Maintaining software with a security perspective

Conference on Software Maintenance

Volumn , Issue , 2002, Pages 194-203

  Jiwnani, Kanta ^a   Zelkowitz, Marvin ^a  

^a University of Maryland ^*  (United States)

Author keywords

Intrusion classification; Security; Testing; Vulnerabilities

Indexed keywords

DATA ACQUISITION; DATA STRUCTURES; DATABASE SYSTEMS; METRIC SYSTEM; SECURITY OF DATA; SOFTWARE ENGINEERING;

SOFTWARE SECURITY;

COMPUTER SOFTWARE MAINTENANCE;

EID: 0036439885     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (25)

1. Michael A. Cusumano and Richard W. Selby, "Microsoft Secrets: How the World's Most Powerful Software Company Creates Technology, Shapes Markets, and Manages People," The Free Press, 1995.
2. Gula, Ron. "Broadening the Scope of Penetration Testing Techniques". July 1999.
3. C. Pfleeger, S. Pfleeger and M. Theofanos, "A Methodology for penetration testing," Computers and Security, 8(7), 613-620, 1989.
4. R.R. Linde, "Operating System Penetration," AFIPS National Computer Conference, pp. 361-368, 1975.
5. E.J. McCauley and P.J. Drongowski, "The Design of A Secure Operating System," National Computer Conference, 1979.
6. R. Kaksonen, Marko Laakso, Ari Takanen, "Vulnerability Analysis of Software through Syntax Testing," Technical Research Centre of Finland, 2000. Available online at http://www.ee.oulu.fi/research/ouspg/protos/analysis/WP2000-robustness/.
7. G. Fink and M. Bishop, "Property Based Testing: A New Approach to Testing for Assurance," ACM SIGSOFT Software Engineering Notes, 22(4), July 1997.
8. J. Voas, and G. McGraw, "Software Fault Injection: Incoculating Programs Against Errors," John Wiley & Sons, Inc., 1998.
9. Wenliang Du and A.P. Mathur, "Vulnerability Testing of Software System Using Fault injection," Department of Computer Sciences, Purdue University; Coast TR 98-02; 1998.
10. Eugene H. Spafford, "Extending Mutation Testing to find Environmental bugs," Software Practice and Principle, 20(2), pp. 181-189, Feb 1990.
11. V.D. Gligor, C.S. Chandersekaran, W. Cheng, W.D. Jiang, A. Johri, G.L. Luckenbaugh and L.E. Reich, "A New Security Testing Method and its Application to the Secure Xenix Kernel," Proceedings of the IEEE Symposium on Security and Privacy, pp. 40-58, 1986.
12. B. Beizer, "Software Testing Techniques," Van Nostrand Reinhold, New York, 1990.
13. Bisbey, R. and D. Hollingsworth, "Protection Analysis ProJect Final Report," Information Sciences Institute, University of Southern California, Marina Del Rey, CA, 1978.
14. R.P. Abbott et al., "Security Analysis and Enhancements of Computer Operating Systems," Report NBSIR 76-1041, Institute for Computer Science and Technology, Natl. Bur. of Stnds, 1976.
15. Eugene H. Spafford, "Common System Vulnerabilities," Proceedings of the Workshop on Future Directions in Computer Misuse and Anomaly Detection pp. 34-37, 1992.
16. C.E. Landwehr, A.R. Bull, J.P. McDermott, and W.S. Choi, "A taxonomy of computer program security flaws," ACM Computing Surveys, Vol. 26 (3), pp. 211-254, 1994.
17. T. Aslam, "A taxonomy of Security Faults in the Unix Operating System," M.S. Thesis, Purdue University, 1995.
18. T. Aslam, "Use of a taxonomy of Security Faults," Technical Report 96-05, COAST Laboratory, Department of Computer Science, Purdue University, March 1996.
19. M. Bishop, "A Taxonomy of UNIX System and Network Vulnerabilities," Technical Report CSE-95-10, Purdue University, May 1995.
20. st National Information Systems Security Conference (NISSC'98), Crystal City, VA, 1998.
21. R.A. Demillo and A.P. Mathur, "A grammar based fault classification scheme and its application to the classification of the errors of TEX," Technical Report SERC-TR-165-P, Purdue University, 1995.
22. Brian Marick, "A survey of software fault surveys," Technical Report UIUCDCS-R-90-1651, University of Illinois at Urbana-Champaign, December 1990.
23. Ram Chillarege, "ODC for Process Measurement, Analysis and Control," Proc. of the Fourth International Conference on Software Quality, ASQC Software Division, Oct 3-5, 1994 McLean, VA.
24. Ram Chillarege, Inderpal S. Bhandari, Jarir K. Chaar, Michael J. Halliday, Diane S. Moebus, Bonnie K. Ray, Man-Yuen Wong, "Orthogonal Defect Classification - A Concept for In-Process Measurements," IEEE Transactions on Software Engineering, Vol 18, No. 11, Nov 1992.
25. Hans Hedbom, Stefan Lindskog, Stefan Axelsson and Erland Jonsson, "A Comparison of the Security of Windows NT and UNIX", Third Nordic Workshop on Secure IT Systems, November 1998.