, Volume 101, Issue 2, pp 119–138 | Cite as

Emulating representative software vulnerabilities using field data

  • Raul BarbosaEmail author
  • Frederico Cerveira
  • Luís Gonçalo
  • Henrique Madeira


Security vulnerabilities are a concern in systems and software exposed via networked interfaces. Previous research has shown that only a minority of vulnerabilities can be emulated through software fault injection techniques. This paper aims to accurately emulate software security vulnerabilities. To this end, the paper provides a field-data study on the operators needed to emulate vulnerabilities in software written in the C programming language. A practical implementation is constructed and the feasibility of emulating software vulnerabilities is evaluated. The emulation operators were obtained by analyzing publicly available vulnerability databases for the Linux kernel, the Xen hypervisor, and the OpenSSH tool. The results show that a typical security vulnerability involves a single function and consists of combinations of up to three fault operator instances. The expected impact of this study is to allow practical emulation of security defects in large software projects, to support software quality and security assessment.


Security Dependability Security vulnerabilities Software faults 

Mathematics Subject Classification

68N01 68M15 



This work was supported by project BASE - Biofeedback Augmented Software Engineering, project no. 31581, IC&DT AAC no. 02/SAICT/2017, and the second author was supported by the Portuguese Foundation for Science and Technology (FCT) through doctoral grant SFRH/BD/130601/2017.

Supplementary material

607_2018_657_MOESM1_ESM.csv (8 kb)
Supplementary material 1 (csv 7 KB)
607_2018_657_MOESM2_ESM.csv (6 kb)
Supplementary material 2 (csv 5 KB)
607_2018_657_MOESM3_ESM.csv (9 kb)
Supplementary material 3 (csv 9 KB)


  1. 1.
    Aho AV, Lam MS, Sethi R, Ullman JD (2007) Compilers: principles, techniques, and tools, 2nd edn. Pearson/Addison-Wesley, BostonzbMATHGoogle Scholar
  2. 2.
    Barham P, Dragovic B, Fraser K, Hand S, Harris T, Ho A, Neugebauer R, Pratt I, Warfield A (2003) Xen and the art of virtualization. SIGOPS Oper Syst Rev 37(5):164–177. CrossRefGoogle Scholar
  3. 3.
    Cerveira F, Barbosa R, Mercier M, Madeira H (2017) On the emulation of vulnerabilities through software fault injection. In: 2017 13th European dependable computing conference (EDCC)Google Scholar
  4. 4.
    Chillarege R (1996) Orthogonal defect classification. In: Lyu MR (ed) Handbook of software reliability engineering. IEEE CS Press, McGraw-Hill, Washington, New York, pp 359–400Google Scholar
  5. 5.
    Chillarege R, Bhandari IS, Chaar JK, Halliday MJ, Moebus DS, Ray BK, Wong MY (1992) Orthogonal defect classification–a concept for in-process measurements. IEEE Trans Softw Eng 18(11):943–956CrossRefGoogle Scholar
  6. 6.
    Christmansson J, Chillarege R (1996) Generation of an error set that emulates software faults based on field data. In: Proceedings of the twenty-sixth international symposium on fault-tolerant computing, IEEE, Washington, pp 304–313Google Scholar
  7. 7.
    Cotroneo D, Natella R (2013) Fault injection for software certification. IEEE Secur Priv 11(4):38–45. CrossRefGoogle Scholar
  8. 8.
    Cotroneo D, Pietrantuono R, Russo S, Trivedi KS (2016) How do bugs surface? a comprehensive study on the characteristics of software bugs manifestation. J Syst Softw 113:27–43CrossRefGoogle Scholar
  9. 9.
    Duraes JA, Madeira HS (2006) Emulation of software faults: a field data study and a practical approach. IEEE Trans Softw Eng 32(11):849–867. CrossRefGoogle Scholar
  10. 10.
    Fagan ME (1976) Design and code inspections to reduce errors in program development. IBM Syst J 15(3):182–211CrossRefGoogle Scholar
  11. 11.
    Fonseca J, Vieira M (2008) Mapping software faults with web security vulnerabilities. In: 2008 IEEE international conference on dependable systems and networks With FTCS and DCC (DSN), pp 257–266.
  12. 12.
    Fonseca J, Vieira M, Madeira H (2007) Testing and comparing web vulnerability scanning tools for SQL injection and XSS attacks. In: 13th Pacific Rim international symposium on dependable computing (PRDC 2007), pp 365–372.
  13. 13.
    Fonseca J, Vieira M, Madeira H (2009) Vulnerability & attack injection for web applications. In: 2009 IEEE/IFIP international conference on dependable systems networks, pp 93–102.
  14. 14.
    Hsueh MC, Tsai TK, Iyer RK (1997) Fault injection techniques and tools. IEEE Comput 30(4):75–82. CrossRefGoogle Scholar
  15. 15.
    Love R (2005) Linux kernel development, 2nd edn. Novell Press, ProvoGoogle Scholar
  16. 16.
    Lucas MW (2012) SSH Mastery: OpenSSH, PuTTY,tunnels and keys. Tilted Windmill Press, MichiganGoogle Scholar
  17. 17.
    Maxion RA, Olszewski RT (2000) Eliminating exception handling errors with dependability cases: a comparative, empirical study. IEEE Trans Software Eng 26(9):888–906. CrossRefGoogle Scholar
  18. 18.
    McCabe TJ (1976) A complexity measure. IEEE Trans Soft Eng SE–2(4):308–320. MathSciNetCrossRefzbMATHGoogle Scholar
  19. 19.
    McConnell S (1997) Best practices: Gauging software readiness with defect tracking. IEEE Softw 14(3):136, 135CrossRefGoogle Scholar
  20. 20.
    Pereira G, Barbosa R, Madeira H (2016) Practical emulation of software defects in source code. In: 2016 12th European dependable computing conference (EDCC), pp 130–140.
  21. 21.
    Stallings W, Brown L (2011) Computer security: principles and practice, 2nd edn. Prentice-Hall, Inc, Upper Saddle RiverGoogle Scholar

Copyright information

© Springer-Verlag GmbH Austria, part of Springer Nature 2018

Authors and Affiliations

  1. 1.CISUC, Department of Informatics EngineeringUniversity of CoimbraCoimbraPortugal

Personalised recommendations