Vulnerability Likelihood: A Probabilistic Approach to Software Assurance

Get BibTex-formatted data

Download

PDF

Author

Rajeev Gopalakrishna, Eugene H. Spafford, and Jan Vitek

Tech report number

CERIAS TR 2005-06

Entry type

techreport

Abstract

The importance of software security is undeniable given the impact of software on our lives. Assurance about the security properties of a software artifact should ultimately translate into a quantitative measure of vulnerabilities. In this paper, we present the idea of vulnerability likelihood as a probabilistic approach to software assurance. Gaining assurance early in the software development cycle is of immense value in directing future efforts. So we first discuss vulnerability likelihood in the context of vulnerability prediction in software artifacts. We propose four types of program properties that can be observed in software artifacts to potentially determine their vulnerability likelihood. Then we discuss vulnerability likelihood in the context of vulnerability detection. We propose a technique to quantify the assurance in the solutions of checkers for vulnerability detection that use static analysis. And finally, we illustrate the importance of vulnerability likelihood in a software development methodology to measurably increase software assurance.

Download

PDF

Institution

CERIAS, Purdue University

Key alpha

Gopalakrishna

Affiliation

CERIAS, Computer Sciences Department

Publication Date

1900-01-01

Vulnerability Likelihood Vulnerability Prediction Software Assurance

Subject

Software Assurance

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Techreport{ Gopalakrishna,
	title = "Vulnerability Likelihood: A Probabilistic Approach to Software Assurance",
	author = "Rajeev Gopalakrishna, Eugene H. Spafford, and Jan Vitek",
	institution = "CERIAS, Purdue University",
	abstract = "The importance of software security is undeniable given the impact of software on our lives. Assurance about the security properties of a software artifact should ultimately translate into a quantitative measure of vulnerabilities. In this paper, we present the idea of vulnerability likelihood as a probabilistic approach to software assurance. Gaining assurance early in the software development cycle is of immense value in directing future efforts. So we first discuss vulnerability likelihood in the context of vulnerability prediction in software artifacts.
We propose four types of program properties that can be observed in software artifacts to potentially determine their vulnerability likelihood. Then we discuss vulnerability likelihood in the context of vulnerability detection. We propose a technique to quantify the assurance in the solutions of checkers for vulnerability detection that use static analysis. And finally, we illustrate the importance of vulnerability likelihood in a software development methodology to measurably increase software assurance.",
	affiliation = "CERIAS, Computer Sciences Department",
	contents = "Vulnerability Likelihood
Vulnerability Prediction
Software Assurance",
	subject = "Software Assurance",
}

Vulnerability Likelihood: A Probabilistic Approach to Software Assurance

Download

Author

Tech report number

Entry type

Abstract

Download

Institution

Key alpha

Affiliation

Publication Date

Contents

Subject

BibTex-formatted data