{"title":"第一原则脆弱性评估","authors":"J. Kupsch, B. Miller, E. Heymann, Eduardo César","doi":"10.1145/1866835.1866852","DOIUrl":null,"url":null,"abstract":"Clouds and Grids offer significant challenges to providing secure infrastructure software. As part of a our effort to secure such middleware, we present First Principles Vulnerability Assessment (FPVA), a new analyst-centric (manual) technique that aims to focus the analyst's attention on the parts of the software system and its resources that are most likely to contain vulnerabilities that would provide access to high-value assets. FPVA finds new threats to a system and is not dependent on a list of known threats.\n Manual assessment is labor-intensive, making the use of automated assessment tools quite attractive. We compared the results of FPVA to those of the top commercial tools, providing the first significant evaluation of these tools against a real-world known collection of serious vulnerabilities. While these tools can find common problems in a program's source code, they miss a significant number of serious vulnerabilities found by FPVA. We are now using the results of this comparison study to guide our future research into improving automated software assessment.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"134 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-10-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"26","resultStr":"{\"title\":\"First principles vulnerability assessment\",\"authors\":\"J. Kupsch, B. Miller, E. Heymann, Eduardo César\",\"doi\":\"10.1145/1866835.1866852\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Clouds and Grids offer significant challenges to providing secure infrastructure software. As part of a our effort to secure such middleware, we present First Principles Vulnerability Assessment (FPVA), a new analyst-centric (manual) technique that aims to focus the analyst's attention on the parts of the software system and its resources that are most likely to contain vulnerabilities that would provide access to high-value assets. FPVA finds new threats to a system and is not dependent on a list of known threats.\\n Manual assessment is labor-intensive, making the use of automated assessment tools quite attractive. We compared the results of FPVA to those of the top commercial tools, providing the first significant evaluation of these tools against a real-world known collection of serious vulnerabilities. While these tools can find common problems in a program's source code, they miss a significant number of serious vulnerabilities found by FPVA. We are now using the results of this comparison study to guide our future research into improving automated software assessment.\",\"PeriodicalId\":300613,\"journal\":{\"name\":\"Cloud Computing Security Workshop\",\"volume\":\"134 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-10-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"26\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Cloud Computing Security Workshop\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/1866835.1866852\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Cloud Computing Security Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1866835.1866852","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Clouds and Grids offer significant challenges to providing secure infrastructure software. As part of a our effort to secure such middleware, we present First Principles Vulnerability Assessment (FPVA), a new analyst-centric (manual) technique that aims to focus the analyst's attention on the parts of the software system and its resources that are most likely to contain vulnerabilities that would provide access to high-value assets. FPVA finds new threats to a system and is not dependent on a list of known threats.
Manual assessment is labor-intensive, making the use of automated assessment tools quite attractive. We compared the results of FPVA to those of the top commercial tools, providing the first significant evaluation of these tools against a real-world known collection of serious vulnerabilities. While these tools can find common problems in a program's source code, they miss a significant number of serious vulnerabilities found by FPVA. We are now using the results of this comparison study to guide our future research into improving automated software assessment.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
