Published: Jul 1, 2017
Converted to Gold OA:
DOI: 10.4018/IJSSE.20170701.pre
Volume 8
Martin Gilje Jaatun
Content Forthcoming
Add to Your Personal Library: Article Published: Jul 1, 2017
Converted to Gold OA:
DOI: 10.4018/IJSSE.2017070101
Volume 8
Sofia Rei, Rui Abreu
From holding worldwide companies' information hostage to keeping several distributed systems down for hours, the last years were marked by several security attacks which are the result of complex...
Show More
From holding worldwide companies' information hostage to keeping several distributed systems down for hours, the last years were marked by several security attacks which are the result of complex software and its fast production. There are already tools which can be used to help companies detect vulnerabilities responsible for such attacks. However, their reliability is still not the best and well discriminated. In software testing, researchers tend to use hand-seeded test cases or mutations due to the challenges involved in the extraction or reproduction of real test cases which might not be suitable for testing techniques, since both approaches can create samples that inadvertently differ from the real vulnerabilities and thus might lead to misleading assessments of the tools' capabilities. The lack of databases of real security vulnerabilities is an issue since it hampers the tools' evaluation and categorization. To study these tools, the researchers created a database of 682 real test cases which is the outcome of mining 248 repositories for 16 different vulnerability patterns.
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Rei, Sofia, and Rui Abreu. "A Database of Existing Vulnerabilities to Enable Controlled Testing Studies." IJSSE vol.8, no.3 2017: pp.1-23. http://doi.org/10.4018/IJSSE.2017070101
APA
Rei, S. & Abreu, R. (2017). A Database of Existing Vulnerabilities to Enable Controlled Testing Studies. International Journal of Secure Software Engineering (IJSSE), 8(3), 1-23. http://doi.org/10.4018/IJSSE.2017070101
Chicago
Rei, Sofia, and Rui Abreu. "A Database of Existing Vulnerabilities to Enable Controlled Testing Studies," International Journal of Secure Software Engineering (IJSSE) 8, no.3: 1-23. http://doi.org/10.4018/IJSSE.2017070101
Export Reference
Published: Jul 1, 2017
Converted to Gold OA:
DOI: 10.4018/IJSSE.2017070102
Volume 8
Chandan Kumar Behera, D. Lalitha Bhaskari
This article describes how code obfuscation techniques aim to conceal the functionality of a program by mystifying the code so that it is unreadable or in an incomprehensible format. Since the...
Show More
This article describes how code obfuscation techniques aim to conceal the functionality of a program by mystifying the code so that it is unreadable or in an incomprehensible format. Since the objective of this article is to make a program obfuscated, the source code shall appear like normal native code and should be perfectly readable. As nobody can guess that the code is an obfuscated one, obviously it will be very tough to analyze. Nowadays, a lot of programs protect themselves from being analyzed by hiding their behaviors or compressing their semantics by using obfuscation techniques. On the contrary, self-modifying code (SMC) can challenge one's intellect to discover the real intrinsic meaning of the source code as it is difficult and strenuous to analyze, since the code gets modified dynamically during runtime. Hence, this article brings into play the underlying concepts of self-modifying codes for obfuscating the programs to construct a much better code protection model. Some techniques like indirect memory addressing, register renaming, direction-changing of instructions, segment ignoring, modification of registry content and many more are expounded in this article by using Assembly-level language, which is binary obfuscation.
