Modeling Class of Software Vulnerabilities with Vulnerability Cause Graphs
Independent thesis Advanced level (degree of Master (Two Years)), 30 credits / 45 HE creditsStudent thesis
Vulnerabilities discovered in software are not only due to programming errors but also due to designflaws. There are a number of methods to avoid design flaws which are all manual processes and needexpertise. We believe that the study of models of classes of vulnerabilities would give developerssufficient knowledge in how to avoid these vulnerabilities. A model of class of vulnerability can alsohelp in the decision making process during the software development process.In this thesis, we present a procedure for modeling a class of vulnerabilities given instances ofVulnerability Cause Graphs (VCGs). Using VCGs will structure the representation of causes tovulnerabilities.The approach presented in this thesis makes it possible to divide the work of modeling a class ofvulnerability without any permanent dependence on any specific persons. The approach is also flexible enough to accommodate new causes of vulnerabilities in software when being discovered.
Place, publisher, year, edition, pages
2009. , 86 p.
Vulnerability modelling, Vulnerability Cause Graphs, VCG, class VCG
IdentifiersURN: urn:nbn:se:liu:diva-51854ISRN: LIU-IDA/LITH-EX-A--09/056--SEOAI: oai:DiVA.org:liu-51854DiVA: diva2:283998
2009-10-21, Al-Khwarizmi, Building B, Ground Floor (Level 2),Linköping University, Linköping, 00:00 (English)
Byers, David, Gästadjunkt
Shahmehri, Nahid, Professor