Cryptography classes in bugs framework (BF): Encryption bugs (ENC), verification bugs (VRF), and key management bugs (KMN)
| Title | Cryptography classes in bugs framework (BF): Encryption bugs (ENC), verification bugs (VRF), and key management bugs (KMN) |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Bojanova, I., Black, P. E., Yesha, Y. |
| Conference Name | 2017 IEEE 28th Annual Software Technology Conference (STC) |
| ISBN Number | 978-1-5386-1088-6 |
| Keywords | attacks, authentication, BF taxonomy, bug classes, bug taxonomy, bugs framework, clear descriptions, Computer bugs, cryptography, cryptography classes, cryptography related classes, developed BF classes, ENC, Encryption, Encryption bugs, Human Behavior, Key Management, key management bugs, KMN, Metrics, program debugging, program diagnostics, program verification, proximate causes, pubcrawl, related dynamic properties, resilience, Resiliency, rigorous definitions, Scalability, secondary causes, soft-ware weaknesses, Software, software vulnerabilities, software weaknesses, Taxonomy, tertiary causes, unambiguous definitions, verification bugs, VRF |
| Abstract | Accurate, precise, and unambiguous definitions of software weaknesses (bugs) and clear descriptions of software vulnerabilities are vital for building the foundations of cybersecurity. The Bugs Framework (BF) comprises rigorous definitions and (static) attributes of bug classes, along with their related dynamic properties, such as proximate, secondary and tertiary causes, consequences, and sites. This paper presents an overview of previously developed BF classes and the new cryptography related classes: Encryption Bugs (ENC), Verification Bugs (VRF), and Key Management Bugs (KMN). We analyze corresponding vulnerabilities and provide their clear descriptions by applying the BF taxonomy. We also discuss the lessons learned and share our plans for expanding BF. |
| URL | http://ieeexplore.ieee.org/document/8234453/ |
| DOI | 10.1109/STC.2017.8234453 |
| Citation Key | bojanova_cryptography_2017 |
- secondary causes
- program diagnostics
- program verification
- proximate causes
- pubcrawl
- related dynamic properties
- resilience
- Resiliency
- rigorous definitions
- Scalability
- program debugging
- soft-ware weaknesses
- Software
- software vulnerabilities
- software weaknesses
- taxonomy
- tertiary causes
- unambiguous definitions
- verification bugs
- VRF
- cryptography related classes
- authentication
- attacks
- bug classes
- Bug taxonomy
- bugs framework
- clear descriptions
- Computer bugs
- Cryptography
- cryptography classes
- BF taxonomy
- developed BF classes
- ENC
- encryption
- Encryption bugs
- Human behavior
- key management
- key management bugs
- KMN
- Metrics