Dan DaCosta, Christopher Dahn, Spiros Mancoridis, Vassilis Prevelakis  Home/Search
Context Related
| drexel.edu/~smancori/resea...ICSM03.pdf Cached: PS.gz PS PDF This document uses CoBlitz to cache paper downloads. If your firewall is blocking outgoing connections to port 3125, you can use these links to download local copies.
Image Update HelpPS.gz PS PDF From: drexel.edu/~smancori...paperIndex (more) (Enter author homepages) |
Rate this article:      (best)Comment on this article |
Abstract: Software maintainers and auditors would benefit from a tool to help them focus their attention on functions that are likely to be the source of security vulnerabilities. However, the existence of such a tool is predicated on the ability to characterize a function's `security vulnerability likelihood.' Our hypothesis is that functions near a source of input are most likely to contain a security vulnerability. These functions should be a small percentage of the total number of functions in the... (Update)
Cited by: More
Measuring the Attack Surfaces of Two FTP Daemons - Pratyusa Manadhata Jeannette (Correct)
Dealing with System Monocultures - Keromytis, Prevelakis (Correct)
Active bibliography (related documents): More All
0.5: Shield: Vulnerability-Driven Network Filters for.. - Wang, Guo, Simon.. (2004) (Correct)
0.4: Vulnerability Testing of Software System Using Fault Injection - Du, Mathur (1998) (Correct)
0.4: Categorization of Software Errors that led to Security Breaches - Du, Mathur (1997) (Correct)
System load high. Please wait...
Timeout. Please try your query later.
Similar documents based on text: More All
0.5: WebDAVA: An Administrator-Free Approach to Web.. - Levine, Prevelakis.. (2003) (Correct)
0.4: Recovering the Structure of Software Systems Using Tube.. - Mancoridis, Holt (1996) (Correct)
0.4: Creating a Jointly Sponsored Master of Science in Software.. - Hislop, Shankar (1999) (Correct)
Related documents from co-citation: More All
4: Secure overlay services (context) - Keromytis, Misra et al. - 2002
2: PointGuard: Protecting Pointers From Buffer Overflow Vulnerabilities (context) - Cowan, Beattie et al. - 2003
2: A Comparison of Publicly Available Tools for Dynamic Intrusion Prevention (context) - Wilander, Kamkar - 2003
BibTeX entry: (Update)
DaCosta, D., Dahn, C., Mancoridis, S., Prevelakis, V.: Characterizing the Security Vulnerability Likelihood of Software Functions . In: Proceedings of the 2003 International Conference on Software Maintenance (ICSMy03). (2003) 61-72 http://citeseer.ist.psu.edu/dacosta03characterizing.html More
@misc{ dacosta03characterizing,
author = "D. DaCosta and C. Dahn and S. Mancoridis and V. Prevelakis",
title = "Characterizing the Security Vulnerability Likelihood of Software Functions",
text = "DaCosta, D., Dahn, C., Mancoridis, S., Prevelakis, V.: Characterizing the
Security Vulnerability Likelihood of Software Functions . In: Proceedings
of the 2003 International Conference on Software Maintenance (ICSMy03).
(2003) 61-72",
year = "2003",
url = "citeseer.ist.psu.edu/dacosta03characterizing.html" }
Citations (may not include all citations):136 Fast algorithms for finding nearest common ancestors (context) - Harel, Tarjan - 1984
92 Controlling High-Bandwidth Aggregates in the Network - Mahajan, Bellovin et al. - 2001
66 Smashing The Stack For Fun and Profit (context) - One - 1996
64 Detecting Format String Vulnerabilities with Type Qualifiers - Shankar, Talwar et al.
45 Automated Support for Legacy Code Understanding (context) - Ning, Engberts et al. - 1994
39 FormatGuard: Automatic Protection From printf Format String .. - Cowan, Barringer et al. - 2001
35 Statically Detecting Likely Buffer Overflow Vulnerabilites - Larochelle, Evans - 2001
33 International Thomson Computer Press (context) - Beizer, Techniques - 1990
22 Data Model Supporting Reachability Analysis and Dead Code De.. (context) - Chen, Gansner et al. - 1997
17 Software Vulnerability Analysis (context) - Krsul - 1998
15 A Taxonomy of Security Faults in the Unix Operating System - Aslam - 1995
12 A Taxonomy of UNIX System and Network Vulnerabilities - Bishop - 1995
11 Automatic Detection and Prevention of Buffer-Overflow Attack.. (context) - Cowan, Pu et al. - 1998
6 Reportal: A web-based portal site for reverse engineering - Mancoridis, Souder et al. - 2001
4 Representing semantically analyzed c++ code with reprise (context) - Rosenblum, Wolf - 1991
3 Computer Vulnerability Analysis Thesis Proposal - Krsul - 1997
3 Source code scanners for better code (context) - Nazario - 2002
3 net newshamformat string attack (context) - string, http et al. - 2000
2 Center for Information Technology Integration (context) - Provos, escalation et al. - 2002
http://introspector.sourceforge.net/
http://www.cigital.com/its4/
http://www.openbsd.org/
http://www.securesoft.com/rats.php/
http://serg.mcs.drexel.edu/cosak/case
http://www.openssh.org
http://www.research.att.com/sw/tools
http://www.cs.berkeley.edu/
Documents on the same site (http://www.cs.drexel.edu/~smancori/research/paperIndex.html): More
Algorithms for Managing the Evolution of Software Designs - Spiros Mancoridis (Correct)
Reformulating Software Engineering as a Search Problem - Clarke, Jones (Correct)
Modeling the Search Landscape of Metaheuristic Software.. - Mitchell, Mancoridis (2003) (Correct)
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC