Application of vulnerability discovery models to major operating systems

IEEE Transactions on Reliability

Volumn 57, Issue 1, 2008, Pages 14-22

  Alhazmi, Omar H ^a   Malaiya, Yashwant K ^a  

^a Colorado State University   (United States)

Author keywords

Operating systems; Security; Software reliability growth models; Vulnerabilities; Vulnerability discovery

Indexed keywords

COMPUTER SIMULATION; SECURITY OF DATA; SOFTWARE ENGINEERING; SOFTWARE RELIABILITY;

LINUX OPERATING SYSTEM; VULNERABILITY DISCOVERY MODEL;

COMPUTER OPERATING SYSTEMS;

EID: 41449117969     PISSN: 00189529     EISSN: None     Source Type: Journal    
DOI: 10.1109/TR.2008.916872     Document Type: Article

References (24)

1. H. Akaike, Prediction and Entropy NTIS, Springfield, VA, MRC Technical Summary Report #2397, 1982.
2. O. H. Alhazmi and Y. K. Malaiya, "Quantitative vulnerability assessment of systems software," in Proc. Annual Reliability and Maintainability Symposium, January 2005, pp. 615-620.
3. O. H. Alhazmi, Y. K. Malaiya, and I. Ray, "Measuring, analyzing and predicting security vulnerabilities in software systems," Computers and Security Journal, vol. 26, no. 3, pp. 219-228, May 2007.
4. O. H. Alhazmi and Y. K. Malaiya, "Prediction capability of vulnerability discovery models," in Proc. Reliability and Maintainability Symposium, January 2006, pp. 86-91.
5. O. H. Alhazmi and Y. K. Malaiya, "Modeling the vulnerability discovery process," in Proceedings of 16th IEEE International Symposium on Software Reliability Engineering (ISSRE'05), 2005, pp. 129-138.
6. O. H. Alhazmi and Y. K. Malaiya, "Measuring and enhancing prediction capabilities of vulnerabilities discovery models for Apache and IIS http servers," in Proc. 17th IEEE International Symposium on Software Reliability Engineering (ISSRE'06), 2006, pp. 343-352.
7. J. Amor-Iglesias, J. González-Barahona, G. Robles-Martínez, and I. Herráiz-Tabernero, "Libre software as a field of study," The European Journal for the Informatics Professional, vol. VI, no. 3, pp. 13-16, June 2005.
8. R. J. Anderson, "Security in open versus closed systems - The dance of Boltzmann, Coase and Moore," in Open Source Software: Economics, Law and Policy. Toulouse, France:, June 20-21, 2002.
9. S. Beattie, S. Arnold, C. Cowan, P. Wagle, and C. Wright, "Timing the application of security patches for optimal uptime," in Proc. LISA XVI, November 2002, pp. 233-242.
10. P. G. Bishop and R. E. Bloomfield, "A conservative theory for longterm reliability growth prediction," IEEE Trans. Reliability, vol. 45, no. 4, pp. 550-560, Dec. 1996.
11. R. M. Brady, R. J. Anderson, and R. C. Ball, Murphy's law, the fitness of evolving species, and the limits of software reliability Cambridge University Computer Laboratory, Technical Report No. 471, September 1999 [Online]. Available: http://www.cl.cam.ac.uk/ftp/users/rja14/babtr.pdf
12. H. K. Browne, W. A. Arbaugh, J. McHugh, and W. L. Fithen, "A trend analysis of exploitation," in Proc. IEEE Symposium on Security a Privacy, 2001, May 2001, pp. 214-229.
13. B. Brykczynski and R. A. Small, "Reducing internet-based intrusion Effective security patch management," IEEE Software, vol. 20, no. pp. 50-57, Jan./Feb. 2003.
14. A. L. Goel and K. Okumoto, "Time-dependent error detection rat model for software and other performance measures," IEEE Trans. on Reliability, vol. R-28, no. 3, pp. 206-211, August 1979.
15. NVD Metabase July 2006 [Online]. Available: http://nvd.nist.gov
16. "Handbook of Software Reliability Engineering," M. R. Lyu, Ed., McGraw-Hill, 1995.
17. Y. K. Malaiya, A. von Mayrhauser, and P. K. Srimani, "An examination of fault exposure ratio," IEEE Trans. Software Engineering, pp. 1087-1094, Nov. 1993.
18. G. McGraw, "From the ground up: The DIMACS software security workshop," IEEE Security & Privacy, vol. 1, no. 2, pp. 59-66, March/April 2003.
19. The MITRE Corporation, February 2005 [Online]. Available: www.mitre.org
20. J. D. Musa, Software Reliability Engineering. : McGraw-Hill, 1999
21. J. D. Musa and K. Okumoto, "A logarithmic Poisson execution time model for software reliability measurement," in Proc. 7th International Conference on Software Engineering, Orlando, FL, 1984, pp. 230-238.
22. A. Ozment and S. E. Schechter, "Milk or wine: Does software security improve with age?," in The 15th USENIX Security Symposium, Vancouver, BC, July 31-August 4 2006.
23. E. Rescola, "Is finding security holes a good idea?," Security and Privacy, pp. 14-19, Jan./Feb. 2005.
24. E. E. Schultz, Jr., D. S. Brown, and T. A. Longstaff, Responding Computer Security Incidents. :LAwrence Livermore National Laboratory, July 23, 1990 [Online]. Available: Ftp://ftp.cert.dfn.de/pub/docs/csir/ ihg.ps.gz