preprint an automated approach for identifying potential vulnerabilities新.pdf

PREPRINT An Automated Approach for Identifying Potential Vulnerabilities in Software Anup K Ghosh Tom OConnor Gary McGraw Reliable Software Technologies Corp oration Ridgetop Circle Sterling VA faghoshtoconnorgem grstcorp com httpwwwrstcorpcom Abstract databases Pro cess maturity mo dels and formally ver This p aper pr esents results fr om analyzing the vul ied proto cols play a necessary and imp ortant role in nerability of securitycritical software applications to developing secure systems It is imp ortant to note malicious threats and anomalous events using an au however that even the most rigorous pro cesses can tomated fault injection analysis approach The work pro duce p o or quality software Likewise even the is based on the wel lunderstood pr emise that a large most rigorously and formally analyzed proto col sp eci pr oportion of security violations result fr om errors in cation can b e p o orly implemented In practice mar software source code and conguration The method ket pressures tend to dominate the engineering and ology employs software fault injection to for ce anoma development of software often at the exp ense of for lous pr ogr am states during the execution of software mal verication and even testing activities This is and observes their corresponding eects on system se esp ecially true of commercial grade softwa