liu.seSearch for publications in DiVA
Change search
Link to record
Permanent link

Direct link
BETA
Byers, David
Publications (10 of 16) Show all publications
Byers, D. & Shahmehri, N. (2015). Graphical Modeling of Security Goals and Software Vulnerabilities. In: Vicente García Díaz, Juan Manuel Cueva Lovelle, B. Cristina Pelayo García-Bustelo (Ed.), Handbook of Research on Innovations in Systems and Software Engineering: (pp. 1-31). IGI Global
Open this publication in new window or tab >>Graphical Modeling of Security Goals and Software Vulnerabilities
2015 (English)In: Handbook of Research on Innovations in Systems and Software Engineering / [ed] Vicente García Díaz, Juan Manuel Cueva Lovelle, B. Cristina Pelayo García-Bustelo, IGI Global, 2015, p. 1-31Chapter in book (Refereed)
Abstract [en]

Security has become recognized as a critical aspect of software development, leading to the development of various security-enhancing techniques, many of which use some kind of custom modeling language. Models in different languages cannot readily be related to each other, which is an obstacle to using several techniques together. The sheer number of languages is, in itself, also an obstacle to adoption by developers. The authors have developed a modeling language that can be used in place of four existing modeling languages: attack trees, vulnerability cause graphs, security activity graphs, and security goal indicator trees. Models in the new language can be transformed to and from the earlier language, and a precise definition of model semantics enables an even wider range of applications, such as testing and static analysis. This chapter explores this new language.

Place, publisher, year, edition, pages
IGI Global, 2015
Keywords
Software security, Software vulnerability, Security goal modelling, Secure software engineering
National Category
Software Engineering
Identifiers
urn:nbn:se:liu:diva-117722 (URN)10.4018/978-1-4666-6359-6.ch001 (DOI)978-146666-359-6 (ISBN)1-46666359-6 (ISBN)978-14-6666-360-2 (ISBN)
Available from: 2015-05-07 Created: 2015-05-07 Last updated: 2018-01-11
Byers, D. (2013). Improving Software Security by Preventing Known Vulnerabilities. (Doctoral dissertation). Linköping: Linköping University Electronic Press
Open this publication in new window or tab >>Improving Software Security by Preventing Known Vulnerabilities
2013 (English)Doctoral thesis, monograph (Other academic)
Abstract [en]

From originally being of little concern, security has become a crucial quality factor in modern software. The risk associated with software insecurity has increased dramatically with increased reliance on software and a growing number of threat agents. Nevertheless, developers still struggle with security. It is often an afterthought, bolted on late in development or even during deployment. Consequently the same kinds of vulnerabilities appear over and over again.

Building security in to software from its inception and constantly adapting processes and technology to changing threats and understanding of security can significantly contribute to establishing and sustaining a high level of security.

This thesis presents the sustainable software security process, the S3P, an approach to software process improvement for software security that focuses on preventing known vulnerabilities by addressing their underlying causes, and sustaining a high level of security by adapting the process to new vulnerabilities as they become known. The S3P is designed to overcome many of the known obstacles to software process improvement. In particular, it ensures that existing knowledge can be used to its full potential and that the process can be adapted to nearly any environment and used in conjunction with other other software security processes and security assurance models.

The S3P is a three-step process based on semi-formal modeling of vulnerabilities, ideally supported by collaborative tools. Such proof-of-concept tools were developed for all parts of the process as part of the SHIELDS project.

The first two steps of the S3P consist in determining the potential causes of known vulberabilities at all stages of software development, then identifying measures that would prevent each individual cause. These steps are performed using visual modeling languages with well-defined semantics and a modeling workflow. With tool support, modeling effort can be progressively reduced through collaboration and use of pre-existing models.

Next, the costs of all potential measures are estimated using any suitable method. This thesis uses pairwise comparisons in order to support qualitative judgements. The models and costs yield a boolan optimization problem that is solved using a search-based heuristic, to identify the best set of measures to prevent selected vulnerabilities.

Empirical evaluation of the various steps of the process has verified a number of key aspects: the modeling process is easy to learn and apply, and the method is perceived by developers as providing value and improving security. Early evaluation results were also used to refine certain aspects of the S3P.

