Abstract
Need of vulnerability analysis during software maintenance has been highly stressed by many vulnerability response experts. An analysis of why and how vulnerability happened is crucial for developing appropriate countermeasures to prevent recurrence of the vulnerabilities. In this paper, we present a framework for vulnerability analysis which needs to be applied during software maintenance. The framework helps in better and efficient cause-detection, identification of reasons of the breaches and development of countermeasures for already existing as well as new vulnerabilities.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Viega, J., McGraw, G.: Building Secure Software. Addition Wesley, Reading (2005)
SANS, http://www.sans.org/
Common Weakness Enumeration, http://www.cwe.mitre.org
Common Vulnerability Scoring System, http://www.first.org.cvss
Ray, I., Nayot, P.: Using Attack Trees to Identify Malicious Attacks from Authorized Insiders. In: di Vimercati, S.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 231–246. Springer, Heidelberg (2005)
Byers, D., Shahmehri, N.: A Cause-Based Approach to Preventing Software Vulnerabilities. In: The Third International Conference on Availability, Reliability and Security, pp. 276–283 (2008)
Kloos, J., Elberzgager, F., Eschbach, R.: Systmatic Construction of Goal Indicator Trees for Indicator-Based Dependability Inspections. In: 36th Conference on Software Engineering and Advanced Applications (SEAA), pp. 279–282 (2010)
Byers, D., Shahmehri, N.: Unified modeling of attacks, vulnerabilities and security Activities. In: Workshop on Software Engineering for Secure Systems (SESS). ACM, Cape Town (2010)
Incident handling analysis CERT/CSIRT style Hand-on training. Cyber Security Malaysia (2010)
Byers, D., Ardi, S., Shahmehri, N., Duma, C.: Modeling Software Vulnerabilities With Vulnerability Cause Graphs. In: 22nd IEEE International Conference on Software Maintenance, pp. 411–422 (2006)
Ardi, S., Shahmehri, N.: A Post-Mortem Incident Modeling Method. International Conference on Availability, Reliability and Security, 1018–1023 (2009)
Mell, M., Scarfone, K., Romanosky, S.: Common Vulnerability Scoring System. IEEE Security & Privacy 4, 85–89 (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chhabra, J.K., Prajapati, A. (2011). A Framework for Vulnerability Analysis during Software Maintenance. In: Mantri, A., Nandi, S., Kumar, G., Kumar, S. (eds) High Performance Architecture and Grid Computing. HPAGC 2011. Communications in Computer and Information Science, vol 169. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22577-2_38
Download citation
DOI: https://doi.org/10.1007/978-3-642-22577-2_38
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22576-5
Online ISBN: 978-3-642-22577-2
eBook Packages: Computer ScienceComputer Science (R0)