Show simple item record

dc.contributor.authorBazaz, Anilen_US
dc.date.accessioned2014-03-14T20:10:05Z
dc.date.available2014-03-14T20:10:05Z
dc.date.issued2006-04-14en_US
dc.identifier.otheretd-04192006-150313en_US
dc.identifier.urihttp://hdl.handle.net/10919/27006
dc.description.abstractIn recent years, the number of exploits targeting software applications has increased dramatically. These exploits have caused substantial economic damages. Ensuring that software applications are not vulnerable to the exploits has, therefore, become a critical requirement. The last line of defense is to test before hand if a software application is vulnerable to exploits. One can accomplish this by testing for the presence of vulnerabilities.

This dissertation presents a framework for deriving verification and validation (V&V) strategies to assess the security of a software application by testing it for the presence of vulnerabilities. This framework can be used to assess the security of any software application that executes above the level of the operating system. It affords a novel approach, which consists of testing if the software application permits violation of constraints imposed by computer system resources or assumptions made about the usage of these resources. A vulnerability exists if a constraint or an assumption can be violated. Distinctively different from other approaches found in the literature, this approach simplifies the process of assessing the security of a software application.

The framework is composed of three components: (1) a taxonomy of vulnerabilities, which is an informative classification of vulnerabilities, where vulnerabilities are expressed in the form of violable constraints and assumptions; (2) an object model, which is a collection of potentially vulnerable process objects that can be present in a software application; and (3) a V&V strategies component, which combines information from the taxonomy and the object model; and provides approaches for testing software applications for the presence of vulnerabilities. This dissertation also presents a step-by-step process for using the framework to assess software security.

en_US
dc.publisherVirginia Techen_US
dc.relation.haspartdissertation-abazaz.pdfen_US
dc.rightsI hereby certify that, if appropriate, I have obtained and attached hereto a written permission statement from the owner(s) of each third party copyrighted matter to be included in my thesis, dissertation, or project report, allowing distribution as specified below. I certify that the version I submitted is the same as that approved by my advisory committee. I hereby grant to Virginia Tech or its agents the non-exclusive license to archive and make accessible, under the conditions specified below, my thesis, dissertation, or project report in whole or in part in all forms of media, now or hereafter known. I retain all other ownership rights to the copyright of the thesis, dissertation or project report. I also retain the right to use in future works (such as articles or books) all or part of this thesis, dissertation, or project report.en_US
dc.subjectVulnerabilitiesen_US
dc.subjectVerificationen_US
dc.subjectValidationen_US
dc.subjectSoftware Securityen_US
dc.subjectConstraintsen_US
dc.subjectAssumptionsen_US
dc.titleA Framework for Deriving Verification and Validation Strategies to Assess Software Securityen_US
dc.typeDissertationen_US
dc.contributor.departmentComputer Scienceen_US
dc.description.degreePh. D.en_US
thesis.degree.namePh. D.en_US
thesis.degree.leveldoctoralen_US
thesis.degree.grantorVirginia Polytechnic Institute and State Universityen_US
thesis.degree.disciplineComputer Scienceen_US
dc.contributor.committeechairArthur, James D.en_US
dc.identifier.sourceurlhttp://scholar.lib.vt.edu/theses/available/etd-04192006-150313/en_US
dc.date.sdate2006-04-19en_US
dc.date.rdate2006-04-26
dc.date.adate2006-04-26en_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record