A Bayesian Cogntive Approach to Quantifying Software Exploitability Based on Reachability Testing
نویسندگان
چکیده
Computer hackers or their malware surrogates constantly look for software vulnerabilities in the cyberspace to perform various online crimes, such as identity theft, cyber espionage, and denial of service attacks. It is thus crucial to assess accurately the likelihood that a software can be exploited before it is put into practical use. In this work, we propose a cognitive framework that uses Bayesian reasoning as its first principle to quantify software exploitability. Using the Bayes’ rule, our framework combines in an organic manner the evaluator’s prior beliefs with her empirical observations from software tests that check if the security-critical components of a software are reachable from its attack surface. We rigorously analyze this framework as a system of nonlinear equations, and henceforth perform extensive numerical simulations to gain insights into issues such as convergence of parameter estimation and the effects of the evaluator’s cognitive characteristics.
منابع مشابه
A Bayesian Cogntive Approach to Quantifying Software Exploitability Based on Reachability Testing (Extended Version)
Computer hackers or their malware surrogates constantly look for software vulnerabilities in the cyberspace to perform various online crimes, such as identity theft, cyber espionage, and denial of service attacks. It is thus crucial to assess accurately the likelihood that a software can be exploited before it is put into practical use. In this work, we propose a cognitive framework that uses B...
متن کاملA Bayesian Cognitive Approach to Quantifying Software Exploitability Based on Reachability Testing (Extended Version)
Computer hackers or their malware surrogates constantly look for software vulnerabilities in the cyberspace to perform various online crimes, such as identity theft, cyber espionage, and denial of service attacks. It is thus crucial to assess accurately the likelihood that a software can be exploited before it is put into practical use. In this work, we propose a cognitive framework that uses B...
متن کاملReachability checking in complex and concurrent software systems using intelligent search methods
Software system verification is an efficient technique for ensuring the correctness of a software product, especially in safety-critical systems in which a small bug may have disastrous consequences. The goal of software verification is to ensure that the product fulfills the requirements. Studies show that the cost of finding and fixing errors in design time is less than finding and fixing the...
متن کاملPRELIMINARY VERSION SUBMITTED TO IEEE TRANSACTION ON SOFTWARE ENGINEERING 3 sequences
One approach to testing concurrent programs, called reachability testing, generates synchronization sequencesautomatically, and on-the-fly, without constructing any static models. In this paper, we present a general execution model forconcurrent programs that allows reachability testing to be applied to several commonly used synchronization constructs. We alsopresent a new method fo...
متن کاملWhen Can Finite Testing Ensure Infinite Trustworthiness?
In this paper we contribute to the general philosophical question as to whether empirical testing can ever prove a physical law. Problems that lead to this question arise under several contexts, and the matter has been addressed by the likes of Bayes and Laplace. After pointing out that a Bayesian approach is the proper way to address this problem, we show that the answ...
متن کامل