论文信息 - An Approach for Certifying Security in Software Components

An Approach for Certifying Security in Software Components

The growth of Internet-based electronic commerce, with its potential to create new business markets and streamline corporate operations, has been hindered over the past three years by concerns over the security of the system. While several secure transaction protocols have emerged to allay concerns, most security violations in practice are made possible by aws in e-commerce client/server software. The approach outlined in this paper develops a certi cation process for testing software components for security properties. The anticipated results from this research is a process and set of core white-box and black-box testing technologies to certify the security of software components. The manifestation of the product is a stamp of approval in the form of a digital signature.

Gary McGraw | Anup K. Ghosh | G. McGraw

[1] William Cheswick,et al. Firewalls and Internet Security , 1994 .

[2] Bruce Schneier,et al. Cryptography, security, and the future , 1999 .

[3] Keith W. Miller,et al. Confidently Assessing a Zero Probability of Software Failure , 1993, SAFECOMP.

[4] Jeffrey M. Voas,et al. Predicting How Badly "Good" Software Can Behave , 1997, IEEE Softw..

[5] Gary McGraw,et al. An automated approach for identifying potential vulnerabilities in software , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[6] Dan Farmer,et al. Improving the Security of Your Site by Breaking Into it , 2000 .

[7] Eugene H. Spafford,et al. The COPS Security Checker System , 1990, USENIX Summer.

[8] Jeffrey M. Voas,et al. Predicting software's minimum-time-to-hazard and mean-time-to-hazard for rare input events , 1995, Proceedings of Sixth International Symposium on Software Reliability Engineering. ISSRE'95.

[9] David Safford,et al. The TAMU Security Package: An Ongoing Response to Internet Intruders in an Academic Environment , 1993, USENIX Security Symposium.

[10] Matt Bishop,et al. Property-based testing: a new approach to testing for assurance , 1997, SOEN.