article

Free access

Software security is software reliability

Author:

Felix "FX" LindnerAuthors Info & Claims

Communications of the ACM, Volume 49, Issue 6

Pages 57 - 61

https://doi.org/10.1145/1132469.1132502

Published: 01 June 2006 Publication History

All formats PDF

Abstract

Enlist hacker expertise, but stay with academic fault naming conventions, when defending against the risk of exploitation of vulnerabilities and intrusions.

References

[1]

Barrantes, E., Ackley, D., Forrest, S., Palmer, T., Stefanopvic, D., and Zovi, D. Randomized instruction set emulation to disrupt binary code injection attacks. In Proceedings of the 10th ACM Conference on Computer and Communications Security (2003); www.cs.unm.edu/~gbarrant/RISE.html.

Digital Library

Google Scholar

[2]

Cespedes, J. ltrace. Online documentation; packages.debian.org/unstable/utils/ltrace.html.

Google Scholar

[3]

Etoh, H. GCC Extension for Protecting Applications from Stack-smashing Attacks. Technical report and source code, first published May 8, 2001; www.trl.ibm.com/projects/security/ssp/.

Google Scholar

[4]

Flake, H. Structural comparison of executable objects. In Proceedings of the Conference on Detection of Intrusions and Malware & Vulnerability Assessment (Dortmund, Germany, July 6--7, 2004), 161--173.

Google Scholar

[5]

Kuperman, B., Brodley, C., Ozdoganoglu, H., Vijaykumar, T., and Jalote, A. Detection and prevention of stack buffer overflow attacks. Commun. ACM 11, 48 (Nov. 2005), 50--56.

Digital Library

Google Scholar

[6]

Microsoft. Visual C Compiler Stack Protection. Microsoft Visual Studio 2005 documentation; msdn.microsoft.com/library/en-us/vccore/html/vclrfGSBufferSecurity.asp.

Google Scholar

[7]

National Institute of Standards and Technology. National Vulnerability Database, Gaithersburg, MD; nvd.nist.gov/.

Google Scholar

[8]

Reidel, D. Expository practice: Social, cognitive and epistemological linkages. In Expository Science, T. Shinn and R. Witley, Eds., 1985, 31--60.

Google Scholar

[9]

Trenn, T. and Merton, R., Eds. The Genesis and Development of a Scientific Fact. University of Chicago Press, Chicago, 1979.

Google Scholar

Cited By

View all

Lescisin MMahmoud QCioraca A(2019)Design and Implementation of SFCI: A Tool for Security Focused Continuous IntegrationComputers10.3390/computers80400808:4(80)Online publication date: 1-Nov-2019
https://doi.org/10.3390/computers8040080
Puzis RShirtz DElovici Y(2016)A particle swarm model for estimating reliability and scheduling system maintenanceEnterprise Information Systems10.1080/17517575.2014.92895410:4(349-377)Online publication date: 1-May-2016
https://dl.acm.org/doi/10.1080/17517575.2014.928954
Demchak C(2012)Resilience and Cyberspace: Recognizing the Challenges of a Global Socio-Cyber Infrastructure (GSCI)Journal of Comparative Policy Analysis: Research and Practice10.1080/13876988.2012.68761914:3(254-269)Online publication date: Jun-2012
https://doi.org/10.1080/13876988.2012.687619
Show More Cited By

Index Terms

Software security is software reliability

Recommendations

Low-level software security: exploiting memory safety vulnerabilities and assumptions
Software security: vulnerabilities and countermeasures for two attacker models
DATE '16: Proceedings of the 2016 Conference on Design, Automation & Test in Europe

History has shown that attacks against network-connected software based systems are common and dangerous. An important fraction of these attacks exploit implementation details of the software based system. These attacks -- sometimes called low-level ...
A Practical Framework for Dynamically Immunizing Software Security Vulnerabilities
ARES '06: Proceedings of the First International Conference on Availability, Reliability and Security

Many security attacks are caused by software vulnerabilities such as buffer overflow. How to eliminate or mitigate these vulnerabilities, in particular with unstoppable software, is a great challenge for security researchers and practitioners. In this ...

