A Data-Driven Finite State Machine Model for Analyzing Security Vulnerabilities

Proceedings of the International Conference on Dependable Systems and Networks

Volumn , Issue , 2003, Pages 605-614

  Chen, Shuo ^a   Kalbarczyk, Zbigniew ^a   Xu, Jun ^a   Iyer, Ravishankar K ^a  

^a University of Illinois at Urbana Champaign   (United States)

Author keywords

Data analysis; Finite state machine modeling; Security vulnerabilities

Indexed keywords

FINITE STATE MACHINE (FSM) MODEL; SECURITY VULNERABILITIES;

DATA REDUCTION; DATABASE SYSTEMS; RANDOM PROCESSES; STATISTICAL METHODS;

SECURITY OF DATA;

EID: 1542359967     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (21)

1. D. E. Bell and L. LaPadula. Secure computer systems: A mathematical model Technical report MTR-2547 Vol II. Mitre Corporation, Bedford, MA, May 1973.
2. J. Rushby. Security Requirements Specifications: How and What? Symposium on Requirements Engineering for Information Security (SREIS), 2001
3. John McLean. Specifying and Modeling of Computer Security. IEEE Computer 23(1) pp. 9-16. Jan. 1989.
4. John McLean. Security Models. In John Marciniak edited, Encyclopedia of Software Engineering. Wiley Press, 1994.
5. M. Bishop and D. Bailey, A Critical Analysis of Vulnerability Taxonomies, Technical Report 96-11, Department of Computer Science, University of California at Davis (Sep. 1996).
6. th Intl Symposium on Fault-Tolerant Computing (FTCS-15), pages 2-11, June 1985.
7. T. Aslam, I. Krsul, E. Spafford. Use of A Taxonomy of Security Faults. Proc. 19th NIST-NCSC National Information Systems Security Conference
8. C. Landwehr, A. Bull, J. McDermott, W. Choi, A Taxonomy of Computer Program Security Flaws, with Examples, ACM Computing Surveys 26, no. 3 (Sep 1994).
9. R. P. Abbott, J. S. Chin, J. E. Donnelley, et al. Security Analysis and Enhancement of Computer Operating Systems. NBSIR 76-1041, Institute for Computer Sciences and Technology, National Bureau of Standards, Apr. 1976.
10. B. Bisbey II and D. Hollingsworth. Protection Analysis Project Final Report. ISI/RR-78-13, DTIC AD A056816, USC/Information Sciences Institute, May 1978
11. U. Lindqvist and E. Jonsson. How to Systematically Classify Computer Security Intrusions. In Proc. of the 1997 IEEE Symposium on Security and Privacy, pages 154-163, Oakland, CA, May 4-7, 1997.
12. M. Howard and D. LeBlanc, Writing Secure Code. Microsoft Press. 2001.
13. http://www.securityfocus.com
14. http://www.cert.org
15. StackGuard Mechanism: Emsi's Vulnerability, http://www.immunix.org/StackGuard/emsi_vuln.html
16. J. Xu, Z. Kalbarczyk, S. Patel and R. K. Iyer. Compiler and Architecture Support for Defense against Buffer Overflow Attacks. 2nd Workshop on Evaluating and Architecting System Dependability (EASY), San Jose, CA, October, 2002.
17. R. Ortalo, Y. Deswarte and M. Kaaniche, Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security. IEEE Transactions on Software Engineering, vol. 25, no. 5, pp.633-650, Sept. 1999
18. O. Sheyner, J. Haines, S. Jha, et al. Automated generation and analysis of attack graphs. Proc. 2002 IEEE Symposium on Security and Privacy. Page(s): 254-265
19. C. Michael, A. Ghosh. Simple, state-based approaches to program-based anomaly detection. ACM Transactions on Information and System Security. Pages: 203-237. Vol.5 No.3. Aug. 2002
20. B. Madam, K. Goseva-Popstojanova, et al. Modeling and Quantification of Security Attributes of Software Systems. Proc. 2002 IEEE Intl Conference on Dependable Systems and Networks. Pages: 505-514. June 2002
21. S. Chen, Z. Kalbarczyk, J. Xu, R. Iyer. Finite State Machine Models of Security Vulnerabilities. http://ww.crhc.uiuc.edu/~shuochen/data-model-full.pdf