The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Software Vulnerability Analysis


Download PDF Document


Ivan Krsul

Tech report number

COAST TR 98-09

Entry type



The consequences of a class of system failures, commonly known as software vulnerabilities, violate security policies. They can cause the loss of information and reduce the value or usefulness of the system. An increased understanding of the nature of vulnerabilities, their manifestations, and the mechanisms that can be used to eliminate and prevent them can be achieved by the development of a unified definition of software vulnerabilities, the development of a framework for the creation of taxonomies for vulnerabilites, and the application of learning, visualization, and statistical tools on a representative collection of software vulnerabilities. This dissertation provides a unifying definition of software vulnerability based on the notion that it is securty policies that define what is allowable or desirable in a system. It also includes a framework for the development of classifications and taxonomies for software vulnerabilities. This dissertation presents a classification of software vulnerabilities that focuses n the assumptions that programmers make regarding the environment in which their application will be executed and that frequently do not hold during the execution of the program. This dissertation concludes by showing that the unifying definition of software vulnerability, the framweork for the development of classifications, and the application of learning and visulization tools can be used to improve security.






PhD Thesis

Key alpha



COAST TR 98-09


Department of Computer Sciences, Purdue University

Publication Date



1. Introduction 2. Notation and Teminology 3. Related Work 4. Development of New Taxonomic Characters 5. Experimental Analysis of Software Vulnerabilities 6. A Priori Classifications of Software Vulnerabilities 7. Summary, Conclusions, and Future Directions


A hard-copy of this is in the CERIAS Library

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.