Results 1 - 10 of 78

Automatic Documentation Inference for Exceptions

by Raymond P. L. Buse, Westley R. Weimer
"... Exception handling is a powerful and widely-used programming language abstraction for constructing robust software systems. Unfortunately, it introduces an inter-procedural flow of control that can be difficult to reason about. Failure to do so correctly can lead to security vulnerabilities, breache ..."
Abstract - Cited by 36 (4 self) - Add to MetaCart
Exception handling is a powerful and widely-used programming language abstraction for constructing robust software systems. Unfortunately, it introduces an inter-procedural flow of control that can be difficult to reason about. Failure to do so correctly can lead to security vulnerabilities

High Assurance Software Development

by David Burke, Joe Hurd, Aaron Tomb , 2010
"... The purpose of this paper is describe how to make software assurance a part of a science of security. Software assurance as practiced is a grab-bag of techniques, heuristics, and lessons learned from earlier failures. Given the importance of software to critical infrastructures (electricity, banking ..."
Abstract - Add to MetaCart
development teams can communicate in a common language to tackle the challenges of developing secure systems. Furthermore, this framework supports formal inference techniques (in particular, a trust relationship analysis), so that we can use automated reasoning to deal with scalability issues. Perhaps most

Automated Security Analysis of Payment Protocols

by Enyang Huang, Deorge A. Kocur, Heidi M. Nelf, Enyang Huang , 2012
"... Formal analyses have been used for payment protocol design and verification but, de-spite developments in semantics and expressiveness, previous literature has placed little emphasis on the automation aspects of the proof systems. This research develops an automated analysis framework for payment pr ..."
Abstract - Add to MetaCart
Formal analyses have been used for payment protocol design and verification but, de-spite developments in semantics and expressiveness, previous literature has placed little emphasis on the automation aspects of the proof systems. This research develops an automated analysis framework for payment

Automatic discovery of software attacks via backward reasoning

by Cataldo Basile, Daniele Canavese, Bjorn De Sutter, Fulvio Valenza
"... Abstract—Security risk management and mitigation are two of the most important items on several companies ’ agendas. In this scenario, software attacks pose a major threat to the reliable execution of services, thus bringing negative effects on businesses. This paper presents a formal model that all ..."
Abstract - Add to MetaCart
the risks. The proposed model uses a Knowledge Base to represent the software assets, the steps that can be executed to mount an attack and their relationships. Inference rules permit the automatic discovery of attack step combinations towards the compromised assets that are discovered using a backward

Formal Verification of Secure Programs in the Presence of Side Effects

by Paul E. Black, Phillip J. Windley - PROCEEDINGS OF THE THIRTY-FIRST ANNUAL HAWAII INTERNATIONAL CONFERENCE ON SYSTEM SCIENCES (HICSS-31), VOLUME III , 1998
"... Much software is written in industry standard programming languages, but these languages often have complex semantics making them hard to formalize. For example, the use of expressions with side effects is common in C programs. We present new inference rules for conditional (if) statements and loopi ..."
Abstract - Cited by 4 (2 self) - Add to MetaCart
be worthwhile. To support our claim, we give an example of how our verification of a secure web server uncovered some previously unknown problems. Automated theorem proving assistants can help deal with complex inference rules, but many components must be brought together to make a broadly useful system. We

Confident Firewall Policy Configuration Management using Description Logic

by William M. Fitzgerald, Simon N. Foley Mícheál, Ó Foghlú
"... Abstract. The provisioning of a firewall is one of the first important steps toward securing access control to a network. However, the effectiveness of a firewall’s access control may be limited or compromised by poor configuration and management of firewall policy decisions. Firewall configuration ..."
Abstract - Cited by 2 (0 self) - Add to MetaCart
comprehending a configuration that achieves the desired business-level security requirements. We outline an approach that enables network administrators to provision firewall configuration policies in a reliable, convenient, conflict-free and automated way. The approach uses Description Logic and the Semantic

Automated Detection of Client-State Manipulation Vulnerabilities

by Anders Møller, Mathias Schwarz
"... Abstract—Web application programmers must be aware of a wide range of potential security risks. Although the most common pitfalls are well described and categorized in the literature, it remains a challenging task to ensure that all guidelines are followed. For this reason, it is desirable to constr ..."
Abstract - Cited by 3 (0 self) - Add to MetaCart
produced by the tool help the application programmer identify vulnerabilities. Moreover, the inferred information can be applied to configure a security filter that automatically guards against attacks. Experiments on a collection of open source web applications indicate that the static analysis is able

Ownership and Immutability Inference for UML-based Object Access Control

by Yin Liu - In ICSE , 2007
"... We propose a mechanism for object access control which is based on the UML. Specifically, we propose use of ownership and immutability constraints on UML associations and verification of these constraints through reverse engineering. These constraints inherently support software design principles, a ..."
Abstract - Cited by 26 (9 self) - Add to MetaCart
an empirical investigation on several small-to-large Java programs. The results indicate that the inference analyses are precise and practical. Therefore, the analyses can be integrated in reverse engineering tools and can help support effective reasoning about software quality and security. 1

and Homeland Security

by Ben Goertzel, Hugo Pinto, Ari Heljakka, Novamente Llc, Izabela Freire, Goertzel Mike, Ross Cassio Pennachin
"... We describe BioLiterate, a prototype software system which infers relationships involving relationships between genes, proteins and malignancies from research abstracts, and has initially been tested in the domain of the molecular genetics of oncology. The architecture uses a natural language proces ..."
Abstract - Add to MetaCart
We describe BioLiterate, a prototype software system which infers relationships involving relationships between genes, proteins and malignancies from research abstracts, and has initially been tested in the domain of the molecular genetics of oncology. The architecture uses a natural language

Towards an infrastructure for integrated accessible formal reasoning environments

by Andrei Lapets, Richard Skowyra, Christine Bassem, Assaf Kfoury, Azer Bestavros - In Proc. UITP 2012
"... Computer science researchers in the programming languages and formal verification communities have produced a variety of automated tools and techniques for assisting formal reasoning tasks. However, while there exist notable successes in utilizing these tools to develop safe and secure software and ..."
Abstract - Cited by 1 (0 self) - Add to MetaCart
Computer science researchers in the programming languages and formal verification communities have produced a variety of automated tools and techniques for assisting formal reasoning tasks. However, while there exist notable successes in utilizing these tools to develop safe and secure software
Results 1 - 10 of 78