnerability Cause Graphs

Philadelphia, Pennsylvania September 24-September 27

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/ICSM.2006.40

22nd IEEE International Conference on ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by David Byers Articles by Shanai Ardi Articles by Nahid Shahmehri Articles by Claudiu Duma

	ASCII Text	x
	David Byers, Shanai Ardi, Nahid Shahmehri, Claudiu Duma, "Modeling Software VulnerabilitiesWith Vulnerability Cause Graphs," Software Maintenance, IEEE International Conference on, pp. 411-422, 22nd IEEE International Conference on Software Maintenance (ICSM'06), 2006.

	BibTex	x
	@article{ 10.1109/ICSM.2006.40, author = {David Byers and Shanai Ardi and Nahid Shahmehri and Claudiu Duma}, title = {Modeling Software VulnerabilitiesWith Vulnerability Cause Graphs}, journal ={Software Maintenance, IEEE International Conference on}, volume = {0}, year = {2006}, issn = {1063-6773}, pages = {411-422}, doi = {http://doi.ieeecomputersociety.org/10.1109/ICSM.2006.40}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Software Maintenance, IEEE International Conference on TI - Modeling Software VulnerabilitiesWith Vulnerability Cause Graphs SN - 1063-6773 SP411 EP422 A1 - David Byers, A1 - Shanai Ardi, A1 - Nahid Shahmehri, A1 - Claudiu Duma, PY - 2006 KW - software security KW - vulnerability modeling VL - 0 JA - Software Maintenance, IEEE International Conference on ER -

David Byers, Linkopings universitet, SE-58183 Linkoping, Sweden

Shanai Ardi, Linkopings universitet, SE-58183 Linkoping, Sweden

Nahid Shahmehri, Linkopings universitet, SE-58183 Linkoping, Sweden

Claudiu Duma, Linkopings universitet, SE-58183 Linkoping, Sweden

When vulnerabilities are discovered in software, which often happens after deployment, they must be addressed as part of ongoing software maintenance. A mature software development organization should analyze vulnerabilities in order to determine how they, and similar vulnerabilities, can be prevented in the future.

In this paper we present a structured method for analyzing and documenting the causes of software vulnerabilities. Applied during software maintenance, the method generates the information needed for improving the software development process, to prevent similar vulnerabilities in future releases.

Our approach is based on vulnerability cause graphs, a structured representation of causes of software vulnerabilities.

Index Terms:

software security, vulnerability modeling

Citation:

David Byers, Shanai Ardi, Nahid Shahmehri, Claudiu Duma, "Modeling Software VulnerabilitiesWith Vulnerability Cause Graphs," icsm, pp.411-422, 22nd IEEE International Conference on Software Maintenance (ICSM'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.