scholarly journals Software Risk Assessment for Windows Operating Systems with respect to CVSS

2019 ◽  
Vol 4 (11) ◽  
pp. 41-45
Author(s):  
HyunChul Joh
Keyword(s):  
Operating Systems ◽  
Scientific Investigation ◽  
Risk Assessments ◽  
Software Systems ◽  
Web Browsers ◽  
Software Vulnerabilities ◽  
Vulnerability Discovery ◽  
Quantitative Examination ◽  
Software Risk ◽  
The Given

CVSS is recognized as a de facto standard for categorizing and measuring software vulnerabilities in both how easy for exploitation for the given security bug and how much impact on a system having the vulnerability in a sense of the three security factors. Meanwhile, since the early 2000s, quantitative risk assessments of software systems had been able to be examined thanks to the accumulated enough datasets for a scientific investigation. However, there are still a lot of research attempts not to be taken in a quantitative examination of software risk assessments. In this paper, we are quantitatively analyzing CVSS scores in vulnerabilities from the three most recent Windows products, namely, Windows 7, Windows 8.1 and Windows 10. The result shows that AML vulnerability discovery model represents Windows vulnerability discovery trend reasonably. Furthermore, we found explicitly that, most of the time, security bugs are compromised with no authentication required systems. This result is corresponding with the output from the previous research based on Web browsers.

scholarly journals Modeling and Characterizing Software Vulnerabilities

2017 ◽  
Vol 2 (4) ◽  
pp. 288-299 ◽  
Author(s):  
Navneet Bhatt ◽  
Adarsh Anand ◽  
V. S. S. Yadavalli ◽  
Vijay Kumar
Keyword(s):  
Operating Systems ◽  
Software Security ◽  
Software Developers ◽  
Security Assurance ◽  
Quantitative Classification ◽  
Software Vulnerabilities ◽  
Systems Software ◽  
Vulnerability Discovery ◽  
Empirical Illustration

With the association of software security assurance in the development of code based systems; software developers are relying on the Vulnerability discovery models to mitigate the breaches by estimating the total number of vulnerabilities, before they’re exploited by the intruders. Vulnerability Discovery Models (VDMs) provide the quantitative classification of the flaws that exists in a software that will be discovered after a software is released. In this paper, we develop a vulnerability discovery model that accumulate the vulnerabilities due to the influence of previously discovered vulnerabilities. We further evaluate the proportion of previously discovered vulnerabilities along with the fraction additional vulnerabilities detected. The quantification methodology presented in this article has been accompanied with an empirical illustration on popular operating systems’ vulnerability data.

scholarly journals An updated analysis of seasonal variations of the security vulnerability discovery process

2020 ◽  
Vol 12 (2) ◽  
pp. 122-133
Author(s):  
Ariane Santos Borges ◽  
Paulo H. R. Gabriel ◽  
Rodrigo Sanches Miani
Keyword(s):  
Operating Systems ◽  
Seasonal Variations ◽  
Replication Study ◽  
Software Systems ◽  
Discovery Process ◽  
Security Vulnerability ◽  
Vulnerability Discovery ◽  
Discovery Rates

Several factors may influence the security vulnerability discovery rates. The projection of these rates might help the development and the prioritization of software patches. Previous work studied the seasonal behaviors of the vulnerability discovery process for several operating systems and web related software systems. We propose a replication study of an experiment conducted more than a decade ago to understand the changes in the dynamics of the security vulnerability discovery rates. In contrast to the findings from ten years ago, the investigated systems do not exhibit a year-end peak. Besides, the higher incidence during mid-year months for Microsoft operating systems was only noticed for the most recent Windows OSes: Windows 8.1 and Windows 10. These results highlight the importance of reproducibility in scientific works. In the area of cybersecurity, in particular, it is important that models are created from studies conducted using updated data.

Mining Software Specifications

2009 ◽  
pp. 495-503
Author(s):  
David Lo ◽  
Siau-Cheng Khoo
Keyword(s):  
Operating Systems ◽  
Program Verification ◽  
Program Comprehension ◽  
Software Systems ◽  
Software Projects ◽  
Software Cost ◽  
Vending Machines ◽  
Software Specifications ◽  
Short Time ◽  
Market Requirement

Software is a ubiquitous component in our daily life. It ranges from large software systems like operating systems to small embedded systems like vending machines, both of which we frequently interact with. Reducing software related costs and ensuring correctness and dependability of software are certainly worthwhile goals to pursue. Due to the short-time-to-market requirement imposed on many software projects, documented software specifications are often lacking, incomplete and outdated (Deelstra, Sinnema & Bosch 2004). Lack of documented software specifications contributes to difficulties in understanding existing systems. The latter is termed program comprehension and is estimated to contribute up to 45% of total software cost which goes to billions of dollars (Erlikh 2000, Standish 1984; Canfora & Cimitile 2002; BEA 2007). Lack of specifications also hampers automated effort of program verification and testing (Ammons, Bodik & Larus 2002).

