Vulnerability coverage for adequacy security testing

Shuvalaxmi Dass, Akbar Siami Namin

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Scopus citations

Abstract

Mainstream software applications and tools are the configurable platforms with an enormous number of parameters along with their values. Certain settings and possible interactions between these parameters may harden (or soften) the security and robustness of these applications against some known vulnerabilities. However, the large number of vulnerabilities reported and associated with these tools make the exhaustive testing of these tools infeasible against these vulnerabilities infeasible. As an instance of general software testing problem, the research question to address is whether the system under test is robust and secure against these vulnerabilities. This paper introduces the idea of "vulnerability coverage," a concept to adequately test a given application for a certain classes of vulnerabilities, as reported by the National Vulnerability Database (NVD). The deriving idea is to utilize the Common Vulnerability Scoring System (CVSS) as a means to measure the fitness of test inputs generated by evolutionary algorithms and then through pattern matching identify vulnerabilities that match the generated vulnerability vectors and then test the system under test for those identified vulnerabilities. We report the performance of two evolutionary algorithms (i.e., Genetic Algorithms and Particle Swarm Optimization) in generating the vulnerability pattern vectors.

Original languageEnglish
Title of host publication35th Annual ACM Symposium on Applied Computing, SAC 2020
PublisherAssociation for Computing Machinery
Pages540-543
Number of pages4
ISBN (Electronic)9781450368667
DOIs
StatePublished - Mar 30 2020
Event35th Annual ACM Symposium on Applied Computing, SAC 2020 - Brno, Czech Republic
Duration: Mar 30 2020Apr 3 2020

Publication series

NameProceedings of the ACM Symposium on Applied Computing

Conference

Conference35th Annual ACM Symposium on Applied Computing, SAC 2020
CountryCzech Republic
CityBrno
Period03/30/2004/3/20

Keywords

  • Genetic algorithms (GA)
  • Particle swarm optimization (PSO)
  • Software vulnerability testing
  • Vulnerability coverage

Fingerprint Dive into the research topics of 'Vulnerability coverage for adequacy security testing'. Together they form a unique fingerprint.

Cite this