使用软件可靠性模型进行安全评估。假设的验证

2013 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW) Pub Date : 2013-11-01 DOI:10.1109/ISSREW.2013.6688858

Da Young Lee, M. Vouk, L. Williams

{"title":"使用软件可靠性模型进行安全评估。假设的验证","authors":"Da Young Lee, M. Vouk, L. Williams","doi":"10.1109/ISSREW.2013.6688858","DOIUrl":null,"url":null,"abstract":"Can software reliability models be used to assess software security? One of the issues is that security problems are relatively rare under “normal” operational profiles, while “classical” reliability models may not be suitable for use in attack conditions. We investigated a range of Fedora open source software security problems to see if some of the basic assumptions behind software reliability growth models hold for discovery of security problems in non-attack situations. We find that in some cases, under “normal” operational use, security problem detection process may be described as a Poisson process. In those cases, we can use appropriate classical software reliability growth models to assess “security reliability” of that software in non-attack situations.","PeriodicalId":332420,"journal":{"name":"2013 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"125 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Using software reliability models for security assessment — Verification of assumptions\",\"authors\":\"Da Young Lee, M. Vouk, L. Williams\",\"doi\":\"10.1109/ISSREW.2013.6688858\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Can software reliability models be used to assess software security? One of the issues is that security problems are relatively rare under “normal” operational profiles, while “classical” reliability models may not be suitable for use in attack conditions. We investigated a range of Fedora open source software security problems to see if some of the basic assumptions behind software reliability growth models hold for discovery of security problems in non-attack situations. We find that in some cases, under “normal” operational use, security problem detection process may be described as a Poisson process. In those cases, we can use appropriate classical software reliability growth models to assess “security reliability” of that software in non-attack situations.\",\"PeriodicalId\":332420,\"journal\":{\"name\":\"2013 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)\",\"volume\":\"125 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISSREW.2013.6688858\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISSREW.2013.6688858","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

摘要

软件可靠性模型可以用来评估软件安全性吗?其中一个问题是，在“正常”操作配置文件下，安全性问题相对较少，而“经典”可靠性模型可能不适合在攻击条件下使用。我们研究了一系列Fedora开源软件安全问题，以了解软件可靠性增长模型背后的一些基本假设是否适用于在非攻击情况下发现安全问题。我们发现，在某些情况下，在“正常”操作使用下，安全问题检测过程可以描述为泊松过程。在这些情况下，我们可以使用适当的经典软件可靠性增长模型来评估该软件在非攻击情况下的“安全可靠性”。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Using software reliability models for security assessment — Verification of assumptions

Can software reliability models be used to assess software security? One of the issues is that security problems are relatively rare under “normal” operational profiles, while “classical” reliability models may not be suitable for use in attack conditions. We investigated a range of Fedora open source software security problems to see if some of the basic assumptions behind software reliability growth models hold for discovery of security problems in non-attack situations. We find that in some cases, under “normal” operational use, security problem detection process may be described as a Poisson process. In those cases, we can use appropriate classical software reliability growth models to assess “security reliability” of that software in non-attack situations.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2013 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)

自引率

0.00%

发文量