Fault elimination part of software security engineering hinges on pro-active detection of potential vulnerabilities during software development stages. This project is currently working on a) an attack operational profile definition based on known software vulnerability classifications, and b) assessment of software testing strategies based on two assumptions a) funding and time constraint are a practical limit on the quality of security engineering (how to assess and leverage that), and b) how to automatically generate test cases that would be as efficient as human non-operational testing of software.
TEAM
PIs: Mladen Vouk, Laurie Williams, Jeffrey Carver Student: Patrick Morrison
An Investigation of Scientific Principles Involved in Software Security Engineering