Title page for ETD etd-04232010-000938


Type of Document Master's Thesis
Author Frazier, Edward Snead
Author's Email Address beau4@vt.edu
URN etd-04232010-000938
Title Assessing Security Vulnerabilities: An Application of Partial and End-Game Verification and Validation
Degree Master of Science
Department Electrical and Computer Engineering
Advisory Committee
Advisor Name Title
Arthur, James D. Committee Chair
Marchany, Randolph C. Committee Member
Tront, Joseph G. Committee Member
Keywords
  • Access Driven VV&T
  • Assumptions
  • Constraints
  • Assessment
  • Vulnerabilities
  • Software Security
Date of Defense 2010-04-21
Availability unrestricted
Abstract
Modern software applications are becoming increasingly complex, prompting a need for expandable software security assessment tools. Violable constraints/assumptions presented by Bazaz [1] are expandable and can be modified to fit the changing landscape of software systems. Partial and End-Game Verification, Validation, and Testing (VV&T) strategies utilize the violable constraints/assumptions and are established by this research as viable software security assessment tools.

The application of Partial VV&T to the Horticulture Club Sales Assistant is documented in this work. Development artifacts relevant to Partial VV&T review are identified. Each artifact is reviewed for the presence of constraints/assumptions by translating the constraints/assumptions to target the specific artifact and software system. A constraint/assumption review table and accompanying status nomenclature are presented that support the application of Partial VV&T. Both the constraint/assumption review table and status nomenclature are generic, allowing them to be used in applying Partial VV&T to any software system. Partial VV&T, using the constraint/assumption review table and associated status nomenclature, is able to effectively identify software vulnerabilities.

End-Game VV&T is also applied to the Horticulture Club Sales Assistant. Base test strategies presented by Bazaz [1] are refined to target system specific resources such as user input, database interaction, and network connections. Refined test strategies are used to detect violations of the constraints/assumptions within the Horticulture Club Sales Assistant. End-Game VV&T is able to identify violation of constraints/assumptions, indicating vulnerabilities within the Horticulture Club Sales Assistant. Addressing vulnerabilities identified by Partial and End-Game VV&T will enhance the overall security of a software system.

Files
  Filename       Size       Approximate Download Time (Hours:Minutes:Seconds) 
 
 28.8 Modem   56K Modem   ISDN (64 Kb)   ISDN (128 Kb)   Higher-speed Access 
  Frazier_ES_T_2010.pdf 5.07 Mb 00:23:29 00:12:04 00:10:34 00:05:17 00:00:27

Browse All Available ETDs by ( Author | Department )

dla home
etds imagebase journals news ereserve special collections
virgnia tech home contact dla university libraries

If you have questions or technical problems, please Contact DLA.