The Bugs Framework (BF): A Structured Approach to Express Bugs

To achieve higher levels of assurance for digital systems, we need to answer questions such as does this software have bugs of these critical classes? Do two software assurance tools find the same set of bugs or different, complimentary sets? Can we guarantee that a new technique discovers all probl...

Full description

Saved in:
Bibliographic Details
Published in2016 IEEE International Conference on Software Quality, Reliability and Security (QRS) pp. 175 - 182
Main Authors Bojanova, Irena, Black, Paul E., Yesha, Yaacov, Yan Wu
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.08.2016
Subjects
and compounds
attacks
Buffer overflows
bug taxonomy
Computer bugs
elements
Materials
NIST
Security
Software
software weaknesses
Taxonomy
Online AccessGet full text

Cover

More Information
Summary:To achieve higher levels of assurance for digital systems, we need to answer questions such as does this software have bugs of these critical classes? Do two software assurance tools find the same set of bugs or different, complimentary sets? Can we guarantee that a new technique discovers all problems of this type? To answer such questions, we need a vastly improved way to describe classes of vulnerabilities and chains of failures. We present the Bugs Framework (BF), which raises the current realm of best efforts and useful heuristics. Our BF includes rigorous definitions and (static) attributes of bug classes, along with their related dynamic properties, such as proximate, secondary and tertiary causes, consequences and sites. The paper discusses the buffer overflow class, the injection class and the control of interaction frequency class, and provides examples of applying our BF taxonomy to describe particular vulnerabilities.
DOI:10.1109/QRS.2016.29