Computer Science – Cryptography and Security
Scientific paper
2005-09-26
Computer Science
Cryptography and Security
Scientific paper
This report presents a taxonomy of vulnerabilities created as a part of an effort to develop a framework for deriving verification and validation strategies to assess software security. This taxonomy is grounded in a theoretical model of computing, which establishes the relationship between vulnerabilities, software applications and the computer system resources. This relationship illustrates that a software application is exploited by violating constraints imposed by computer system resources and assumptions made about their usage. In other words, a vulnerability exists in the software application if it allows violation of these constraints and assumptions. The taxonomy classifies these constraints and assumptions. The model also serves as a basis for the classification scheme the taxonomy uses, in which the computer system resources such as, memory, input/output, and cryptographic resources serve as categories and subcategories. Vulnerabilities, which are expressed in the form of constraints and assumptions, are classified according to these categories and subcategories. This taxonomy is both novel and distinctively different from other taxonomies found in the literature.
Arthur James D.
Bazaz Anil
No associations
LandOfFree
On Vulnerabilities, Constraints and Assumptions does not yet have a rating. At this time, there are no reviews or comments for this scientific paper.
If you have personal experience with On Vulnerabilities, Constraints and Assumptions, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and On Vulnerabilities, Constraints and Assumptions will most certainly appreciate the feedback.
Profile ID: LFWR-SCP-O-224494