The modeling languages that were introduced in the S3P have since been enhanced to support other applications. This thesis presents security goal models (SGMs), a language that subsumes several security-related modeling languages to unify modeling of threats, attacks, vulnerabilities, activities, and security goals. SGMs have formal semantics and are sufficiently expressive to  support applications as diverse as automatic run-time testing, static analysis, and code inspection. Proofof-concept implementations of these applications were developed as part of the SHIELDS project.

Finally, the thesis discusses how individual components of the S3P can be used in situations where the full process is inappropriate.

Place, publisher, year, edition, pages
Linköping: Linköping University Electronic Press, 2013. p. 189
Series
Linköping Studies in Science and Technology. Dissertations, ISSN 0345-7524 ; 1481
Keywords
Software security, software process improvement
National Category
Software Engineering
Identifiers
urn:nbn:se:liu:diva-84863 (URN)978-91-7519-784-5 (ISBN)
Public defence
2013-01-15, Visionen, Hus B, Capus Valla, Linköpings University, Linköping, 13:00 (English)
Opponent
Supervisors
Funder
EU, FP7, Seventh Framework Programme, 215995Vinnova
Available from: 2012-12-03 Created: 2012-10-25 Last updated: 2018-01-12Bibliographically approved
Shahmehri, N., Mammar, A., Montes De Oca, E., Byers, D., Cavalli, A., Ardi, S. & Jimenez, W. (2012). An advanced approach for modeling and detecting software vulnerabilities. Information and Software Technology, 54(9), 997-1013
Open this publication in new window or tab >>An advanced approach for modeling and detecting software vulnerabilities
Show others...
2012 (English)In: Information and Software Technology, ISSN 0950-5849, E-ISSN 1873-6025, Vol. 54, no 9, p. 997-1013Article in journal (Refereed) Published
Abstract [en]

Context: Passive testing is a technique in which traces collected from the execution of a system under testare examined for evidence of flaws in the system.

Objective: In this paper we present a method for detecting the presence of security vulnerabilities bydetecting evidence of their causes in execution traces. This is a new approach to security vulnerabilitydetection.

Method: Our method uses formal models of vulnerability causes, known as security goal models and vulnerabilitydetection conditions (VDCs). The former are used to identify the causes of vulnerabilities andmodel their dependencies, and the latter to give a formal interpretation that is suitable for vulnerabilitydetection using passive testing techniques. We have implemented modeling tools for security goal modelsand vulnerability detection conditions, as well as TestInv-Code, a tool that checks execution traces ofcompiled programs for evidence of VDCs.

Results: We present the full definitions of security goal models and vulnerability detection conditions, aswell as structured methods for creating both. We describe the design and implementation of TestInv-Code. Finally we show results obtained from running TestInv-Code to detect typical vulnerabilities in severalopen source projects. By testing versions with known vulnerabilities, we can quantify the effectivenessof the approach.

Conclusion: Although the current implementation has some limitations, passive testing for vulnerabilitydetection works well, and using models as the basis for testing ensures that users of the testing tool caneasily extend it to handle new vulnerabilities.

Place, publisher, year, edition, pages
Elsevier, 2012
Keywords
Automatic testing; Dynamic analysis; Secure software engineering; Security modelling; Software security
National Category
Engineering and Technology
Identifiers
urn:nbn:se:liu:diva-78641 (URN)10.1016/j.infsof.2012.03.004 (DOI)000306631700006 ()
Projects
SHIELDSFault-Tolerant and Secure Automotive Embedded Systems
Available from: 2012-06-15 Created: 2012-06-15 Last updated: 2018-07-17
Byers, D. & Shahmehri, N. (2011). Modeling Security Goals and Software Vulnerabilities. In: Luigia Petre, Kaisa Sere, Elena Troubitsyna (Ed.), Dependability and Computer Engineering: Concepts for Software-Intensive Systems (pp. 171-198). IGI Global
Open this publication in new window or tab >>Modeling Security Goals and Software Vulnerabilities
2011 (English)In: Dependability and Computer Engineering: Concepts for Software-Intensive Systems / [ed] Luigia Petre, Kaisa Sere, Elena Troubitsyna, IGI Global, 2011, p. 171-198Chapter in book (Other academic)
Abstract [en]

Security is becoming recognized as an important aspect of software development, leading to the development of various security-enhancing techniques, many of which use some kind of custom modeling language. Models in different languages cannot readily be related to each other, which is an obstacle to using several techniques together. The sheer number of languages is, in itself, also an obstacle to adoption by developers.

