The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
The paper aims at defining the agent based threat modelling from the viewpoint of security agents. Agent causal to threat creates insecure gateways and paths which lead to vulnerabilities in the system. Any system built on to a vulnerable foundation of a vulnerable language or architecture shall forever remain risk bound. Security agents or “POLICE” agents as we term them come dexterous. The modelling...
Using static analysis tools can detect software vulnerabilities, which is important for improving the security of software. Static analysis technology has developed rapidly, but the comparison and evaluation of static analysis techniques and tools are not much. This paper focuses on software vulnerability static analysis techniques and tools. First we discuss the commonly-used static analysis techniques...
In this paper we describe where current risk controls (as documented in ISO27001/27002) for mitigating information security risks are likely to be inadequate for use in the cloud. Such an analysis could provide a rationale for prioritizing protection research, and the work presented here is part of a larger exercise designed to identify the potential for cascade attacks in the cloud, and those areas...
Software security test (SST) is a useful way to validate software system security attribute. Defects based testing technologies are more effective than traditional specification testing technologies, and more and more researchers pay their attention to the testing methods. Before testing, an organized list of actual defects is especially essential. But at present the only existing suitable taxonomies...
Accuracy and integrity is an important basis for vulnerability analysis and research. A vulnerability, which based on CVE standard, has more integrated properties, and collects several professional vulnerability databases' information, has been given, in order to ensure the accuracy and Authoritative of the source. Simultaneously, unifies the naming vulnerability, consummates the vulnerability information,...
Many software security vulnerabilities only reveal themselves under certain conditions, i.e., particular configurations of the software together with its particular run-time environment. One approach to detecting these vulnerabilities is fuzz testing, which feeds a range of randomly modified inputs to a software application while monitoring it for failures. However, typical fuzz testing makes no guarantees...
This paper proposes an approach to locate the patched vulnerability by analyzing the differences between two versions of an executable file. The approach comprises two parts: finding the differences and auditing the differences. To find the differences, a heuristically method is presented to compute an isomorphism between two callgraphs, based on the definitions of similarity between functions, and...
As computers, information systems, and networking have become increasingly ubiquitous, cybersecurity has become even more critical for the continuity of basic business operations. This article analyzes the challenges associated with cybersecurity, including attack patterns and trends.
The amount of time to protect enterprise systems against potential vulnerability continues to shrink. Enterprises need an effective patch management mechanism to survive the insecure IT environment. Effective patch management is a systematic and repeatable patch distribution process which includes establishing timely and practical alerts, receiving notification of patches or discovering them, downloading...
The proliferation of exploit codes greatly expedites attacks in cyber world. This research compiles important dates on vulnerability from various sources into five patterns of life-cycle: zero-day attack, pseudo zero-day attack, potential of pseudo zero-day attack, potential of attack, and passive attack. Pseudo zero-day attack, which results from leniency on the part of system administrators, has...
This paper attempts to introduce a method for developing secure software based on the vulnerabilities which are already known. In the proposed method, the most prevalent vulnerabilities are selected. For each vulnerability its location of appearance within the software development process, as well as methods of mitigation through design-level or implementation- level activities is discussed. Mapping...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.