A Layer-Independent Taxonomy for Evaluating Application Security and its application to the Ethos OS
MetadataShow full item record
Security breaches and vulnerability in software are topics that are rapidly gaining importance and fame. Every year about 6000 vulnerabilities are officially classified in the NIST National Vulnerabilities Database. Usually these vulnerabilities are not actually perceived by the final users, who are light years from the technical understanding of what happens in software and services that they daily use. Providing a crisp definition of what is secure software, and how to establish whether or not some software is more secure than other is an extremely hard problem to solve. The goal of this work is not to provide a final answer to a problem that most likely doesn't have a crisp answer, and is intrinsically well suited for having many interpretations depending on the perspective from which is observed. This work focus on the development of a way to approach the problem, understanding the environment related to it and providing means of analyzing and comparing different systems and the applications that run on top of them, from the security perspective. These concerns have been addressed by the creation of a conceptual framework based on a taxonomization process of security flaws in software. The proposed methodology has been applied and tested in a real case involving the experimental security-oriented operating system Ethos.
Date available in INDIGO2014-06-11T09:30:27Z
Showing items related by title, author, creator and subject.
Visca, Fernando (2014-10-28)The objective of this work is that of reporting how I developed a user-space debugger, based on GDB, for the Ethos OS—EDB. I am going to introduce the reader to Ethos culture and structure with a particular emphasis on ...
Schiavoni, Stefano (2013-10-24)A botnet is a network of compromised machines (bots) under the control a an entity (the botmaster), which uses them to perform illegal activities. Modern botnets rely on domain generation algorithms (DGAs) to build resilient ...
Cioria, Luca (2015-10-21)This thesis aims to improve the current systems to identify fraudolent bank trans- actions. We start by analyzing the state of the art, in particular the work done in the BankSealer project, focusing on the temporal analysis ...