Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
DSN
2000
IEEE
2000
IEEE
Testing for Software Vulnerability Using Environment Perturbation
We describe an methodology for testing a software system for possible security flaws. Based on the observation that most security flaws are caused by the program’s inappropriate interactions with the environment, and triggered by user’s malicious perturbation on the environment (which we call an environment fault), we view the security testing problem as the problem of testing for the fault-tolerance properties of a software system. We consider each environment perturbation as a fault and the resulting security compromise a failure in the toleration of such faults. Our approach is based on the well known technique of fault-injection. Environment faults are injected into the system under test and system behavior observed. The failure to tolerate faults is an indicator of a potential security flaw in the system. An Environment-Application Interaction (EAI) fault model is proposed which guides us to decide what faults to inject. Based on EAI, we have developed a security testing m...
Real-time TrafficRelated Content
| Added | 30 Jul 2010 |
| Updated | 30 Jul 2010 |
| Type | Conference |
| Year | 2000 |
| Where | DSN |
| Authors | Wenliang Du, Aditya P. Mathur |
Comments (0)
Researcher Info
|
