INDIGO Home University of Illinois at Urbana-Champaign logo uic building uic pavilion uic student center

A Layer-Independent Taxonomy for Evaluating Application Security and its application to the Ethos OS

Show full item record

Bookmark or cite this item:

Files in this item

File Description Format
PDF Costa_Francesco.pdf (755KB) (no description provided) PDF
Title: A Layer-Independent Taxonomy for Evaluating Application Security and its application to the Ethos OS
Author(s): Costa, Francesco
Advisor(s): Solworth, Jon A.
Department / Program: Computer Science
Graduate Major: Computer Science
Degree Granting Institution: University of Illinois at Chicago
Degree: MS, Master of Science
Genre: Masters
Subject(s): taxonomy computer security security evaluation taxonomization security flaw software security
Abstract: Security breaches and vulnerability in software are topics that are rapidly gaining importance and fame. Every year about 6000 vulnerabilities are officially classified in the NIST National Vulnerabilities Database. Usually these vulnerabilities are not actually perceived by the final users, who are light years from the technical understanding of what happens in software and services that they daily use. Providing a crisp definition of what is secure software, and how to establish whether or not some software is more secure than other is an extremely hard problem to solve. The goal of this work is not to provide a final answer to a problem that most likely doesn't have a crisp answer, and is intrinsically well suited for having many interpretations depending on the perspective from which is observed. This work focus on the development of a way to approach the problem, understanding the environment related to it and providing means of analyzing and comparing different systems and the applications that run on top of them, from the security perspective. These concerns have been addressed by the creation of a conceptual framework based on a taxonomization process of security flaws in software. The proposed methodology has been applied and tested in a real case involving the experimental security-oriented operating system Ethos.
Issue Date: 2012-12-10
Genre: thesis
Rights Information: Copyright 2012 Francesco Costa
Date Available in INDIGO: 2014-06-11
Date Deposited: 2012-08

This item appears in the following Collection(s)

Show full item record


Country Code Views
United States of America 349
China 121
Russian Federation 31
Germany 6
Italy 6


My Account


Access Key