Protection of software against various attacks: issues and challenges

In the present scenario, the increase of malicious attacks lead to the various software vulnerabilities which needs to be detected in early stages of development of the software. Software vulnerability is a security flaw, glitch, or weakness found in software or in an operating system that can lead to security concerns. Predicting software vulnerabilities would help in increasing the security of the software application. We evaluate various attacks which could occur in the system and should have prior knowledge about various vulnerabilities which exists in the current era. The fundamental objective of doing this paper is to analyze the varied techniques by which we can detect the software vulnerability and could overcome the various issues and challenges. Importance of vulnerability management can be in detecting and protecting the application vulnerabilities in the codes. We have brought down certain pros and cons of existing techniques and scope of future research in our findings.

[1]  Dragan Djuric,et al.  Functional Programming Way to Interact with Software Attacks and Vulnerabilities , 2010, 2010 Third International Conference on Software Testing, Verification, and Validation Workshops.

[2]  Kenji Kono,et al.  AspFuzz: A state-aware protocol fuzzer based on application-layer protocols , 2010, The IEEE symposium on Computers and Communications.

[3]  Liang Liu,et al.  A framework for privacy information protection on Android , 2015, 2015 International Conference on Computing, Networking and Communications (ICNC).

[4]  Julius Davies Measuring subversions: security and legal risk in reused software artifacts , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[5]  David Chenho Kung,et al.  A distributed framework for demand-driven software vulnerability detection , 2014, J. Syst. Softw..

[6]  Michel Cukier,et al.  Automated checking for Windows host vulnerabilities , 2005, 16th IEEE International Symposium on Software Reliability Engineering (ISSRE'05).

[7]  Gail E. Kaiser,et al.  Configuration Fuzzing for Software Vulnerability Detection , 2010, 2010 International Conference on Availability, Reliability and Security.

[8]  Tshilidzi Marwala,et al.  Applications of computational intelligence for static software checking against memory corruption vulnerabilities , 2013, 2013 IEEE Symposium on Computational Intelligence in Cyber Security (CICS).

[9]  Adriano Bessa Albuquerque,et al.  A Knowledge Management Approach to Support a Secure Software Development , 2009, 2009 International Conference on Availability, Reliability and Security.

[10]  Gunnar Peterson,et al.  A Metrics Framework to Drive Application Security Improvement , 2007, IEEE Security & Privacy.

[11]  Katsuro Inoue,et al.  Very-Large Scale Code Clone Analysis and Visualization of Open Source Programs Using Distributed CCFinder: D-CCFinder , 2007, 29th International Conference on Software Engineering (ICSE'07).

[12]  Peng Liu,et al.  Dynamically Discovering Likely Memory Layout to Perform Accurate Fuzzing , 2016, IEEE Transactions on Reliability.

[13]  John Steven,et al.  Metricon 2.0 , 2007, IEEE Security & Privacy Magazine.

[14]  Yeali S. Sun,et al.  A novel approach to evaluate software vulnerability prioritization , 2013, J. Syst. Softw..

[15]  Dwen-Ren Tsai,et al.  Optimum tuning of defense settings for common attacks on the web applications , 2009, 43rd Annual 2009 International Carnahan Conference on Security Technology.

[16]  Ansar Abbas,et al.  Web application security vulnerabilities detection approaches: A systematic mapping study , 2015, 2015 IEEE/ACIS 16th International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD).

[17]  Norismiza Ismail,et al.  A systematic mapping study on open data , 2015 .

[18]  Anshika Sharma,et al.  Analytical review on object segmentation and recognition , 2016, 2016 6th International Conference - Cloud System and Big Data Engineering (Confluence).

[19]  Xiangyu Zhang,et al.  Convicting exploitable software vulnerabilities: An efficient input provenance based approach , 2008, 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN).

[20]  V. N. Venkatakrishnan,et al.  WAVES: Automatic Synthesis of Client-Side Validation Code for Web Applications , 2012, 2012 International Conference on Cyber Security.

[21]  James D. Arthur,et al.  Modeling Security Vulnerabilities: A Constraints and Assumptions Perspective , 2006, 2006 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing.

[22]  Mario Jino,et al.  Analysis of the effect of Java software faults on security vulnerabilities and their detection by commercial web vulnerability scanner tool , 2010, 2010 International Conference on Dependable Systems and Networks Workshops (DSN-W).

[23]  Li Li,et al.  The Application of Fuzzing in Web Software Security Vulnerabilities Test , 2013, 2013 International Conference on Information Technology and Applications.

[24]  Mehdi R. Zargham,et al.  Vulnerability Scrying Method for Software Vulnerability Discovery Prediction Without a Vulnerability Database , 2013, IEEE Transactions on Reliability.

[25]  Kai Chen,et al.  Vulnerability-Based Backdoors: Threats from Two-step Trojans , 2013, 2013 IEEE 7th International Conference on Software Security and Reliability.

[26]  Juha Röning,et al.  Vulnerability Dependencies in Antivirus Software , 2008, 2008 Second International Conference on Emerging Security Information, Systems and Technologies.