Serwis Infona wykorzystuje pliki cookies (ciasteczka). Są to wartości tekstowe, zapamiętywane przez przeglądarkę na urządzeniu użytkownika. Nasz serwis ma dostęp do tych wartości oraz wykorzystuje je do zapamiętania danych dotyczących użytkownika, takich jak np. ustawienia (typu widok ekranu, wybór języka interfejsu), zapamiętanie zalogowania. Korzystanie z serwisu Infona oznacza zgodę na zapis informacji i ich wykorzystanie dla celów korzytania z serwisu. Więcej informacji można znaleźć w Polityce prywatności oraz Regulaminie serwisu. Zamknięcie tego okienka potwierdza zapoznanie się z informacją o plikach cookies, akceptację polityki prywatności i regulaminu oraz sposobu wykorzystywania plików cookies w serwisie. Możesz zmienić ustawienia obsługi cookies w swojej przeglądarce.
Software security is an important aspect of ensuring software quality. The goal of this study is to help developers evaluate software security using traceable patterns and software metrics during development. The concept of traceable patterns is similar to design patterns but they can be automatically recognized and extracted from source code. If these patterns can better predict vulnerable code compared...
Hypervisors are software more and more widespread because of the increasing usage of virtualization, especially in the Cloud. But they are not bug-free. CrashOS is developed to test them and contributes to find security vulnerabilities in hypervisors.
There is widening chasm between the ease of creating software and difficulty of "building security in". This paper reviews the approach, the findings and recent experiments from a seven-year effort to enable consistency across a large, diverse development organization and software portfolio via policies, guidance, automated tools and services. Experience shows that developing secure software...
Testing software-intensive systems, for us, has traditionally focused on verifying and validating compliance and conformance to specification, as well as some general non-functional requirements such as performance of different components. In recent years, we have seen a strong move towards more data intensive systems. We have found that these types of systems require a different approach for testing...
Implementing cryptography on Internet-of-Things (IoT) devices, that is resilient against side channel analysis, has so far been a task only suitable for specialist software designers in interaction with access to a sophisticated testing facility. Recently a novel tool has been developed, ELMO, which offers the potential to enable non-specialist software developers to evaluate their code w.r.t. power...
Software startups can be subject to extreme money and time constraints while hoping for delivering reliable software. In a harsh startup environment, software may face quality downgrade either by improper process management or incapable human resources. Among the many, security is a fragile software quality characteristic responsible for severe negative consequences such as jeopardizing a startup's...
Differential testing uses similar programs as cross-referencing oracles to find semantic bugs that do not exhibit explicit erroneous behaviors like crashes or assertion failures. Unfortunately, existing differential testing tools are domain-specific and inefficient, requiring large numbers of test inputs to find a single bug. In this paper, we address these issues by designing and implementing NEZHA,...
Massively Open Online Courses (MOOCs) provide a unique opportunity to reach out to students who would not normally be reached by alleviating the need to be physically present in the classroom. However, teaching software security coursework outside of a classroom setting can be challenging. What are the challenges when converting security material from an on-campus course to the MOOC format? The goal...
Automated white-box testing is a major issue in software engineering. In previous work, we introduced LTest, a generic and integrated toolkit for automated white-box testing of C programs. LTest supports a broad class of coverage criteria in a unified way (through the label specification mechanism) and covers most major parts of the testing process – including coverage measurement, test generation...
The use of Internet of Things (IoT) devices has grown significantly in the past decade. While IoT is expected to improve life for many by enabling smart living spaces, the number of security risks that consumers and businesses will face is also increasing. A high number of vulnerable IoT devices are prone to attacks and easy exploit. Existing research has focused on security that must be implemented...
Ensuring software security is essential for developing a reliable software. A software can suffer from security problems due to the weakness in code constructs during software development. Our goal is to relate software security with different code constructs so that developers can be aware very early of their coding weaknesses that might be related to a software vulnerability. In this study, we chose...
Traditional symbolic execution for testing software focuses on exploring the paths of the program. However, for stateful network protocol, this method is hard to explore all the protocol states. This paper proposes a novel method based on model-guided symbolic execution, which can associate the program paths with the protocol states and utilize the protocol model to guide the test to explore interesting...
Security is often treated as secondary or a non- functional feature of software which influences the approach of vendors and developers when describing their products often in terms of what it can do (Use Cases) or offer customers. However, tides are beginning to change as more experienced customers are beginning to demand for more secure and reliable software giving priority to confidentiality, integrity...
The vulnerabilities existing in network protocol implementations are difficult to detect. The main reason is that the state space of complex protocol binary software is too large to explore. This paper proposes a novel approach that leverages selective symbolic execution to test network protocol binary software directly, which confines symbolic execution in the secure-sensitive area. This paper also...
Security testing is a pivotal activity in engineering secure software. It consists of two phases: generating attack inputs to test the system, and assessing whether test executions expose any vulnerabilities. The latter phase is known as the security oracle problem. In this work, we present SOFIA, a Security Oracle for SQL-Injection Vulnerabilities. SOFIA is programming-language and source-code independent,...
Applications are generally written assuming a predictable and well-behaved OS. In practice, they experience unpredictable misbehavior at the OS level and across OSes: different OSes can handle network events differently, APIs can behave differently across OSes, and OSes may be compromised or buggy. This unpredictability is challenging because its sources typically manifest during deployment and are...
Hundreds of vulnerabilities and security defects are disclosed by hackers, developers, and users. The better way to improve software security is to enhance security process into SDLC processes. To keep software secure, security enhancement of the SDLC process involves lots of practices and activities to achieve goal of security. However, how to adopt these activities well to improve software security...
The Cargo Supply Chain Integrity Technology (CSIT) Research, Development, Test and Evaluation project, jointly managed by the Transportation Security Administration (TSA) and the Department of Homeland Security's (DHS) Science and Technology (S&T) Directorate develops standards and certifies systems to mitigate threats posed by the potential introduction of improvised explosive devices into cargo...
Critical infrastructure such as power plants, oil refineries, and sewage are at the core of modern society. Supervisory Control and Data Acquisition (SCADA) systems were designed to allow human operators supervise, maintain, and control critical infrastructure. Recent years has seen an increase in connectivity of SCADA systems to the Internet. While this connectivity provides an increased level of...
Customer Edge Switching (CES) is an experimental Internet architecture that provides reliable and resilient multi-domain communications. It provides resilience against security threats because domains negotiate inbound and outbound policies before admitting new traffic. As CES and its signalling protocols are being prototyped, there is a need for independent testing of the CES architecture. Hence,...
Podaj zakres dat dla filtrowania wyświetlonych wyników. Możesz podać datę początkową, końcową lub obie daty. Daty możesz wpisać ręcznie lub wybrać za pomocą kalendarza.