Title :
System-based Approach to Software Vulnerability
Author :
Al-Fedaghi, Sabah
Author_Institution :
Comput. Eng. Dept., Kuwait Univ., Safat, Kuwait
Abstract :
The focus of vulnerability research has been conceptualization of the lifecycle of software vulnerability as errors in software that can be used by an attacker to gain access to a system or network. This lifecycle is described in terms of its phases: creation, discovery, exploitation, disclosure, patch availability, and patch installed. The objective of this paper is to clarify the notion of vulnerability so it complements current error-focused conceptualization. The paper proposes a fine-grained lifecycle of a vulnerable system in terms of a flowsystem that includes five basic stages and is defined by a flow transition diagram. A software system is first created, released, and transferred to users; it is then activated until it fails as a result of vulnerability to an attack. Several other phases lead to re-creation of the system. Accordingly, vulnerability is defined as the state of a system where it can be damaged when it receives a certain type of attack.
Keywords :
security of data; software fault tolerance; fine-grained lifecycle; flow transition diagram; software system; software vulnerability; Databases; Frequency modulation; Hospitals; Programming; Security; Software systems; flow system; risk; software error; software vulnerability lifecycle;
Conference_Titel :
Social Computing (SocialCom), 2010 IEEE Second International Conference on
Conference_Location :
Minneapolis, MN
Print_ISBN :
978-1-4244-8439-3
Electronic_ISBN :
978-0-7695-4211-9
DOI :
10.1109/SocialCom.2010.159