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Behera, Chandan Kumar, and D. Lalitha Bhaskari. "Self-Modifying Code: A Provable Technique for Enhancing Program Obfuscation." IJSSE vol.8, no.3 2017: pp.24-41. http://doi.org/10.4018/IJSSE.2017070102
APA
Behera, C. K. & Bhaskari, D. L. (2017). Self-Modifying Code: A Provable Technique for Enhancing Program Obfuscation. International Journal of Secure Software Engineering (IJSSE), 8(3), 24-41. http://doi.org/10.4018/IJSSE.2017070102
Chicago
Behera, Chandan Kumar, and D. Lalitha Bhaskari. "Self-Modifying Code: A Provable Technique for Enhancing Program Obfuscation," International Journal of Secure Software Engineering (IJSSE) 8, no.3: 24-41. http://doi.org/10.4018/IJSSE.2017070102
Export Reference
Published: Jul 1, 2017
Converted to Gold OA:
DOI: 10.4018/IJSSE.2017070103
Volume 8
Yijun Yu, Haruhiko Kaiya, Nobukazu Yoshioka, Zhenjiang Hu, Hironori Washizaki, Yingfei Xiong, Amin Hosseinian-Far
This article describes how earlier detection of security problems and the implementation of solutions would be a cost-effective approach for developing secure software systems. Developing, gathering...
Show More
This article describes how earlier detection of security problems and the implementation of solutions would be a cost-effective approach for developing secure software systems. Developing, gathering and sharing similar repeatable programming knowledge and solutions has led to the introduction of Patterns in the 90's. The same concept has been adopted to realise reoccurring security knowledge and hence security patterns. Detecting a security problem using the patterns in requirements models may lead to its early prevention. In this article, the authors have provided an overview of security patterns in the past two decades, followed by a summary of i*/Tropos goal modelling framework. Section 2 outlines model-driven development, meta-models and model transformation, within the context of requirements engineering. They have summarised security access control types, and formally described role-based access control (RBAC) in particular as a pattern that may occur in the stakeholder requirements models. Then the authors used the i* modelling language and some elements from its constructs - model-driven queries and transformations - to describe the pattern enforcement. This is applied to a number of requirements models within the literature, and the pattern-based transformation tool they designed has automated the detection and resolution of this security pattern in several goal-oriented stakeholder requirements. Finally, the article also reflects on a variety of existing applications and future work.
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Yu, Yijun, et al. "Goal Modelling for Security Problem Matching and Pattern Enforcement." IJSSE vol.8, no.3 2017: pp.42-57. http://doi.org/10.4018/IJSSE.2017070103
APA
Yu, Y., Kaiya, H., Yoshioka, N., Hu, Z., Washizaki, H., Xiong, Y., & Hosseinian-Far, A. (2017). Goal Modelling for Security Problem Matching and Pattern Enforcement. International Journal of Secure Software Engineering (IJSSE), 8(3), 42-57. http://doi.org/10.4018/IJSSE.2017070103
Chicago
Yu, Yijun, et al. "Goal Modelling for Security Problem Matching and Pattern Enforcement," International Journal of Secure Software Engineering (IJSSE) 8, no.3: 42-57. http://doi.org/10.4018/IJSSE.2017070103
Export Reference
IGI Global Open Access Collection provides all of IGI Global’s open access content in one convenient location and user-friendly interface
that can easily searched or integrated into library discovery systems.
Browse IGI Global Open
Access Collection
Author Services Inquiries
For inquiries involving pre-submission concerns, please contact the Journal Development Division:
journaleditor@igi-global.comOpen Access Inquiries
For inquiries involving publishing costs, APCs, etc., please contact the Open Access Division:
openaccessadmin@igi-global.comProduction-Related Inquiries
For inquiries involving accepted manuscripts currently in production or post-production, please contact the Journal Production Division:
journalproofing@igi-global.comRights and Permissions Inquiries
For inquiries involving permissions, rights, and reuse, please contact the Intellectual Property & Contracts Division:
contracts@igi-global.comPublication-Related Inquiries
For inquiries involving journal publishing, please contact the Acquisitions Division:
acquisition@igi-global.comDiscoverability Inquiries
For inquiries involving sharing, promoting, and indexing of manuscripts, please contact the Citation Metrics & Indexing Division:
indexing@igi-global.com Editorial Office
701 E. Chocolate Ave.
Hershey, PA 17033, USA
717-533-8845 x100