期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

软件漏洞起因的分类研究 被引量:3

Research on Taxonomy of the Software Vulnerabilities Origins
下载PDF
导出
摘要 软件漏洞是发生安全事件的根源,当软件漏洞被利用时,会造成严重的后果。对CERT或者SANS公布的漏洞进行的分析表明:许多漏洞都归因于软件开发人员反复地犯同一类错误。该文对软件漏洞的起因进行分类,应用领域包括:开发人员的使用指南(以避免犯共性的错误),软件工程专业学生的教学素材,以及软件测试人员或审计人员的“项目核查清单”。 The vulnerabilities of software are the root of most security incident. When these vulnerabilities can be exploited, this has a serious impact. Analysis of vulnerability alerts as distributed by organizations like CERT or SANS shows that many vulnerabilities can be attributed to the same mistakes made by developers. This paper proposes a structured taxonomy of the origins of software vulnerabilities. Such a taxonomy can be used as an aid for developers to avoid common pitfall, as didactical material for students in software engineering or as a "checklist" for software testers or auditors.
作者 李淼 吴世忠
机构地区 长春光学精密与物理研究所 中国信息安全产品测评认证中心
出处 《计算机工程》 EI CAS CSCD 北大核心 2006年第20期163-165,共3页 Computer Engineering
基金 国家部委"929"专项工程基金资助项目
关键词 软件漏洞 分类法 完全介入 特征冲突 Software vulnerability Taxonomy Complete mediation Feature interaction
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献8

  • 1Bishop M.Vulnerability Analysis[C].Proceedings of Recent Advances in Intrusion Detection,1999:125-136.
  • 2Landwehr C,Bull A,Mcdermott J,et al.A Taxonomy Computer Program Security Flaws,with Example[J].ACM Computing Surveys,1994,26(3):211-255.
  • 3Krsul I,Spafford E,Tripunitara M.Computer Vulnerability Analysis[R].West Lafayette:COAST Laboratory,Purdue University,Technical Report:COAST TR98-07,1998-05.
  • 4Aslam T,Krsul I,Spafford E.A Taxonomy of Security Faults[C].Proceedings of the 19th National Information Systems Security Conference,Baltimore,Maryland,1996-10.
  • 5Anderson R.Security Engineering,A Guide Building Dependable Distributed Systems[M].John Wiley & Sons,2001.
  • 6Gollmann D.Computer Security[M].John Wiley & Sons,2000.
  • 7Viega J,McGraw G.Building Secure Software[M].Addison-Wesley,2002.
  • 8Schneier B.Secrets and Lies:Digital Security in a Networked World[M].John Wiley & Sons,2000.

同被引文献23

  • 1王颖,李祥和.软件漏洞的分类研究[J].计算机系统应用,2008,17(11):40-44. 被引量:11
  • 2韦韬,王贵驷,邹维.软件漏洞产业:现状与发展[J].清华大学学报(自然科学版),2009(S2):2087-2096. 被引量:4
  • 3Schechter S E.How to Buy Better Testing:Using Competition to Get the Most Security and Robustness for Your Dollur[C] //Proc.of Infrastructure Security Conference.Bristol,UK:[s.n.] ,2002:97-113.
  • 4Schechter S E.Quantitatively Differentiating System Securityl[C] //Proc.of the 1st Workshop on Economics and Information Security.Berkeley,CA,USA:[s.n.] ,2002:163-179.
  • 5Schechter S E.Computer Security Strength&Risk:A Quantitative Approach[D].Cambridge,USA:Harvard University,2004.
  • 6Kannan K,Telang R.An Economic Analysis of Market for Software Vulnerabilities[C] //Proc.of the 3rd Workshop on Economics and Information Security.Minneapolis,USA:[S.n,] ,2004:213-224.
  • 7李鹏,王汝传,王绍棣.格式化字符串攻击检测与防范研究[J].南京邮电大学学报(自然科学版),2007,27(5):84-89. 被引量:7
  • 8ZHANG Zhao,WEN Qiaoyan,TANG Wen. An efficient muta-tion-based fuzz testing approach for detecting flaws of networkprotocol [C]// Proceedings of 2012 International Conference onComputer Science and Service System. Washington DC:IEEE,2012:814-817.
  • 9GORBUNOV Serge,ROSENBLOOM Arnold. AutoFuzz:auto-mated network protocol fuzzing framework [J]. Internationaljournal of computer science and network security,2014,10(8):239-245.
  • 10SHIN Y,MENEELY A,WILLIAMS L,et al. Evaluating com-plexity,code churn,and developer activity metrics as indica-tors of software vulnerabilities [J]. IEEE transactions on soft-ware engineering,2013,37(6):772-786.

引证文献3

二级引证文献7

计算机工程
2006年 第20期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部