On Vulnerabilities, Constraints and Assumptions

Details On Vulnerabilities, Constraints and Assumptions On Vulnerabilities, Constraints and Assumptions

2005-09-26

arxiv.org/abs/cs/0509076v1

Computer Science

Cryptography and Security

Scientific paper

This report presents a taxonomy of vulnerabilities created as a part of an effort to develop a framework for deriving verification and validation strategies to assess software security. This taxonomy is grounded in a theoretical model of computing, which establishes the relationship between vulnerabilities, software applications and the computer system resources. This relationship illustrates that a software application is exploited by violating constraints imposed by computer system resources and assumptions made about their usage. In other words, a vulnerability exists in the software application if it allows violation of these constraints and assumptions. The taxonomy classifies these constraints and assumptions. The model also serves as a basis for the classification scheme the taxonomy uses, in which the computer system resources such as, memory, input/output, and cryptographic resources serve as categories and subcategories. Vulnerabilities, which are expressed in the form of constraints and assumptions, are classified according to these categories and subcategories. This taxonomy is both novel and distinctively different from other taxonomies found in the literature.

Affiliated with

Also associated with

No associations

Rating

On Vulnerabilities, Constraints and Assumptions does not yet have a rating. At this time, there are no reviews or comments for this scientific paper.

If you have personal experience with On Vulnerabilities, Constraints and Assumptions, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and On Vulnerabilities, Constraints and Assumptions will most certainly appreciate the feedback.

Rate now

Comments { 0 }

Profile ID: LFWR-SCP-O-224494