bth.se
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Software Security Analysis: Execution Phase Audit
Responsible organisation
2005 (English)Conference paper, Published paper (Refereed) Published
Abstract [en]

Code revision of a leading telecom product was performed, combining manual audit and static analysis tools. On average, one exploitable vulnerability was found for every 4000 lines of code. Half of the located threats in the product were buffer overflows followed by race condition, misplaced trust, and poor random generators. Static analysis tools were used to speed up the revision process and to integrate security tests into the overall project process. The discussion analyses the effectiveness of automatic tools for auditing software. Furthermore, the incorporation of the software security analysis into the development process, and the results and costs of the security analysis is discussed. From the initial 42 workdays used for finding all vulnerabilities, approximately 16 days were needed for finding and correcting 91,5 % of the vulnerabilities. So, proportionally small investments improve the program code security by integrating an automatic auditing tool into the ordinary execution of source code revision.
Place, publisher, year, edition, pages
Porto, 2005.
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:bth-8677ISI: 000232368700028Local ID: oai:bth.se:forskinfoDEDB7CA1433C14AAC12573C90050E7EBOAI: oai:DiVA.org:bth-8677DiVA, id: diva2:836427
Conference
Euromicro
Available from: 2012-09-18 Created: 2008-01-07 Last updated: 2018-01-11Bibliographically approved

Open Access in DiVA

fulltext(199 kB)416 downloads
File information
File name FULLTEXT01.pdfFile size 199 kBChecksum SHA-512
f339bce08b252543108ce666f6c28de3d6c9e42a7b3a8cf92934604327a308b7bafcd32a8f11da8b3038d73767ddff37e8733627f91e8306a6f553cbcede9e88
Type fulltextMimetype application/pdf

Authority records

Carlsson, Bengt

Search in DiVA

By author/editor
Carlsson, Bengt
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 416 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 270 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.45.0
|
WCAG
|
BTH Library
|
Publish/Register
|
How to publish/register
|
Diva portal
|
SwePub
|
Uppsök