Lightweight formal models of software weaknesses

Robin Gandhi, Harvey Siy, Yan Wu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations

Abstract

Many vulnerabilities in today's software products are rehashes of past vulnerabilities. Such rehashes could be a result of software complexity that masks inadvertent loopholes in design and implementation, developer ignorance/disregard for security issues, or use of software in contexts not anticipated for the original specification. While weaknesses and exposures in code are vendor, language, or environment specific, to understand them we need better descriptions that identify their precise characteristics in an unambiguous representation. In this paper, we present a methodology to develop precise and accurate descriptions of common software weaknesses through lightweight formal modeling using Alloy. Natural language descriptions of software weaknesses used for formalization are based on the community developed Common Weakness Enumerations (CWE).

Original languageEnglish (US)
Title of host publication2013 1st FME Workshop on Formal Methods in Software Engineering, FormaliSE 2013 - Proceedings
PublisherIEEE Computer Society
Pages50-56
Number of pages7
ISBN (Print)9781467362924
DOIs
StatePublished - 2013
Event2013 1st FME Workshop on Formal Methods in Software Engineering, FormaliSE 2013 - San Francisco, CA, United States
Duration: May 25 2013May 25 2013

Publication series

Name2013 1st FME Workshop on Formal Methods in Software Engineering, FormaliSE 2013 - Proceedings

Conference

Conference2013 1st FME Workshop on Formal Methods in Software Engineering, FormaliSE 2013
Country/TerritoryUnited States
CitySan Francisco, CA
Period5/25/135/25/13

Keywords

  • Alloy modeling
  • CWE
  • Software weakness

ASJC Scopus subject areas

  • Software

Fingerprint

Dive into the research topics of 'Lightweight formal models of software weaknesses'. Together they form a unique fingerprint.

Cite this