SV-AF — A Security Vulnerability Analysis Framework

机译：SV-AF —安全漏洞分析框架

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

The globalization of the software industry has introduced a widespread use of system components across traditional system boundaries. Due to this global reuse, also vulnerabilities and security concerns are no longer limited in their scope to individual systems but instead can now affect global software ecosystems. While known vulnerabilities and security concerns are reported in specialized vulnerability databases, these repositories often remain information silos. In this research, we introduce a modeling approach, which eliminates these silos by linking security knowledge with other software artifacts to improve traceability and trust in software products. In our approach, we introduce a Security Vulnerabilities Analysis Framework (SV-AF) to support evidence based vulnerability detection. Two case studies are presented to illustrate the applicability of our presented approach. In these case studies, we link the NVD vulnerability databases and the Maven build repository to trace vulnerabilities across repository and project boundaries. In our analysis, we identify that 750 Maven project releases are directly affected by known security vulnerabilities and by considering transitive dependencies, an additional 415604 Maven projects can be identified as potentially affected by these vulnerabilities.

机译：软件行业的全球化已导致跨越传统系统边界的系统组件的广泛使用。由于这种全局重用，漏洞和安全问题的范围也不再局限于单个系统，而是现在可以影响全局软件生态系统。尽管在专用漏洞数据库中报告了已知的漏洞和安全问题，但这些存储库通常仍然是信息孤岛。在这项研究中，我们介绍了一种建模方法，该方法通过将安全性知识与其他软件工件链接在一起来消除这些孤岛，以提高对软件产品的可追溯性和信任度。在我们的方法中，我们引入了安全漏洞分析框架（SV-AF）以支持基于证据的漏洞检测。提出了两个案例研究，以说明我们提出的方法的适用性。在这些案例研究中，我们将NVD漏洞数据库和Maven构建存储库链接在一起，以跨存储库和项目边界跟踪漏洞。在我们的分析中，我们确定了750个Maven项目版本直接受到已知安全漏洞的影响，并且通过考虑传递依赖关系，可以确定另外415604个Maven项目可能受到这些漏洞的影响。

著录项

来源
《IEEE International Symposium on Software Reliability Engineering》|2016年|219-229|共11页
会议地点
作者
Sultan S. Alqahtani; Ellis E. Eghan; Juergen Rilling;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类
关键词
Software; Ontologies; Security; Databases; Resource description framework;

机译：软件;本体;安全性;数据库;资源描述框架;

相似文献

外文文献
中文文献
专利

1. Cybersecurity vulnerability mitigation framework through empirical paradigm: Enhanced prioritized gap analysis [J] . Future generation computer systems . 2020,第Apra期

机译：通过经验范式缓解网络安全漏洞的框架：增强的优先差距分析
2. Performance Analysis of Security Requirements Engineering Framework by Measuring the Vulnerabilities [J] . Prabhakaran Salini, Selvadurai Kanmani The international arab journal of information technology . 2018,第3期

机译：通过测量漏洞对安全需求工程框架进行性能分析
3. A unified framework for risk and vulnerability analysis covering both safety and security [J] . Aven T. Engineering Management Review, IEEE . 2011,第4期

机译：涵盖安全性的统一的风险和脆弱性分析框架
4. SV-AF — A Security Vulnerability Analysis Framework [C] . Sultan S. Alqahtani, Ellis E. Eghan, Juergen Rilling International Symposium on Software Reliability Engineering . 2016

机译：SV-AF - 安全漏洞分析框架
5. Cybersecurity Framework and Algorithms for Prioritized Vulnerability Mitigation (Cyfer): An Adoption to Blockchain Systems [D] . Gourisetti, Sri Nikhil Gupta. 2019

机译：用于优先级漏洞缓解（CYFER）的网络安全框架和算法：通过扩展系统的采用
6. Energy Insecurity: A Framework for Understanding Energy the Built Environment and Health Among Vulnerable Populations in the Context of Climate Change [O] . Diana Hernández 2013

机译：能源不安全：在气候变化背景下了解脆弱人群能源建筑环境和健康的框架
7. Vulnerability Analysis of E-voting Application using Open Web Application Security Project (OWASP) Framework [O] . Imam Riadi, Pradana Ananda 2019

机译：使用Open Web应用程序安全项目（OWASP）框架E-投票应用程序的漏洞分析

SV-AF — A Security Vulnerability Analysis Framework

摘要

著录项

相似文献

相关主题

期刊订阅