Assessing Security Vulnerabilities: An Application of Partial and End-Game Verification and Validation
| dc.contributor.author | Frazier, Edward Snead | en |
| dc.contributor.committeechair | Arthur, James D. | en |
| dc.contributor.committeemember | Marchany, Randolph C. | en |
| dc.contributor.committeemember | Tront, Joseph G. | en |
| dc.contributor.department | Electrical and Computer Engineering | en |
| dc.date.accessioned | 2014-03-14T20:34:05Z | en |
| dc.date.adate | 2010-06-02 | en |
| dc.date.available | 2014-03-14T20:34:05Z | en |
| dc.date.issued | 2010-04-21 | en |
| dc.date.rdate | 2010-06-02 | en |
| dc.date.sdate | 2010-04-23 | en |
| dc.description.abstract | Modern software applications are becoming increasingly complex, prompting a need for expandable software security assessment tools. Violable constraints/assumptions presented by Bazaz [1] are expandable and can be modified to fit the changing landscape of software systems. Partial and End-Game Verification, Validation, and Testing (VV&T) strategies utilize the violable constraints/assumptions and are established by this research as viable software security assessment tools. The application of Partial VV&T to the Horticulture Club Sales Assistant is documented in this work. Development artifacts relevant to Partial VV&T review are identified. Each artifact is reviewed for the presence of constraints/assumptions by translating the constraints/assumptions to target the specific artifact and software system. A constraint/assumption review table and accompanying status nomenclature are presented that support the application of Partial VV&T. Both the constraint/assumption review table and status nomenclature are generic, allowing them to be used in applying Partial VV&T to any software system. Partial VV&T, using the constraint/assumption review table and associated status nomenclature, is able to effectively identify software vulnerabilities. End-Game VV&T is also applied to the Horticulture Club Sales Assistant. Base test strategies presented by Bazaz [1] are refined to target system specific resources such as user input, database interaction, and network connections. Refined test strategies are used to detect violations of the constraints/assumptions within the Horticulture Club Sales Assistant. End-Game VV&T is able to identify violation of constraints/assumptions, indicating vulnerabilities within the Horticulture Club Sales Assistant. Addressing vulnerabilities identified by Partial and End-Game VV&T will enhance the overall security of a software system. | en |
| dc.description.degree | Master of Science | en |
| dc.identifier.other | etd-04232010-000938 | en |
| dc.identifier.sourceurl | http://scholar.lib.vt.edu/theses/available/etd-04232010-000938/ | en |
| dc.identifier.uri | http://hdl.handle.net/10919/31849 | en |
| dc.publisher | Virginia Tech | en |
| dc.relation.haspart | Frazier_ES_T_2010.pdf | en |
| dc.rights | In Copyright | en |
| dc.rights.uri | http://rightsstatements.org/vocab/InC/1.0/ | en |
| dc.subject | Access Driven VV&T | en |
| dc.subject | Assumptions | en |
| dc.subject | Constraints | en |
| dc.subject | Assessment | en |
| dc.subject | Vulnerabilities | en |
| dc.subject | Software Security | en |
| dc.title | Assessing Security Vulnerabilities: An Application of Partial and End-Game Verification and Validation | en |
| dc.type | Thesis | en |
| thesis.degree.discipline | Electrical and Computer Engineering | en |
| thesis.degree.grantor | Virginia Polytechnic Institute and State University | en |
| thesis.degree.level | masters | en |
| thesis.degree.name | Master of Science | en |
Files
Original bundle
1 - 1 of 1