We methodically expand protocol narrations into terms of a process algebra in order to specify some of the checks that need to be made in a protocol. We then apply static analysis technology to develop an automatic validation procedure for protocols. Finally, we demonstrate that these techniques suffice to identify several authentication flaws in symmetric and asymmetric key protocols such as N...

In this chapter, we discuss static analysis of the security of a system. First, we discuss the background on what types of static analysis is feasible in principle and then move on to what is practical. We next discuss static analysis of buffer overflow and mobile code followed by access control. Finally, we discuss static analysis of information flow expressed in a language that has been annot...

As companies and organizations have grown to rely on their computer systems and networks, the issue of information security management has become more significant. To maintain their competitiveness, enterprises should safeguard their information and try to eliminate the risk of information being compromised or reduce this risk to an acceptable level. This paper proposes an information security ...

Protecting enterprise networks requires continuous risk assessment that automatically identifies and prioritizes cybersecurity risks, enables efficient allocation of cybersecurity resources, and enhances protection against modern cyberthreats. Lincoln Laboratory developed a foundational network security maturity model to guide development of such risk assessments and has developed practical ris...

With the proliferation of Web 2.0 technologies, functionality in web applications is increasingly moving from server-side to client-side code, primarily JavaScript. The dynamic and eventdriven nature of JavaScript code, which is often machine generated or obfuscated, combined with reliance on complex frameworks and asynchronous communication, makes it difficult to perform effective security aud...

The risk-based assessment is a new approach to the voltage stability assessment in power systems. Under several uncertainties, the security risk of static voltage stability with the consideration of wind power can be evaluated. In this paper, we first build a probabilistic forecast model for wind power generation based on real historical data. Furthermore, we propose a new probability voltage s...

The dream of every software development team is to assess the security of their software using only a tool. In this paper, we attempt to evaluate and quantify the effectiveness of automated source code analysis tools by comparing such tools to the results of an in-depth manual evaluation of the same system. We present our manual vulnerability assessment methodology, and the results of applying ...