{"title":"利用漏洞分析和秘密识别潜在的安全漏洞","authors":"Curtis Busby-Earle, E. Mugisa","doi":"10.5176/2010-2283_1.2.40","DOIUrl":null,"url":null,"abstract":"In contemporary software development there are a number of methods that attempt to ensure the security of a system. Many of these methods are however introduced in the latter stages of development or try to address the issues of securing a software system by envisioning possible threats to that system, knowledge that is usually both subjective and esoteric. In this paper we introduce the concept of path fixation and discuss how contradictory paths or loopholes, discovered during requirements engineering and using only a requirements specification document, can lead to potential security flaws in a proposed system. The SECREt is a proof-of-concept prototype tool developed to demonstrate the effectiveness of loophole analysis. We discuss how the tool performs a loophole analysis and present the results of tests conducted on an actual specification document. We conclude that loophole analysis is an effective, objective method for the discovery of potential vulnerabilitites that exist in proposed systems and that the SECREt can be successfully incorporated into the requirements engineering process.","PeriodicalId":91079,"journal":{"name":"GSTF international journal on computing","volume":"20 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2011-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Identifying Potential Security Flaws using Loophole Analysis and the SECREt\",\"authors\":\"Curtis Busby-Earle, E. Mugisa\",\"doi\":\"10.5176/2010-2283_1.2.40\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In contemporary software development there are a number of methods that attempt to ensure the security of a system. Many of these methods are however introduced in the latter stages of development or try to address the issues of securing a software system by envisioning possible threats to that system, knowledge that is usually both subjective and esoteric. In this paper we introduce the concept of path fixation and discuss how contradictory paths or loopholes, discovered during requirements engineering and using only a requirements specification document, can lead to potential security flaws in a proposed system. The SECREt is a proof-of-concept prototype tool developed to demonstrate the effectiveness of loophole analysis. We discuss how the tool performs a loophole analysis and present the results of tests conducted on an actual specification document. We conclude that loophole analysis is an effective, objective method for the discovery of potential vulnerabilitites that exist in proposed systems and that the SECREt can be successfully incorporated into the requirements engineering process.\",\"PeriodicalId\":91079,\"journal\":{\"name\":\"GSTF international journal on computing\",\"volume\":\"20 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-02-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"GSTF international journal on computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.5176/2010-2283_1.2.40\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"GSTF international journal on computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5176/2010-2283_1.2.40","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Identifying Potential Security Flaws using Loophole Analysis and the SECREt
In contemporary software development there are a number of methods that attempt to ensure the security of a system. Many of these methods are however introduced in the latter stages of development or try to address the issues of securing a software system by envisioning possible threats to that system, knowledge that is usually both subjective and esoteric. In this paper we introduce the concept of path fixation and discuss how contradictory paths or loopholes, discovered during requirements engineering and using only a requirements specification document, can lead to potential security flaws in a proposed system. The SECREt is a proof-of-concept prototype tool developed to demonstrate the effectiveness of loophole analysis. We discuss how the tool performs a loophole analysis and present the results of tests conducted on an actual specification document. We conclude that loophole analysis is an effective, objective method for the discovery of potential vulnerabilitites that exist in proposed systems and that the SECREt can be successfully incorporated into the requirements engineering process.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
