N-Version architectural framework for application security automation (NVASA)

CrossTalk

Volumn 27, Issue 5, 2014, Pages 30-34

  Malaika, Majid ^a   Nair, Suku ^a   Coyle, Frank ^a  

^a Southern Methodist University   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

AUTOMATION; LIFE CYCLE; SOFTWARE DESIGN;

APPLICATION SECURITY; ARCHITECTURAL FRAMEWORKS; AUTOMATED PROCESS; DIGITAL WORLD; N VERSION PROGRAMMING; RESILIENT SYSTEMS; SOFTWARE DEVELOPMENT LIFE CYCLE; WEB APPLICATION;

APPLICATION PROGRAMS;

EID: 84908894279     PISSN: 21601577     EISSN: 21601593     Source Type: Journal    
DOI: None     Document Type: Article

References (26)

1. Executive office of the President office of Management and Budget Washington, D. C. 20503 "E-Government Strategy" February 27, 2002.
2. U. S. Department of Commerce, Washington, D. C. 20233, "Quarterly Retail E-Commerce Sales 1st Quarter of 2011".
3. Mr. Jeff Hughes, Dr. Martin R. Stytz, Ph. D. "Advancing Software Security - The Software Protection Initiative".
4. IC3, "2008 Internet Crime Report"
5. Networks and WhiteHat Security Solution, "Vulnerability Assessment Plus Web Application Firewall (VA+WAF) " June 2008. F5
6. John Viega & Gary McGraw. "Building Secure Software: How to Avoid Security Problems the Right Way" (Chapter 1, Pages 9-13) Addison-Wesley Professional Computing Series, Addison-Wesley, New York. 2001
7. Schneier, Bruce "Secrets and Lies" (Chapter 23, Page 358), New York: John Wiley & Sons, 2000.
8. Cowan, C. Wagle, F. Calton Pu Beattie, S. Walpole, J., "Buffer overflows: attacks and defenses for the vulnerability of the Decade" 2000.
9. Guy-Vincent Jourdan, "Command Injection" 2005.
10. Chris Anley, "Advanced SQL Injection In SQL Server Applications" 2002.
11. scut/team teso, "Exploiting Format String Vulnerabilities" 2001.
12. President's Information Technology Advisory Committee. "Cyber Security: A Crisis of Prioritization19": Report to the President. National Coordination Office for Information Technology Research and Development, February 2005.
13. DISA for the DoD, "Application Security and Development" STIG, V2R1.
14. Richard Kissel & Kevin Stine & Matthew Scholl & Hart Rossman & Jim Fahlsing & Jessica Gulick, "Security Considerations in the System Development Life Cycle" NIST Special Publication 800-64 Revision 2, 2008.
15. Alexander Ivanov Sotirov, "Automatic Vulnerability Detection Using Static Source Code Analysis Thesis", 2005.
16. Michael Sutton & Adam Greene & Pedram Amini, "Fuzzing: Brute Force Vulnerability Discovery", 2007.
17. Etoh, Hiroaki, & Kunikazu Yoda, "Protecting from stack-smashing attacks"
18. Frank Eigler, "Mudflap: Pointer use checking for C/C++" 2003.
19. A. A. Avizienis, "The Methodology of N-version Programming", Software Fault Tolerance, edited by M. Lyu, John Wiley & Sons, 1995, pp. 23-46.
20. Michael R. Lyu, Algirdas Avižienis, "Assuring Design Diversity in N-Version Software: A Design Paradigm for N-Version Programming".
21. Majid Malaika, Suku Nair, and Frank Coyle "Application Security Automation for Cloud Computing" CloudComp 2010.
22. Neal R. Wagner, "The Laws of Cryptography: Java Code for AES Encryption" 2001.
23. James McCaffrey, "Keep Your Data Secure with the New Advanced Encryption Standard" 2003.
24. Niyaz PK, "Advanced Encryption Standard (AES)"
25. "Common Criteria Information Technology Security Evaluation", 1999
26. Andrew Rae, Colin Fidge, "Identifying Critical Components During Information Security Evaluation"