Abstract
This paper presents a taxonomy of vulnerabilities created as a part of an effort to develop a framework for deriving verification and validation strategies to assess software security. This taxonomy is grounded in a process/object model of computation that establishes a relationship between software vulnerabilities, an executing process, and computer system resources such as memory, input/output, or cryptographic resources. That relationship promotes the concept that a software application is vulnerable to exploits when it permits the violation of (a) constraints imposed by computer system resources and/or (b) assumptions made about the usage of those resources. The taxonomy identifies and classifies these constraints and assumptions. The process/object model also serves as a basis for the classification scheme the taxonomy uses. That is, the computer system resources (or objects) identified in the process/object model form the categories and refined subcategories of the taxonomy. Vulnerabilities, which are expressed in the form of constraints and assumptions, are classified within the taxonomy according to these categories and subcategories. This taxonomy of vulnerabilities is novel and distinctively different from other taxonomies found in literature
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