Development of Risk-Based Maintenance Software for Gas Turbines

2007 ◽  
Author(s):  
Tomoharu Fujii ◽  
Terutaka Fujioka ◽  
Chris Ablitt ◽  
Julian Speck ◽  
Brian Cane
Keyword(s):  
Gas Turbine ◽  
Gas Turbines ◽  
Damage Mechanism ◽  
Risk Assessments ◽  
Inspection Planning ◽  
Risk Matrix ◽  
Hot Gas ◽  
Path Component ◽  
Software Risk ◽  
Maintenance And Inspection

Risk-based maintenance software has been developed to perform risk-based maintenance and inspection planning on gas turbine hot gas path components. The software allows the user to easily prepare a risk matrix, plotting every active damage mechanism for each hot gas path component. Based on the result of the risk assessments the components can be ranked, allowing inspection plans to be focused and prioritized and aiding the user to identify the most appropriate and effective risk mitigating activity within the software. Risk assessments are performed on a component-by-component basis, with the software’s scope including all combustor and turbine hot gas path components. The software also contains comprehensive help documents to aid the user in identifying and assessing peculiar damage mechanisms and prescribing the most effective inspection methods for gas turbines.

SOFTWARE RISK ANALYSIS

2009 ◽  
Vol 16 (02) ◽  
pp. 117-136 ◽  
Author(s):  
NORMAN SCHNEIDEWIND
Keyword(s):  
Risk Model ◽  
Space Shuttle ◽  
Test Time ◽  
Software Systems ◽  
Safe Operation ◽  
New Model ◽  
Maximum Improvement ◽  
The Subject ◽  
Software Risk ◽  
Time Required

There has been a lack of attention to the subject of risk management in the design and operation of software. This is strange because the risk to reliability is a critical problem in attempts to achieve a safe operation of the software. To address this problem, we evaluate existing models and introduce a new model for software risk prediction. The new model — cumulative failures gradient function — is based on the principles of neural networks. This metric identifiers the minimum test time required to achieve maximum improvement in software quality. We used three NASA Space Shuttle software systems in the evaluation of both existing and new models. The results showed that it was not possible to consistently rank these systems because the validity of the risk predictions varied depending on the risk model that was used. Therefore, the results suggest that it is advisable to use a variety of models to comprehensively evaluate the software risk.

scholarly journals Study on Application of Real-time Control Method for Controlling Position of Robots in the Given Time

2020 ◽  
Vol 3 (3) ◽  
pp. 461-471
Author(s):  
Tri Cong Phung
Keyword(s):  
Operating System ◽  
Real Time ◽  
Operating Systems ◽  
Control Method ◽  
Real Time Control ◽  
Real Time Operating System ◽  
The Real ◽  
Time Control ◽  
Robot Trajectory ◽  
The Given

Controlling accurately the position and velocity of robots in a given time is an important requirement in the industry. The open-source real-time operating systems not only have more advantages than the normal operating systems in both economy and flexibility but also meet the needs. This paper concentrates on building algorithms for controlling the robot trajectory in time using a modern real-time operating system called Linux-Xenomai. Firstly, the paper analyzes several advantages of the real-time operating system Linux-Xenomai comparing general operating systems and other real-time operating systems. Secondly, a real-time controller of a 5 degree-of-freedom (DOF) robot is built based on the real-time operating system Linux-Xenomai. After that, the paper proposes algorithms to test the ability of working in time of the robot. Finally, the real experiments are done to verify the proposed algorithms.

scholarly journals Formal Analysis of Security Models for Mobile Devices, Virtualization Platforms, and Domain Name Systems

2015 ◽  
Author(s):  
Gustavo Betarte ◽  
Carlos Luna
Keyword(s):  
Mobile Devices ◽  
Operating Systems ◽  
Formal Analysis ◽  
Software Systems ◽  
Security Model ◽  
Domain Name ◽  
Higher Order Logic ◽  
Guest Operating System ◽  
Calculus Of Inductive Constructions ◽  
Integrity Assurance

In this work we investigate the security of security-critical applications, i.e. applications in which a failure may produce consequences that are unacceptable. We consider three areas: mobile devices, virtualization platforms, and domain name systems.The Java Micro Edition platform defines the Mobile Information Device Profile (MIDP) to facilitate the development of applications for mobile devices, like cell phones and PDAs. We first study and compare formally several variants of the security model specified by MIDP to access sensitive resources of a mobile device.Hypervisors allow multiple guest operating systems to run on shared hardware, and offer a compelling means of improving the security and the flexibility of software systems. In this work we present a formalization of an idealized model of a hypervisor. We establish (formally) that the hypervisor ensures strong isolation properties between the different operating systems, and guarantees that requests from guest operating systems are eventually attended. We show also that virtualized platforms are transparent, i.e. a guest operating system cannot distinguish whether it executes alone or together with other guest operating systems on the platform.The Domain Name System Security Extensions (DNSSEC) is a suite of specifications that provides origin authentication and integrity assurance services for DNS data. We finally introduce a minimalistic specification of a DNSSEC model which provides the grounds needed to formally state and verify security properties concerning the chain of trust of the DNSSEC tree.We develop all our formalizations in the Calculus of Inductive Constructions —formal language that combines a higher-order logic and a richly-typed functional programming language— using the Coq proof assistant.

Sign in / Sign up

Export Citation Format

Share Document