A software system can be considered as a collection of data and procedures that are separated from the environment and interact with it through channels of communication. If we assume that the system does not contain any Trojan horse code, then the only way it can be attacked is during the processing of input through interactions with the environment. While most methodologies attempt to identify security vulnerabilities in the local context, proposes the use of complete input tracing that examines the source code and identifies all possible inputs from malicious sources, traces the input flow from the source until termination of use and compares the flow segments for known security vulnerability constructs. Discusses input flow tracing and its benefits such as the provision of metrics for security assurance, complete vulnerability assessment and the ability to examine combinations of vulnerabilities.
Article navigation
1 October 2003
This article was originally published in
Information Management & Computer Security
Technical Paper|
October 01 2003
Identifying security vulnerabilities through input flow tracing and analysis
Simeon Dimitriou Xenitellis
Simeon Dimitriou Xenitellis
Information Security Group, Royal Holloway University of London, UK
Search for other works by this author on:
Publisher: Emerald Publishing
Online ISSN: 1758-5805
Print ISSN: 0968-5227
© MCB UP Limited
2003
Information Management & Computer Security (2003) 11 (4): 195–199.
Citation
Dimitriou Xenitellis S (2003), "Identifying security vulnerabilities through input flow tracing and analysis". Information Management & Computer Security, Vol. 11 No. 4 pp. 195–199, doi: https://doi.org/10.1108/09685220310489562
Download citation file:
Sign in
Don't already have an account? Register
ICE Member Sign In
Log inPurchased this content as a guest? Enter your email address to restore access.
Please enter valid email address.
Email address must be 94 characters or fewer.
Pay-Per-View Access
$41.00
Rental
This article is also available for rental through DeepDyve.
184
Views
Suggested Reading
Intrusion detection: the art and the practice. Part I
Information Management & Computer Security (October,2003)
Using biological models to improve innovation systems: The case of computer anti‐viral software
European Journal of Innovation Management (May,2007)
Approved fire and security products and services
Facilities (May,1999)
A PRoactive malware identification system based on the computer hygiene principles
Information Management & Computer Security (August,2007)
Measuring Productivity: A Comment
International Journal of Operations & Production Management (September,1994)
Related Chapters
Technology and the Conduct of Bibliometric Literature Reviews in Management: The Software Tools, Benefits, and Challenges
Advancing Methodologies of Conducting Literature Review in Management Domain
Recommended for you
These recommendations are informed by your reading behaviors and indicated interests.