We have developed a modeling language that can be used in place of four existing modeling languages: attack trees, vulnerability cause graphs, security activity graphs, and security goal indicator trees. Our language is more precise than earlier languages, which allows models to be used in automated applications such as testing and static analysis. Models in the new language can be transformed to and from earlier languages. We also present a data model that allows users to relate different kinds of models and model elements to each other and to core security knowledge.

Place, publisher, year, edition, pages
IGI Global, 2011
Keywords
Software security, Software vulnerability, Security goal modelling, Secure software engineering
National Category
Software Engineering
Identifiers
urn:nbn:se:liu:diva-72581 (URN)10.4018/978-1-60960-747-0 (DOI)978-16-0960-747-0 (ISBN)1-6096-0-747-3 (ISBN)e- 9781609607487 (ISBN)
Funder
EU, FP7, Seventh Framework Programme, 215995
Available from: 2011-11-29 Created: 2011-11-29 Last updated: 2018-01-12Bibliographically approved
Shahmehri, N., Byers, D. & Hiran, R. (2011). TRAP: Open Decentralized Distributed Spam Filtering. In: Furnell, Steven; Lambrinoudakis, Costas; Pernul, Günther (Ed.), Trust, Privacy and Security in Digital Business: (pp. 86-97). Berlin / Heidelberg: Springer
Open this publication in new window or tab >>TRAP: Open Decentralized Distributed Spam Filtering
2011 (English)In: Trust, Privacy and Security in Digital Business / [ed] Furnell, Steven; Lambrinoudakis, Costas; Pernul, Günther, Berlin / Heidelberg: Springer , 2011, p. 86-97Chapter in book (Refereed)
Abstract [en]

Spam is a significant problem in the day-to-day operations of large networks and information systems, as well as a common conduit for malicious software. The problem of detecting and eliminating spam remains of great interest, both commercially and in a research context. In this paper we present TRAP, a reputation-based open, decentralized and distributed system to aid in detecting unwanted e-mail. In TRAP, all participants are equal, all participants can see how the system works, and there is no reliance on any member or subset of members. This paper outlines the TRAP system itself and shows, through simulation, that the fundamental component of TRAP, a distributed low-overhead trust management system, is efficient and robust under the normal conditions present on the Internet.

Place, publisher, year, edition, pages
Berlin / Heidelberg: Springer, 2011
Series
Lecture Notes in Computer Science, ISSN 0302-9743 ; 6863
Keywords
reputation; trust; spam; electronic mail
National Category
Engineering and Technology
Identifiers
urn:nbn:se:liu:diva-71709 (URN)10.1007/978-3-642-22890-2_8 (DOI)978-3-642-22889-6 (ISBN)
Available from: 2011-11-01 Created: 2011-11-01 Last updated: 2014-06-24Bibliographically approved
Vapen, A., Byers, D. & Shahmehri, N. (2010). 2-clickAuth - Optical Challenge-Response Authentication. In: International Conference on Availability, Reliability, and Security, 2010. ARES '10: . Paper presented at Fifth International Conference on Availability, Reliability and Security, (ARES '10), 15-18 February, Krakow, Poland (pp. 79-86). IEEE COMPUTER SOC, 10662 LOS VAQUEROS CIRCLE, PO BOX 3014, LOS ALAMITOS, CA 90720-1264 USA
Open this publication in new window or tab >>2-clickAuth - Optical Challenge-Response Authentication
2010 (English)In: International Conference on Availability, Reliability, and Security, 2010. ARES '10, IEEE COMPUTER SOC, 10662 LOS VAQUEROS CIRCLE, PO BOX 3014, LOS ALAMITOS, CA 90720-1264 USA , 2010, p. 79-86Conference paper, Published paper (Refereed)
Abstract [en]

Internet users today often have usernames and passwords at multiple web sites. To simplify things, many sites support some form of federated identity management, such as OpenID, that enables users to have a single account that allows them to log on to many different sites by authenticating to a single identity provider. Most identity providers perform authentication using a username and password. Should these credentials be compromised, e. g. captured by a key logger or malware on an untrusted computer, all the users accounts become compromised. Therefore a more secure authentication method is desirable. We have implemented 2-clickAuth, an optical challenge-response solution where a web camera and a camera phone are used for authentication. Two-dimensional barcodes are used for the communication between phone and computer, which allows 2-clickAuth to transfer relatively large amounts of data in a short period of time. 2-clickAuth is considerably more secure than passwords while still being easy to use and easy to distribute to users. This makes 2-clickAuth a viable alternative to passwords in systems where enhanced security is desired, but availability, ease-of-use, and cost cannot be compromised. We have implemented an identity provider in the OpenID federated identity management system that uses 2clickAuth for authentication, making 2-clickAuth available to all users of sites that support OpenID, including Facebook, Sourceforge and MySpace.

Place, publisher, year, edition, pages
IEEE COMPUTER SOC, 10662 LOS VAQUEROS CIRCLE, PO BOX 3014, LOS ALAMITOS, CA 90720-1264 USA, 2010
Keywords
authentication, QR code, federated identity management, OpenID, trusted device
National Category
Engineering and Technology
Identifiers
urn:nbn:se:liu:diva-57426 (URN)10.1109/ARES.2010.85 (DOI)000278197800011 ()978-1-4244-5879-0 (ISBN)
Conference
Fifth International Conference on Availability, Reliability and Security, (ARES '10), 15-18 February, Krakow, Poland
Available from: 2010-06-18 Created: 2010-06-18 Last updated: 2014-06-24Bibliographically approved
Byers, D. & Shahmehri, N. (2010). Unified modeling of attacks, vulnerabilities and security activities. In: Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems: . Paper presented at 2010 ICSE Workshop on Software Engineering for Secure Systems (pp. 36-42). New York, USA: ACM
Open this publication in new window or tab >>Unified modeling of attacks, vulnerabilities and security activities
2010 (English)In: Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems, New York, USA: ACM , 2010, p. 36-42Conference paper, Published paper (Refereed)
Abstract [en]

Security is becoming recognized as an important aspect of software development, leading to the development of many different security-enhancing techniques, many of which use some kind of custom modeling language. Models in these different languages cannot readily be related to each other, which is an obstacle to using several techniques together. The sheer number of languages is, in itself, also an obstacle to adoption by developers.

In this paper we present a modeling language that can be used in place of four existing modeling languages: attacktrees, vulnerability cause graphs, security activity graphs, and security goal indicator trees. Models in our language can be more precise than earlier models, which allows them to be used in automated applications, such as automatic testing and static analysis. Models in the new language can be derived automatically from models in the existing languages, and can be viewed using existing notation.

Our modeling language exploits a data model, also presented in this paper, that permits rich interconnections between various items of security knowledge. In this data model it is straightforward to relate different kinds of models, and thereby different software security techniques, to each other.

Place, publisher, year, edition, pages
New York, USA: ACM, 2010
National Category
Software Engineering
Identifiers
urn:nbn:se:liu:diva-56576 (URN)10.1145/1809100.1809106 (DOI)978-1-60558-965-7 (ISBN)
Conference
2010 ICSE Workshop on Software Engineering for Secure Systems
Available from: 2010-05-25 Created: 2010-05-25 Last updated: 2018-01-12
Byers, D. & Shahmehri, N. (2009). A systematic evaluation of disk imaging in EnCase® 6.8 and LinEn 6.1. Digital Investigation, 6(1-2), 61-70
Open this publication in new window or tab >>A systematic evaluation of disk imaging in EnCase® 6.8 and LinEn 6.1
2009 (English)In: Digital Investigation, ISSN 1742-2876, Vol. 6, no 1-2, p. 61-70Article in journal (Refereed) Published
Abstract [en]

Tools for disk imaging (or more generally speaking, digital acquisition) are a foundation for forensic examination of digital evidence. Therefore it is crucial that such tools work as expected. The only way to determine whether this is the case or not is through systematic testing of each tool. In this paper we present such an evaluation of the disk imaging functions of EnCase 6.8® and LinEn 6.1, conducted on behalf of the Swedish National Laboratory of Forensic Science. Although both tools performed as expected under most circumstances, we identified cases where flaws that can lead to inaccurate and incomplete acquisition results in LinEn 6.1 were exposed. We have also identified limitations in the tool that were not evident from its documentation. In addition summarizing the test results, we present our testing methodology, which has novel elements that we think can benefit other evaluation projects.

Keywords
Acquisition of digital data; EnCase®; Hard drive imaging; LinEn; Linux; Testing forensic tools
National Category
Engineering and Technology
Identifiers
urn:nbn:se:liu:diva-21237 (URN)10.1016/j.diin.2009.05.004 (DOI)
Available from: 2009-09-30 Created: 2009-09-30 Last updated: 2014-06-24
Byers, D. & Shahmehri, N. (2009). Prioritisation and Selection of Software Security Activities. In: International Conference on Availability, Reliability and Security, 2009: . Paper presented at 4th International Conference on Availability, Reliability and Security (ARES 2009), 16-19 March 2009, Fukuoka, Japan (pp. 201-207). IEEE
Open this publication in new window or tab >>Prioritisation and Selection of Software Security Activities
2009 (English)In: International Conference on Availability, Reliability and Security, 2009, IEEE , 2009, p. 201-207Conference paper, Published paper (Refereed)
Abstract [en]

Software security is accomplished by introducing security-related activities into the software development process or by altering existing activities so that security is taken into account. Since the importance of software security has only relatively recently received the recognition it deserves, security is not ingrained into the development processes in common use today. A variety of approaches to software security have been proposed, but they rarely support developers in determining which security activities are appropriate for them and which they should choose to implement. An exception to this rule is the Sustainable Software Security Process (S3P). This paper describes the final step of the S3P, which helps developers estimate the cost of security-related activities and select the combination of security activities that best suits their needs. This is accomplished by applying the Analytic Hierarchy Process and an automated search heuristic, scatter search, to the models created as part of the S3P.  

Place, publisher, year, edition, pages
IEEE, 2009
Keywords
Software security, analytic hierarchy process, software engineering, software process improvement
National Category
Computer Sciences
Identifiers
urn:nbn:se:liu:diva-43647 (URN)10.1109/ARES.2009.52 (DOI)000270612000027 ()74474 (Local ID)978-1-4244-3572-2 (ISBN)e-978-0-7695-3564-7 (ISBN)74474 (Archive number)74474 (OAI)
Conference
4th International Conference on Availability, Reliability and Security (ARES 2009), 16-19 March 2009, Fukuoka, Japan
Note

Acceptance rate: 25 percent

Available from: 2009-10-10 Created: 2009-10-10 Last updated: 2018-01-12
Byers, D. & Shahmehri, N. (2008). A Cause-Based Approach to Preventing Software Vulnerabilities. In: Third International Conference on Availability, Reliability and Security, 2008: . Paper presented at Third International Conference on Availability, Reliability and Security (ARES 2008), 4-7 March 2008, Barcelona, Spain (pp. 276-283). IEEE Computer Society
Open this publication in new window or tab >>A Cause-Based Approach to Preventing Software Vulnerabilities
2008 (English)In: Third International Conference on Availability, Reliability and Security, 2008, IEEE Computer Society, 2008, p. 276-283Conference paper, Published paper (Refereed)
Abstract [en]

Security is often an afterthought in software development, sometimes even bolted on during deployment or in maintenance through add-on security software and penetrate-and-patch maintenance. We think that security needs to be an integral part of software development and that preventing vulnerabilities by addressing their causes is as important as detecting and fixing them. In this paper we present a method for determining how to prevent vulnerabilities from being introduced during software development. Our method allows developers to select the set of activities that suits them best while being assured that those activities will prevent vulnerabilities. Our method is based on formal modeling of vulnerability causes and is independent of the software development process being used.

Place, publisher, year, edition, pages
IEEE Computer Society, 2008
Keywords
Security modeling, Software security, software process improvement
National Category
Computer Sciences
Identifiers
urn:nbn:se:liu:diva-40110 (URN)10.1109/ARES.2008.12 (DOI)000256665200037 ()52272 (Local ID)978-0-7695-3102-1 (ISBN)52272 (Archive number)52272 (OAI)
Conference
Third International Conference on Availability, Reliability and Security (ARES 2008), 4-7 March 2008, Barcelona, Spain
Note

Acceptance rate: 21 percent

Available from: 2009-10-10 Created: 2009-10-10 Last updated: 2018-01-13
Organisations

Search in DiVA

Show all publications