Targeting Security Vulnerabilities: From Specification to Detection (Short Paper)

August 12-August 13

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/QSIC.2008.35

2008 The Eighth International Confere ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Aiman Hanna Articles by Hai Zhou Ling Articles by Jason Furlong Articles by Zhenrong Yang Articles by Mourad Debbabi

	ASCII Text	x
	Aiman Hanna, Hai Zhou Ling, Jason Furlong, Zhenrong Yang, Mourad Debbabi, "Targeting Security Vulnerabilities: From Specification to Detection (Short Paper)," Quality Software, International Conference on, pp. 97-102, 2008 The Eighth International Conference on Quality Software, 2008.

	BibTex	x
	@article{ 10.1109/QSIC.2008.35, author = {Aiman Hanna and Hai Zhou Ling and Jason Furlong and Zhenrong Yang and Mourad Debbabi}, title = {Targeting Security Vulnerabilities: From Specification to Detection (Short Paper)}, journal ={Quality Software, International Conference on}, volume = {0}, year = {2008}, issn = {1550-6002}, pages = {97-102}, doi = {http://doi.ieeecomputersociety.org/10.1109/QSIC.2008.35}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Quality Software, International Conference on TI - Targeting Security Vulnerabilities: From Specification to Detection (Short Paper) SN - 1550-6002 SP97 EP102 A1 - Aiman Hanna, A1 - Hai Zhou Ling, A1 - Jason Furlong, A1 - Zhenrong Yang, A1 - Mourad Debbabi, PY - 2008 KW - Security Automata KW - Security Testing KW - Dynamic Analysis KW - Data Dependency KW - Test-Data Generation KW - Control Flow Analysis VL - 0 JA - Quality Software, International Conference on ER -

In this paper, we present a joint approach to automate software security testing using two approaches, namely Team Edit Automata (TEA), and the Security Chaining Approach. Team Edit Automata is used to formally specify the security properties to be tested. It also composes the monitoring engine of the vulnerability detection process. The security chaining approach is used to generate test-data for the purpose of proving that a vulnerability is not only present in the software being tested but it is also exploitable. The combined approach provides elements of a solution towards the automation of security testing of software.

Index Terms:

Security Automata, Security Testing, Dynamic Analysis, Data Dependency, Test-Data Generation, Control Flow Analysis

Citation:

Aiman Hanna, Hai Zhou Ling, Jason Furlong, Zhenrong Yang, Mourad Debbabi, "Targeting Security Vulnerabilities: From Specification to Detection (Short Paper)," qsic, pp.97-102, 2008 The Eighth International Conference on Quality Software, 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.