To read this content please select one of the options below:

Identifying security vulnerabilities through input flow tracing and analysis

Simeon Dimitriou Xenitellis (Information Security Group, Royal Holloway University of London, UK)

Information Management & Computer Security

ISSN: 0968-5227

Article publication date: 1 October 2003

764

Abstract

A software system can be considered as a collection of data and procedures that are separated from the environment and interact with it through channels of communication. If we assume that the system does not contain any Trojan horse code, then the only way it can be attacked is during the processing of input through interactions with the environment. While most methodologies attempt to identify security vulnerabilities in the local context, proposes the use of complete input tracing that examines the source code and identifies all possible inputs from malicious sources, traces the input flow from the source until termination of use and compares the flow segments for known security vulnerability constructs. Discusses input flow tracing and its benefits such as the provision of metrics for security assurance, complete vulnerability assessment and the ability to examine combinations of vulnerabilities.

Keywords

Citation

Dimitriou Xenitellis, S. (2003), "Identifying security vulnerabilities through input flow tracing and analysis", Information Management & Computer Security, Vol. 11 No. 4, pp. 195-199. https://doi.org/10.1108/09685220310489562

Publisher

:

MCB UP Ltd

Copyright © 2003, MCB UP Limited

Related articles