See this document in CiteSeerX!

Categorization of Software Errors that led to Security Breaches (1997)  (Make Corrections)  (7 citations)
Wenliang Du, Aditya P. Mathur
Proc. 21st NIST-NCSC National Information Systems Security Conference



  Home/Search   Context   Related

 
View or download:
oboe.com/serc/TechReports/a...TR174P.PS
purdue.edu/pub/COA...categorization.ps
serc.net/TechReports/abstra...TR174P.PS
Cached:  PS.gz  PS  PDF   Image  Update  Help

From:  oboe.com/serc/TechReport...Mathur (more)
From:  purdue.edu/coast/coastlibrary
Homepages:  W.Du  

Rate this article: (best)
  Comment on this article  
(Enter summary)

Abstract: A set of errors known to have led to security breaches in computer systems was analyzed. The analysis led to a categorization of these errors. After examining several proposed schemes for the categorization of software errors a new scheme was developed and used. This scheme classifies errors by their cause, the nature of their impact, and the type of change, or fix, made to remove the error. The errors considered in this work are found in a database maintained by the COAST laboratory. The... (Update)

Context of citations to this paper:   More

...tolerant systems, na mely fault injection. This approach has drawn upon years of research and experience in vulnerability analysis [1, 3, 6, 16, 20]. Our approach relies on an empirically supported belief that the environment plays a significant role in triggering security...

.... flaws from three viewpoints: cause of the flaw, the nature of their impact, and the type of change or fix made to remove the flaw [20, 21]. The first dimension was similar to Landwehr s while the third dimension has categories like spurious entity, missing entity, misplaced...

Cited by:   More
An Economic Analysis of Market for Software Vulnerabilities - Karthik Kannan Rahul (2004)   (Correct)
Optimal Policy for Software Vulnerability Disclosure - Arora, Telang, Xu (2004)   (Correct)
Analysis of Vulnerabilities in Internet Firewalls - Kamara, Fahmy, Schultz..   (Correct)

Active bibliography (related documents):   More   All
0.9:   Vulnerability Testing of Software System Using Fault Injection - Du, Mathur (1998)   (Correct)
0.6:   Testing for Software Vulnerability Using Environment Perturbation - Du, Mathur (2000)   (Correct)
0.5:   Maintaining Software with a Security Perspective - Jiwnani, Zelkowitz (2002)   (Correct)

System load high. Please wait...
Timeout. Please try your query later.
Similar documents based on text:   More   All
0.2:   Security Relevancy Analysis on the Registry of Windows NT 4.0 - Du, Garg, Mathur (1999)   (Correct)
0.2:   Using Programmer-Written Compiler Extensions to Catch.. - Ashcraft, Engler (2002)   (Correct)
0.1:   Software Reliability Modeling + Model Selection Criteria - Horgan, Mathur, Pasquini.. (1995)   (Correct)

Related documents from co-citation:   More   All
4:   A taxonomy of unix system and network vulnerabilities - Bishop - 1995
4:   Operating system penetration (context) - Linde - 1975
4:   Software Testing Techniques (context) - Beizer - 1990

BibTeX entry:   (Update)

W. Du and A. Mathur. Categorization of software errors that led to security breaches. Technical Report COAST Technical Report 97-09, Purdue University, Department of Computer Sciences, 1997. http://citeseer.ist.psu.edu/du97categorization.html   More

@inproceedings{ du98categorization,
    author = "W. Du and A. P. Mathur",
    title = "Categorization of Software Errors That Led to Security Breaches",
    booktitle = "Proc. 21st {NIST}-{NCSC} National Information Systems Security Conference",
    pages = "392--407",
    year = "1998",
    url = "citeseer.ist.psu.edu/du97categorization.html" }
Citations (may not include all citations):
82   Toward a theory of test data selection (context) - Goodenough, Gerhart - 1975
59   Software errors and complexity: An empirical investigation (context) - Basili, Perricone - 1984
49   Fundamentals of Computer Security Technology (context) - Amoroso - 1994
35   A taxonomy of computer program security flaws (context) - Landwehr - 1994
34   Orthogonal defect classification -- a concept for in-process.. (context) - Chillarege - 1992
24   Operating system penetration (context) - Linde - 1975
23   Security analysis and enhancements of computer operating sys.. (context) - Abbott - 1976
19   Collecting and categorizing software error data in an indust.. (context) - Ostrand, Weyuker - 1984
12   A taxonomy of unix system and network vulnerabilities - Bishop - 1995
7   A grammar based fault classification scheme and its applicat.. - Demillo, Mathur - 1995
5   The design of a secure operating system (context) - McCauley, Drongowski - 1979
4   Inconsistency of single data value over time (context) - Bibsey, Popek et al. - 1975
4   A taxonomy of security faults in the unix operation system (context) - Aslam - 1995
3   Computer vulnerability analysis thesis proposal - Krsul - 1997
1   Effectiveness of mutation and data flow testing (context) - Wong, Mathur - 1995



The graph only includes citing articles where the year of publication is known.

Documents on the same site (http://hesperus.oboe.com/serc/TechReports/abstracts/authors/Mathur.html):   More
On the Estimation of Reliability of a Software System.. - Krishnamurthy, Mathur (1997)   (Correct)
Effect of Testing Techniques on Software Reliability.. - Chen, Mathur, Rego (1992)   (Correct)
Architecture Of Tamer: A Tool For Dependability Analysis Of .. - DeMillo, Li, Mathur (1994)   (Correct)

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC