Formal modeling of vulnerability

Bell Labs Technical Journal

Volumn 8, Issue 4, 2004, Pages 173-186

  Fithen, William L ^a   Hernan, Shawn V ^a   O'Rourke, Paul F ^b   Shinberg, David A ^b  

^a CARNEGIE MELLON UNIVERSITY   (United States)

^b LUCENT TECHNOLOGIES   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

GRAPH VISUALIZATION; PROPOSITIONAL LOGIC; UNPLANNED SYSTEM;

COMPUTER NETWORKS; DATA PRIVACY; GRAPH THEORY; MATHEMATICAL MODELS;

SECURITY OF DATA;

EID: 29344440486     PISSN: 10897089     EISSN: 15387305     Source Type: Journal    
DOI: 10.1002/bltj.10094     Document Type: Article

References (10)

1. W. Y. Adams and E. W. Adams, Archaeological Typology and Practical Reality: A Dialectical Approach to Artifact Classification and Sorting, Cambridge University Press, Cambridge, UK, 1991.
2. C Language Integrated Production System, 〈http://www.ghg.net/clips/ CLIPS.html〉.
3. CERT Coordination Center, CERT Advisory C A-1999-04, "Melissa Macro Virus," 〈http://www.cert.org/advisories/CA-1999-04.html〉.
4. CERT Coordination Center, CERT Advisory CA-2000-04, "Love Letter Worm," 〈http://www.cert.org/advisories/CA-2000-04.html〉.
5. CERT Coordination Center, Vulnerability Note VU#38950, "MS Outlook 'Cache Bypass' Allows Attackers to Circumvent Internet Zone Security Policy," 〈http://www.kb.cert.org/vuls/id/38950〉.
6. CERT Coordination Center, Vulnerability Note VU#932283, "Microsoft Internet Explorer HTML Rendering Engine Contains Buffer Overflow Processing SRC Attribute of HTML 〈EMBED〉 Directive," 〈http://www.kb.cert. org/vuls/id/932283〉.
7. Graphviz, 〈http://www.research.att.com/sw/tools/graphviz/?.
8. I. V. Krsul, Software Vulnerability Analysis, Ph.D. Thesis, Purdue University, 1998.
9. MySQL, 〈http://www.mysql.com〉.
10. Open Vulnerability Assessment Language, 〈http://oval.mitre. org〉.