@inproceedings{730efe86097c4162ae174a0b9f2c0724,
title = "Lightweight formal models of software weaknesses",
abstract = "Many vulnerabilities in today's software products are rehashes of past vulnerabilities. Such rehashes could be a result of software complexity that masks inadvertent loopholes in design and implementation, developer ignorance/disregard for security issues, or use of software in contexts not anticipated for the original specification. While weaknesses and exposures in code are vendor, language, or environment specific, to understand them we need better descriptions that identify their precise characteristics in an unambiguous representation. In this paper, we present a methodology to develop precise and accurate descriptions of common software weaknesses through lightweight formal modeling using Alloy. Natural language descriptions of software weaknesses used for formalization are based on the community developed Common Weakness Enumerations (CWE).",
keywords = "Alloy modeling, CWE, Software weakness",
author = "Robin Gandhi and Harvey Siy and Yan Wu",
year = "2013",
doi = "10.1109/FormaliSE.2013.6612277",
language = "English (US)",
isbn = "9781467362924",
series = "2013 1st FME Workshop on Formal Methods in Software Engineering, FormaliSE 2013 - Proceedings",
publisher = "IEEE Computer Society",
pages = "50--56",
booktitle = "2013 1st FME Workshop on Formal Methods in Software Engineering, FormaliSE 2013 - Proceedings",
note = "2013 1st FME Workshop on Formal Methods in Software Engineering, FormaliSE 2013 ; Conference date: 25-05-2013 Through 25-05-2013",
}