Security: Where Testing Fails
نویسنده
چکیده
Computer security addresses the problem of enforcement of security policies in the presence of malicious users and software. Systems enforcing mandatory policies can create confinement domains that limit the damage incurred by malicious software executing in applications. To achieve assurance that the confinement domains cannot be breached, the underlying enforcement mechanism must be constructed to ensure that it is resistant to penetration by malicious software and is free of malicious artifacts. The limitations and contributions of testing in achieving these goals are discussed.
منابع مشابه
Security testing of session initiation protocol implementations
The mechanisms which enable the vast majority of computer attacks are based on design and programming errors in networked applications. The growing use of voice over IP (VOIP) phone technology makes these phone applications potential targets. We present a tool to perform security testing of VOIP applications to identify security vulnerabilities which can be exploited by an attacker. Session Ini...
متن کاملQuantitatively Differentiating System Security
Security is not considered a priority by developers of shrink-wrap systems because without a means to accurately and understandably measure it, security fails to provide a competitive advantage. I assert that the cost to break into a system is an effective metric, that this metric can be measured from the start of testing until product retirement, and that using this metric to differentiate pro...
متن کاملCryptanalysis of the Quadratic Zero-Testing of GGH
In this short note, we analyze the security of the quadratic zero-testing procedure for the GGH13 graded encoding scheme, which was recently proposed by Gentry, Halevi and Lepoint. We show that this modification fails to immunize the GGH13 construction against zeroizing attacks, and that the modified scheme is susceptible to the same attacks as the original one.
متن کاملMethods and Techniques of Security Testing: A Survey
Security Testing helps in protecting the software against unanticipated actions. The target of security testing is to provide assurance regarding that the software is safe and secure. Security testing is very helpful in identifying loop holes and security risk in the software. Our Objective is to provide comprehensive survey of security Testing methods and Techniques where security Testing Tech...
متن کاملProcess algebraic modeling of authentication protocols for analysis of parallel multi-session executions
Many security protocols have the aim of authenticating one agent acting as initiator to another agent acting as responder and vice versa. Sometimes, the authentication fails because of executing several parallel sessions of a protocol, and because an agent may play both the initiator and responder role in parallel sessions. We take advantage of the notion of transition systems to specify authen...
متن کامل