Comments

Information & Contributors

Information

Published In

Communications of the ACM Volume 49, Issue 6

Hacking and innovation

June 2006

108 pages

ISSN:0001-0782

EISSN:1557-7317

DOI:10.1145/1132469

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 June 2006

Published in CACM Volume 49, Issue 6

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
2,702
Total Downloads

Downloads (Last 12 months)229
Downloads (Last 6 weeks)26

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Lescisin MMahmoud QCioraca A(2019)Design and Implementation of SFCI: A Tool for Security Focused Continuous IntegrationComputers10.3390/computers80400808:4(80)Online publication date: 1-Nov-2019
https://doi.org/10.3390/computers8040080
Puzis RShirtz DElovici Y(2016)A particle swarm model for estimating reliability and scheduling system maintenanceEnterprise Information Systems10.1080/17517575.2014.92895410:4(349-377)Online publication date: 1-May-2016
https://dl.acm.org/doi/10.1080/17517575.2014.928954
Demchak C(2012)Resilience and Cyberspace: Recognizing the Challenges of a Global Socio-Cyber Infrastructure (GSCI)Journal of Comparative Policy Analysis: Research and Practice10.1080/13876988.2012.68761914:3(254-269)Online publication date: Jun-2012
https://doi.org/10.1080/13876988.2012.687619
YAMAUCHI KSHIOMI MTAKAGI KKOBAYASHI SSEKOGUCHI E(2011)A CASE OF CARCINOMA LOCATED AT THE THIRD PORTION OF THE DUODENUMNihon Rinsho Geka Gakkai Zasshi (Journal of Japan Surgical Association)10.3919/jjsa.72.202572:8(2025-2030)Online publication date: 2011
https://doi.org/10.3919/jjsa.72.2025
Matsuzu KIke HYukawa NWada NRino YMasuda M(2010)Nihon Gekakei Rengo Gakkaishi (Journal of Japanese College of Surgeons)10.4030/jjcs.35.3935:1(39-44)Online publication date: 2010
https://doi.org/10.4030/jjcs.35.39
Al-Fedaghi S(2010)System-based Approach to Software VulnerabilityProceedings of the 2010 IEEE Second International Conference on Social Computing10.1109/SocialCom.2010.159(1072-1079)Online publication date: 20-Aug-2010
https://dl.acm.org/doi/10.1109/SocialCom.2010.159
Frei SSchatzmann DPlattner BTrammell B(2010)Modeling the Security Ecosystem - The Dynamics of (In)SecurityEconomics of Information Security and Privacy10.1007/978-1-4419-6967-5_6(79-106)Online publication date: 21-Jul-2010
https://doi.org/10.1007/978-1-4419-6967-5_6
Shahriar HZulkernine M(2009)Automatic Testing of Program Security VulnerabilitiesProceedings of the 2009 33rd Annual IEEE International Computer Software and Applications Conference - Volume 0210.1109/COMPSAC.2009.191(550-555)Online publication date: 20-Jul-2009
https://dl.acm.org/doi/10.1109/COMPSAC.2009.191
Hanmer RMcBride DMendiratta V(2007)Comparing reliability and security: Concepts, requirements, and techniquesBell Labs Technical Journal10.1002/bltj.2025012:3(65-78)Online publication date: 6-Nov-2007
https://doi.org/10.1002/bltj.20250
Holliday MKreahling W(2006)Information security and computer systemsProceedings of the 3rd annual conference on Information security curriculum development10.1145/1231047.1231059(58-63)Online publication date: 22-Sep-2006
https://dl.acm.org/doi/10.1145/1231047.1231059

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Magazine Site

View this article on the magazine site (external)

Magazine Site

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

References

Cited By

Index Terms

Recommendations

Low-level software security: exploiting memory safety vulnerabilities and assumptions

Software security: vulnerabilities and countermeasures for two attacker models

A Practical Framework for Dynamically Immunizing Software Security Vulnerabilities

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

Magazine Site

Login options

Full Access

Share

Share this Publication link

Share on social media

Affiliations