Herbert H. Thompson

Software security vulnerability testing in hostile environments

Traditional Black box software testing can be effective at exposing some classes of software failures. Security class failures, however, do not tend to manifest readily using these techniques. The problem is that many security failures occur in stressed environments, which appear in the field, but are often neglected during testing because of the difficulty to simulate these conditions. Software can only be considered secure if it behaves securely under all operating environments. Hostile environment testing must thus be a part of any overall testing strategy. This paper describes this necessity and a black box approach for creating such environments in order to expose security vulnerabilities.

Intrusion detection: Perspectives on the insider threat

Abstract A recent FBI survey reported that the average cost of a successful attack by a malicious insider is nearly 50 times greater than the cost of an external attack. Further, it is estimated that over 80% of information security incidents for the past four years are the result of insiders. Intrusion detection systems have traditionally targeted those who attack outside of trusted network boundaries. What is desperately needed are mechanisms that monitor insider activity and detect actions at the host level that may be malicious. This paper presents an overview of innovative approaches to detect malicious insiders who operate inside trusted network boundaries.

Black Box Debugging

Modern software development practices build applications as a collection of collaborating components. Unlike older practices that linked compiled components into a single monolithic application, modern executables are made up of any number of executable components that exist as separate binary files. This design means that as an application component needs resources from another component, calls are made to transfer control or data from one component to another. Thus, we can observe externally visible application behaviors by watching the activity that occurs across the boundaries of the application’s constituent components.

Perfect Storm: The Insider, Naivety, and Hostility

Every year corporations and government installations spend millions of dollars fortifying their network infrastructures. Firewalls, intrusion detection systems, and antivirus products stand guard at network boundaries, and individuals monitor countless logs and sensors for even the subtlest hints of network penetration. Vendors and IT managers have focused on keeping the wily hacker outside the network perimeter, but very few technological measures exist to guard against insiders - those entities that operate inside the fortified network boundary. The 2002 CSI/FBI survey estimates that 70 percent of successful attacks come from the inside. Several other estimates place those numbers even higher.

Editorial message: special track on software engineering: applications, practices and tools

The Special Track on Software Engineering Software engineering by nature is a broad field that brings together people from various disciplines in computing and beyond. It has a particularly wide appeal as it draws academic and commercial researchers as well as professional engineers. The goal of this special track has always been to solicit high quality submissions that reflect this diversity with an emphasis on novel, practical ideas and useful, practicable results. Authors from around the world responded to our call for papers with several strong submissions, and we are pleased with the papers that have been selected for this year’s track. The authors represented universities, research institutes, and companies from over 10 countries, including the United States, Cyprus, France, China, Italy, Spain, India, Germany, Australia, Greece, Israel, the United Kingdom, Austria, Finland, and Norway. In the end, 40 submissions were made but, after 120 reviews, only 10 papers were ultimately accepted. We briefly introduce these papers below.