A Framework for Deriving Verification and Validation Strategies to Assess Software Security

dc.contributor.authorBazaz, Anilen
dc.contributor.committeechairArthur, James D.en
dc.contributor.departmentComputer Scienceen
dc.date.accessioned2014-03-14T20:10:05Zen
dc.date.adate2006-04-26en
dc.date.available2014-03-14T20:10:05Zen
dc.date.issued2006-04-14en
dc.date.rdate2006-04-26en
dc.date.sdate2006-04-19en
dc.description.abstractIn recent years, the number of exploits targeting software applications has increased dramatically. These exploits have caused substantial economic damages. Ensuring that software applications are not vulnerable to the exploits has, therefore, become a critical requirement. The last line of defense is to test before hand if a software application is vulnerable to exploits. One can accomplish this by testing for the presence of vulnerabilities. This dissertation presents a framework for deriving verification and validation (V&V) strategies to assess the security of a software application by testing it for the presence of vulnerabilities. This framework can be used to assess the security of any software application that executes above the level of the operating system. It affords a novel approach, which consists of testing if the software application permits violation of constraints imposed by computer system resources or assumptions made about the usage of these resources. A vulnerability exists if a constraint or an assumption can be violated. Distinctively different from other approaches found in the literature, this approach simplifies the process of assessing the security of a software application. The framework is composed of three components: (1) a taxonomy of vulnerabilities, which is an informative classification of vulnerabilities, where vulnerabilities are expressed in the form of violable constraints and assumptions; (2) an object model, which is a collection of potentially vulnerable process objects that can be present in a software application; and (3) a V&V strategies component, which combines information from the taxonomy and the object model; and provides approaches for testing software applications for the presence of vulnerabilities. This dissertation also presents a step-by-step process for using the framework to assess software security.en
dc.description.degreePh. D.en
dc.identifier.otheretd-04192006-150313en
dc.identifier.sourceurlhttp://scholar.lib.vt.edu/theses/available/etd-04192006-150313/en
dc.identifier.urihttp://hdl.handle.net/10919/27006en
dc.publisherVirginia Techen
dc.relation.haspartdissertation-abazaz.pdfen
dc.rightsIn Copyrighten
dc.rights.urihttp://rightsstatements.org/vocab/InC/1.0/en
dc.subjectVulnerabilitiesen
dc.subjectVerificationen
dc.subjectValidationen
dc.subjectSoftware Securityen
dc.subjectConstraintsen
dc.subjectAssumptionsen
dc.titleA Framework for Deriving Verification and Validation Strategies to Assess Software Securityen
dc.typeDissertationen
thesis.degree.disciplineComputer Scienceen
thesis.degree.grantorVirginia Polytechnic Institute and State Universityen
thesis.degree.leveldoctoralen
thesis.degree.namePh. D.en

Files

Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
dissertation-abazaz.pdf
Size:
365.95 KB
Format:
Adobe Portable Document Format