Vulnerability Likelihood: A Probabilistic Approach to Software Assurance
Author
Rajeev Gopalakrishna, Eugene H. Spafford, and Jan Vitek
Tech report number
CERIAS TR 2005-06
Abstract
The importance of software security is undeniable given the impact of software on our lives. Assurance about the security properties of a software artifact should ultimately translate into a quantitative measure of vulnerabilities. In this paper, we present the idea of vulnerability likelihood as a probabilistic approach to software assurance. Gaining assurance early in the software development cycle is of immense value in directing future efforts. So we first discuss vulnerability likelihood in the context of vulnerability prediction in software artifacts.
We propose four types of program properties that can be observed in software artifacts to potentially determine their vulnerability likelihood. Then we discuss vulnerability likelihood in the context of vulnerability detection. We propose a technique to quantify the assurance in the solutions of checkers for vulnerability detection that use static analysis. And finally, we illustrate the importance of vulnerability likelihood in a software development methodology to measurably increase software assurance.
Institution
CERIAS, Purdue University
Affiliation
CERIAS, Computer Sciences Department
Publication Date
1900-01-01
Contents
Vulnerability Likelihood
Vulnerability Prediction
Software Assurance
Subject
Software Assurance