Title :
Automated security checking and patching using TestTalk
Author :
Liu, Chang ; Richardson, Debra J.
Author_Institution :
Dept. of Inf. & Comput. Sci., California Univ., Irvine, CA, USA
Abstract :
In many computer system security incidents, attackers successfully intruded computer systems by exploiting known weaknesses. Those computer systems remained vulnerable even after the vulnerabilities were known because it requires constant attention to stay on top of security updates. It is often both time-consuming and error-prone to manually apply security patches to deployed systems. To solve this problem, we propose to develop a framework for automated security checking and patching. The framework, named Securibot, provides a self-operating mechanism for security checking and patching. Securibot performs security testing using security profiles and security updates. It can also detect compromised systems using attack signatures. Most important, the Securibot framework allows system vendors to publish recently discovered security weaknesses and new patches in a machine-readable form so that the Securibot system running on deployed systems can automatically check out security updates and apply the patches
Keywords :
security of data; Securibot; TestTalk; attack signatures; automated security checking; automated security patching; compromised system detection; security profiles; security updates; self-operating mechanism; Automatic testing; Business; Computer errors; Computer science; Computer security; DSL; Information security; Internet; Performance evaluation; Web server;
Conference_Titel :
Automated Software Engineering, 2000. Proceedings ASE 2000. The Fifteenth IEEE International Conference on
Conference_Location :
Grenoble
Print_ISBN :
0-7695-0710-7
DOI :
10.1109/ASE.2000.873673
