Identifying potential vulnerabilities in software designs

No Thumbnail Available
Authors
Morris, Joseph C.
Advisor
Zage, Wayne M.
Issue Date
2007
Keyword
Degree
Thesis (M.S.)
Department
Department of Computer Science
Other Identifiers
Abstract

Software engineers currently rely on lengthy source code reviews, testing, and static analysis tools to attempt identification of software vulnerabilities. While these are sometimes effective, the methods used are limited and don't catch all security vulnerabilities.Work has been done in identifying areas of software prone to failure through a design metrics approach, and with success. This study aims to extend this idea to software security. The premise of this thesis is that the set of security vulnerabilities overlaps (or may be a subset of) the overall set of software bugs and failures. It is postulated that a good, reliable design should also be a secure design. This thesis identifies design issues which may lead to security vulnerabilities and proposes possible design metric enhancements to capture these design properties.

Collections