Software vulnerability analysis
Abstract
The consequences of a class of system failures, commonly known as software vulnerabilities, violate security policies. They can cause the loss of information and reduce the value or usefulness of the system. An increased understanding of the nature of vulnerabilities, their manifestations, and the mechanisms that can be used to eliminate and prevent them can be achieved by the development of a unified definition of software vulnerabilities, the development of a framework for the creation of taxonomies for vulnerabilities, and the application of learning, visualization, and statistical tools on a representative collection of software vulnerabilities. This dissertation provides a unifying definition of software vulnerability based on the notion that it is security policies that define what is allowable or desirable in a system. It also includes a framework for the development of classifications and taxonomies for software vulnerabilities. This dissertation presents a classification of software vulnerabilities that focuses on the assumptions that programmers make regarding the environment in which their application will be executed and that frequently do not hold during the execution of the program. This dissertation concludes by showing that the unifying definition of software vulnerability, the framework for the development of classifications, and the application of learning and visualization tools can be used to improve security.
Degree
Ph.D.
Advisors
Spafford, Purdue University.
Subject Area
Computer science
Off-Campus Purdue Users:
To access this dissertation, please log in to our
proxy server.