Emulating representative software vulnerabilities using field data
Tóm tắt
Từ khóa
Tài liệu tham khảo
Aho AV, Lam MS, Sethi R, Ullman JD (2007) Compilers: principles, techniques, and tools, 2nd edn. Pearson/Addison-Wesley, Boston
Barham P, Dragovic B, Fraser K, Hand S, Harris T, Ho A, Neugebauer R, Pratt I, Warfield A (2003) Xen and the art of virtualization. SIGOPS Oper Syst Rev 37(5):164–177. https://doi.org/10.1145/1165389.945462
Cerveira F, Barbosa R, Mercier M, Madeira H (2017) On the emulation of vulnerabilities through software fault injection. In: 2017 13th European dependable computing conference (EDCC)
Chillarege R (1996) Orthogonal defect classification. In: Lyu MR (ed) Handbook of software reliability engineering. IEEE CS Press, McGraw-Hill, Washington, New York, pp 359–400
Chillarege R, Bhandari IS, Chaar JK, Halliday MJ, Moebus DS, Ray BK, Wong MY (1992) Orthogonal defect classification–a concept for in-process measurements. IEEE Trans Softw Eng 18(11):943–956
Christmansson J, Chillarege R (1996) Generation of an error set that emulates software faults based on field data. In: Proceedings of the twenty-sixth international symposium on fault-tolerant computing, IEEE, Washington, pp 304–313
Cotroneo D, Natella R (2013) Fault injection for software certification. IEEE Secur Priv 11(4):38–45. https://doi.org/10.1109/MSP.2013.54
Cotroneo D, Pietrantuono R, Russo S, Trivedi KS (2016) How do bugs surface? a comprehensive study on the characteristics of software bugs manifestation. J Syst Softw 113:27–43
Duraes JA, Madeira HS (2006) Emulation of software faults: a field data study and a practical approach. IEEE Trans Softw Eng 32(11):849–867. https://doi.org/10.1109/TSE.2006.113
Fagan ME (1976) Design and code inspections to reduce errors in program development. IBM Syst J 15(3):182–211
Fonseca J, Vieira M (2008) Mapping software faults with web security vulnerabilities. In: 2008 IEEE international conference on dependable systems and networks With FTCS and DCC (DSN), pp 257–266. https://doi.org/10.1109/DSN.2008.4630094
Fonseca J, Vieira M, Madeira H (2007) Testing and comparing web vulnerability scanning tools for SQL injection and XSS attacks. In: 13th Pacific Rim international symposium on dependable computing (PRDC 2007), pp 365–372. https://doi.org/10.1109/PRDC.2007.55
Fonseca J, Vieira M, Madeira H (2009) Vulnerability & attack injection for web applications. In: 2009 IEEE/IFIP international conference on dependable systems networks, pp 93–102. https://doi.org/10.1109/DSN.2009.5270349
Hsueh MC, Tsai TK, Iyer RK (1997) Fault injection techniques and tools. IEEE Comput 30(4):75–82. https://doi.org/10.1109/2.585157
Love R (2005) Linux kernel development, 2nd edn. Novell Press, Provo
Lucas MW (2012) SSH Mastery: OpenSSH, PuTTY,tunnels and keys. Tilted Windmill Press, Michigan
Maxion RA, Olszewski RT (2000) Eliminating exception handling errors with dependability cases: a comparative, empirical study. IEEE Trans Software Eng 26(9):888–906. https://doi.org/10.1109/32.877848
McCabe TJ (1976) A complexity measure. IEEE Trans Soft Eng SE–2(4):308–320. https://doi.org/10.1109/TSE.1976.233837
McConnell S (1997) Best practices: Gauging software readiness with defect tracking. IEEE Softw 14(3):136, 135
Pereira G, Barbosa R, Madeira H (2016) Practical emulation of software defects in source code. In: 2016 12th European dependable computing conference (EDCC), pp 130–140. https://doi.org/10.1109/EDCC.2016.19
Stallings W, Brown L (2011) Computer security: principles and practice, 2nd edn. Prentice-Hall, Inc, Upper Saddle River