Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Software Security Analysis: Execution Phase Audit
Ansvarig organisation
2005 (Engelska)Konferensbidrag, Publicerat paper (Refereegranskat) Published
Abstract [en]

Code revision of a leading telecom product was performed, combining manual audit and static analysis tools. On average, one exploitable vulnerability was found for every 4000 lines of code. Half of the located threats in the product were buffer overflows followed by race condition, misplaced trust, and poor random generators. Static analysis tools were used to speed up the revision process and to integrate security tests into the overall project process. The discussion analyses the effectiveness of automatic tools for auditing software. Furthermore, the incorporation of the software security analysis into the development process, and the results and costs of the security analysis is discussed. From the initial 42 workdays used for finding all vulnerabilities, approximately 16 days were needed for finding and correcting 91,5 % of the vulnerabilities. So, proportionally small investments improve the program code security by integrating an automatic auditing tool into the ordinary execution of source code revision.

Ort, förlag, år, upplaga, sidor
Porto, 2005.
Nationell ämneskategori
Datavetenskap (datalogi)
Identifikatorer
URN: urn:nbn:se:bth-8677ISI: 000232368700028Lokalt ID: oai:bth.se:forskinfoDEDB7CA1433C14AAC12573C90050E7EBOAI: oai:DiVA.org:bth-8677DiVA, id: diva2:836427
Konferens
Euromicro
Tillgänglig från: 2012-09-18 Skapad: 2008-01-07 Senast uppdaterad: 2018-01-11Bibliografiskt granskad

Open Access i DiVA

fulltext(199 kB)157 nedladdningar
Filinformation
Filnamn FULLTEXT01.pdfFilstorlek 199 kBChecksumma SHA-512
f339bce08b252543108ce666f6c28de3d6c9e42a7b3a8cf92934604327a308b7bafcd32a8f11da8b3038d73767ddff37e8733627f91e8306a6f553cbcede9e88
Typ fulltextMimetyp application/pdf

Personposter BETA

Carlsson, Bengt

Sök vidare i DiVA

Av författaren/redaktören
Carlsson, Bengt
Datavetenskap (datalogi)

Sök vidare utanför DiVA

GoogleGoogle Scholar
Totalt: 157 nedladdningar
Antalet nedladdningar är summan av nedladdningar för alla fulltexter. Det kan inkludera t.ex tidigare versioner som nu inte längre är tillgängliga.

urn-nbn

Altmetricpoäng

urn-nbn
Totalt: 133 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf