Software Security

Software security is a growing concern among both government and commerical organizations. Flaws in the design or development of software can lead to full-scale security breaches causing millions of dollars in damage. Malicious adversaries can develop attacks that cripple information systems. Cigital Labs has a strong record of addressing these concerns in areas such as:

Related Projects

Quantifying Minimum-time-to-Intrusion Based on Dynamic Software Safety Assessment
An Analytical Investigation of Software Mutation for Increased Information Survivability
Dynamic Security Analysis of COTS Applications
Adaptive Vulnerability Analysis for Java as a Defensive Information Warfare Technology
A Tool for Detecting the Existence of Unknown Corruptions in Real-Time
A Collusion Resistant Digital Fingerprinting Method for Software
Malicious Software Detection in Program Executables
Sandboxing Mobile Code Execution Environments
An Investigation of Extensible System Security for Highly Resource-Constrained Wireless Devices
AOP: An Aspect-Oriented Security Assurance Solution
Automatic Synthesis of Program-based Triggers for Intrusion Tolerance Mechanisms
Computing Platform Coverage via Light Host-Based Intrusion Detection
Automated Malicious Code Detection
Software Metrics for the Analysis of Suspect Executables
Malicious Software Detection for Resource Constrained Devices
Protection Against Reverse Engineering
A Pattern-Based Detection Tool for Security Vulnerabilities in Binary Executables
Control Plane Red Team
A Plausible Dependability Model for Component-Based Software
Certifying Security in Electronic Commerce Components

Related Publications

Malicious Software

How Things Work: Automated Code Review Tools for Security (PDF)
G. McGraw
Computer (December 2008)

Web Applications and Software Security (HTML)
G. McGraw
informIT (November 14, 2008)

A Software Security Framework: Working Towards a Realistic Maturity Model (HTML)
G. McGraw, B. Chess
informIT (October 15, 2008)

Getting Past the Bug Parade (HTML)
G. McGraw
informIT (September 17, 2008)

Software Security Demand Rising (HTML)
G. McGraw
informIT (August 11, 2008)

Application Assessment as a Factory (HTML)
G. McGraw
informIT (July 17, 2008)

Securing Web 3.0 (HTML)
G. McGraw
informIT (May 15, 2008)

Paying for Secure Software (HTML)
G. McGraw
informIT (April 7, 2008)

The Truth Behind Code Analysis (HTML)
G. McGraw
Dark Reading (February 13, 2008)

Software Security Strategies (HTML)
G. McGraw
Dark Reading (January 9, 2008)

Beyond the PCI Band-Aid (HTML)
G. McGraw
Dark Reading (December 10, 2007)

Using Attack Graphs to Design Systems (PDF)
S. Gupta, J. Winstead
IEEE Security & Privacy (Nov/Dec 2007)

Online Games & the Law (HTML)
G. McGraw
Dark Reading (October 11, 2007)

Mobile Insecurity (HTML)
G. McGraw
Dark Reading (September 14, 2007)

Online Games and Security (PDF)
G. McGraw, G. Hoglund
IEEE Security & Privacy (Sep/Oct 2007)

The Ultimate Insider (HTML)
G. McGraw
Dark Reading (August 14, 2007)

Consolidate This (HTML)
G. McGraw
Dark Reading (July 12, 2007)

JSON, Ajax & Web 2.0 (HTML)
G. McGraw
Dark Reading (June 7, 2007)

Certifiable (HTML)
G. McGraw
Dark Reading (May 9, 2007)

Want Turns to Need (HTML)
G. McGraw
Dark Reading (April 20, 2007)

Compliance As Kick-Starter (HTML)
G. McGraw
Dark Reading (March 12, 2007)

Security's Symbiosis (HTML)
G. McGraw
Dark Reading (February 27, 2007)

Hurray for Hollywood!? (HTML)
G. McGraw
Dark Reading (January 12, 2007)

Foxy Vista Henhouse (HTML)
G. McGraw
Dark Reading (December 11, 2006)

Defining Misuse Within the Development Process (PDF)
G. Petersen, J. Steven
IEEE Security & Privacy (Nov/Dec 2006)

Boarding-Pass Brouhaha (HTML)
G. McGraw
Dark Reading (November 2, 2006)

Diebold Disses Democracy (HTML)
G. McGraw
Dark Reading (October 9, 2006)

Essential Factors for Successful Software Security Awareness Training (PDF)
K. Van Wyk, J. Steven
IEEE Security & Privacy (Sep/Oct 2006)

Keep Your Laws Off My Security (HTML)
G. McGraw
Dark Reading (September 7, 2006)

Essential Factors for Successful Software Security Awareness Training (PDF)
K. VanWyk, J. Steven
IEEE Security & Privacy (Sep/Oct 2006)

Google is Evil (HTML)
G. McGraw
Dark Reading (August 4, 2006)

Introduction to Identity Management Risk Metrics (PDF)
G. Petersen (ed. J. Steven)
IEEE Security & Privacy (Jul/Aug 2006)

Introduction to Identity Management Risk Metrics (PDF)
G. Peterson
IEEE Security & Privacy (Jul/Aug 2006)

If You Build It, They'll Crash It (HTML)
G. McGraw
Dark Reading (July 7, 2006)

A framework for creating custom rules for static analysis tools (PDF)
E. Dalci, J. Steven
Static Analysis Summit at NIST (June 29, 2006)

As Security Problems Grow, Time for Software Assessment Is Now (HTML)
G. McGraw
SD Times (June 1, 2006)

Beyond the Badness-ometer (HTML)
G. McGraw
Dr. Dobbs (June 30, 2006)

New Terrorist Profile: Phone Users (HTML)
G. McGraw
Dark Reading (June 13, 2006)

Putting the Tools to Work: How to Succeed with Source Code Analysis (PDF)
P. Chandra, B. Chess, J. Steven
IEEE Security & Privacy (May/Jun 2006)

Microsoft's Missed Opportunity (HTML)
G. McGraw
Dark Reading (May 3, 2006)

How Flawed is Microsoft? (PDF)
G. McGraw
IT Architect Magazine, March 1, 2006.

Adopting an Enterprise Software Security Framework (PDF)
J. Steven
IEEE Security & Privacy (Mar/Apr 2006)

Is Application Security Training Worth the Money? (PDF)
G. McGraw
IT Architect Magazine, February 1, 2006.

Software Security and SOA: Danger, Will Robinson! (PDF)
J. Epstein, S. Matsuomoto, G. McGraw
IEEE Security & Privacy (Jan/Feb 2006)

Is Sony BMG Run By Malicious Hackers? (PDF)
G. McGraw
IT Architect Magazine, January 1, 2006.

When Does Security Cross the Line? (PDF)
G. McGraw
IT Architect Magazine, December 1, 2005.

Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors (PDF)
K. Tsipenyuk, B. Chess, G. McGraw
IEEE Security & Privacy (Nov/Dec 2005)

Is Security Really About Getting Nothing Done? (PDF)
G. McGraw
IT Architect Magazine, November 1, 2005.

How Bad Is Intrusion Detection? (PDF)
G. McGraw
IT Architect Magazine, October 1, 2005.

Bridging the Gap Between Software Development and Information Security (PDF)
K.R. van Wyk, G. McGraw
IEEE Security & Privacy (Sep/Oct 2005)

Is Cisco Naked? (PDF)
G. McGraw
IT Architect Magazine, September 1, 2005.

Is VoIP Secure Enough For Prime Time? (PDF)
G. McGraw
IT Architect Magazine, August 1, 2005.

A Portal for Software Security (PDF)
N.R. Mead and G. McGraw
IEEE Security & Privacy (Jul/Aug 2005)

Is Penetration Testing a Good Idea? (PDF)
G. McGraw
Network Magazine, July 1, 2005.

Are Cell Phones the Next Target? (PDF)
G. McGraw
Network Magazine, June 1, 2005.

Adopting a Software Security Improvement Program (PDF)
D. Taylor and G. McGraw
IEEE Security & Privacy (May/Jun 2005)

How Does Security Fit With Engineering? (PDF)
G. McGraw
Network Magazine, May 1, 2005.

Is Your Mac Really More Secure? (PDF)
G. McGraw
Network Magazine, April 1, 2005.

Knowledge for Software Security (PDF)
S. Barnum, G. McGraw
IEEE Security & Privacy (Mar/Apr 2005)

Where Does Trust Come From? (PDF)
G. McGraw
Network Magazine, March 1, 2005.

Are We In a Computer Security Renaissance? (PDF)
G. McGraw
Network Magazine, February 1, 2005.

Innovative Rootkits: The Ultimate Weapon? (PDF)
G. McGraw
Network Magazine, January 1, 2005.

Software Penetration Testing (PDF)
B. Arkin, S. Stender, G. McGraw
IEEE Security & Privacy (Jan/Feb 2005)

How Do Real Bad Guys Break Software? (PDF)
G. McGraw
Network Magazine, December 1, 2004.

Static Analysis for Security (PDF)
B. Chess and G. McGraw
IEEE Security & Privacy (Nov/Dec 2004)

Application Security Testing Tools: Worth the Money? (PDF)
G. McGraw
Network Magazine, November 1, 2004.

Who Should Do Security? (PDF)
G. McGraw
Network Magazine, October 1, 2004.

Software Security Testing (PDF)
B. Potter and G. McGraw
IEEE Security & Privacy (Sep/Oct 2004)

A Subliminal Channel in Secret Block Ciphers
A. Young, M. Yung
Selected Areas in Cryptography, August 9-10, 2004.

Risk Analysis in Software Design (PDF)
D. Verdon, G. McGraw
IEEE Security & Privacy (July/August 2004; pp. 32-37) (Building Security In)

Exploiting Software: The Achilles' Heel of CyberDefense (PDF / HTML)
G. McGraw, G. Hoglund
CyberDefense Magazine (June 2004)

Misuse and Abuse Cases: Getting Past the Positive (PDF)
P. Hope, G. McGraw, A. Anton
IEEE Security & Privacy (May/Jun 2004)

Mitigating Insider Threats to RSA Key Generation (PS / Word)
A. Young
RSA Laboratories' Cryptobytes (Spring 2004; Vol. 6, No. 1)

Dire Straits (HTML)
G. McGraw, G. Hoglund
Information Security (April 2004)

Software Security (PDF)
G. McGraw
IEEE Security & Privacy (March/April 2004; Volume 2, Number 2, pp. 32-35)

Misuse and Abuse Cases: Getting Past the Positive (PDF)
G. McGraw, P. Hope, A. Anton
IEEE Security & Privacy (March/April 2004; Vol. 2, No. 3, pp. 32-34) (Building Security In)

Regulation and Information Security: Can Y2K Lessons Help Us? (PDF)
J. Payne
IEEE Security & Privacy (March/April 2004; Vol. 2, No. 2, pp. 32-35) (On the Horizon)

Processes to Produce Secure Software (PDF)
G. McGraw, et al.
National Cyber Security Summit

A Key Recovery System as Secure as Factoring
A. Young, M. Yung
CT-RSA Conference, 2004.

Relationships Between Diffie-Hellman and Index Oracles
A. Young, M. Yung
Fourth Conference on Security in Communication Networks '04, 2004.

Assessing Acquired Software via Software Fault Injection (HTML)
J. Voas
Software Tech News (Vol. 6, No. 2, December 2003)

Backdoor Attacks on Black-Box Ciphers Exploiting Low-Entropy Plaintexts
A. Young, M. Yung
Eighth Australasian Conference on Information Security and Privacy (ACISP), Lecture Notes in Computer Science (LNCS), July 9-11, Springer-Verlag, 2003.

Non-Zero Sum Games and Survivable Malware
A. Young
Proceedings of the 4th Annual IEEE Information Assurance Workshop, June 18-20, United States Military Academy, West Point, New York, 2003.

A Weakness in Smart-Card PKI Certification
A. Young
Proceedings of the 4th Annual IEEE Information Assurance Workshop, June 18-20, United States Military Academy, West Point, New York, 2003.

A Toolkit for Detecting and Analyzing Malicious Software (PDF)
M. Weber, M. Schmid, D. Geyer, M. Schatz
Annual Computer Security Applications Conference (ACSAC'02), Las Vegas, NV, December, 2002.

Protecting Data from Malicious Software (PDF)
M. Schmid, F. Hill, A. Ghosh
Annual Computer Security Applications Conference (ACSAC'02), Las Vegas, NV, December, 2002.

Building Secure Software: Better than Protecting Bad Software (PDF)
G. McGraw
IEEE Software (November/December 2002; Vol. 19, No. 6, pp. 57-59) (Point/Counterpoint with Greg Hoglund)

Putting Software Terminology To the Test (PDF)
J. Steven
IEEE Software (May/June 2002)

Choosing a programming language and a distributed object platform (HTML)
G. McGraw, J. Viega
IBM developerWorks (Feb 1, 2002)

Operating systems and authentication technologies (HTML)
G. McGraw, J. Viega
IBM developerWorks (Feb 1, 2002)

Seven Factors to Consider When Redesigning Your Site (HTML)
R. MacMichael
IT Professional, July/August 2001.

Testing Commercial-off-the-Shelf Software Components (Word)
J. Haddox, G. Kapfhammer, C. Michael, M. Schatz
Proceedings of the 18th International Conference and Exposition on Testing.

Controlling the Execution of Unauthorized Software (PS / PDF / Word)
M. Schmid, J.T. Bloch, F. Hill, A. Ghosh
To appear in the Proceedings of the 2001 DARPA Information Survivability Conference & Exposition, June 2001, Anaheim, CA.

Bandwidth-Optimal Kleptographic Attacks
A. Young, M. Yung
Cryptographic Hardware and Embedded Systems (CHES), 2001.

A PVSS as Hard as Discrete Log and Shareholder Separability
A. Young, M. Yung
PKC 2001 (Public Key Crypto).

Secure mobile gambling
M. Jakobsson, D. Pointcheval, A. Young
CT-RSA Conference 2001.

Protecting passwords: Part 2 (HTML)
G. McGraw, J. Viega
IBM developerWorks (September 2000)

Protecting passwords: Part 1 (HTML)
G. McGraw, J. Viega
IBM developerWorks (August 2000)

Make your software behave: Cryptography essentials (HTML)
G. McGraw, T. O'Connor
IBM developerWorks (July 2000)

Make your software behave: Tried and true encryption (HTML)
G. McGraw, J. Viega
IBM developerWorks (Jun 1, 2000)

Make your software behave: Software strategies (HTML)
G. McGraw, J. Viega
IBM developerWorks (May 2, 2000)

Make your software behave: Everything to hide (HTML)
G. McGraw, J. Viega
IBM developerWorks (May 18, 2000)

Make your software behave: Playing the numbers (HTML)
G. McGraw, J. Viega
IBM developerWorks (Apr 4, 2000)

Make your software behave: Beating the Bias: How to approach truly random number generation through hardware (HTML)
G. McGraw, J. Viega
IBM developerWorks (Apr 1, 2000)

Make your software behave: An anatomy of attack code (HTML)
G. McGraw, J. Viega
IBM developerWorks (Mar 21, 2000)

Make your software behave: CGI programming made secure (HTML)
G. McGraw, J. Viega
IBM developerWorks (Mar 28, 2000)

Two State-Based Approaches to Program-based Anomaly Detection (PS / PDF)
C. Michael, A. Ghosh
Proceedings of ACSAC 2000, December 2000.

Software security principles, Part 5: On keeping secrets, trusting others, and following the crowd (HTML)
G. McGraw, J. Viega
IBM developerWorks (December 2000)

Software security principles, Part 4: Keep it simple; keep it private (HTML)
G. McGraw, J. Viega
IBM developerWorks (December 2000)

Software security principles: Part 2: Defense in depth and secure failure (HTML)
G. McGraw, J. Viega
IBM developerWorks (November 2000)

Software security principles, Part 3: Controlling access: Least privilege and compartmentalization (HTML)
G. McGraw, J. Viega
IBM developerWorks (November 2000)

A Real-Time Intrusion Detection System Based on Learning Program Behavior (PS / PDF)
A.K. Ghosh, C.C. Michael, and M.A. Schatz
Recent Advances in Intrusion Detection; Third International Workshop, RAID 2000.

Execution Control Lists: An Approach to Defending Against New and Unknown Malicious Software (PS / PDF)
A.K. Ghosh, M. Schmid
In Proceedings of the Information Survivability Workshop 2000, October 24-26, 2000, Boston, MA.

Software security for developers: One-time pads (HTML)
G. McGraw, J. Viega
IBM developerWorks (October 2000)

Make your software behave: Security by obscurity (HTML)
G. McGraw, J. Viega
IBM developerWorks (October 2000)

Software security principles: Part 1: The chain is only as strong as its weakest link (HTML)
G. McGraw, J. Viega
IBM developerWorks (October 2000)

Statically Scanning Java Code: Finding Security Vulnerabilities
G. McGraw, J. Viega
IEEE Software (September/October 2000)

An Approach to Identifying and Understanding Problematic COTS Components (PS / PDF)
G. Kapfhammer, C. Michael, J. Haddox, R. Coyler
Presented at ISACC 2000, The Software Risk Management Conference.

Preliminary Cryptanalysis of Reduced-Round Serpent (PS / PDF)
T. Kohno, J. Kelsey, and B. Schneier
Third AES Candidate Conference, April 13-14, 2000.

Deriving Accurate Operational Profiles for Mass-Marketed Software (PS / PDF)
J. Voas
Submitted to 4th International Conference on Empirical Assessment & Evaluation in Software (EASE 2000).

Limited Software Warranties (PS / PDF)
J. Voas
To be presented at ECBS 2000, April 2000.

Amplified Boomerang Attacks Against Reduced-Round MARS and Serpent (PS / PDF)
J. Kelsey, T. Kohno, B. Schneier
Seventh Fast Software Encryption Workshop, Springer-Verlag, April 10-12, 2000.

Make your software behave: Preventing buffer overflows (HTML)
G. McGraw, J. Viega
IBM developerWorks (Mar 7, 2000)

Make your software behave: Learning the basics of buffer overflows (HTML)
G. McGraw, J. Viega
IBM developerWorks (Mar 1, 2000)

Make your software behave: Brass tacks and smash attacks (HTML)
G. McGraw, J. Viega
IBM developerWorks (Mar 14, 2000)

Make your software behave: Assuring your software is secure (HTML)
G. McGraw, J. Viega
IBM developerWorks (Feb 28, 2000)

Techniques for Evaluating the Robustness of Windows NT Software (PDF / Word)
M. Schmid, A.K. Ghosh, F. Hill
To appear in the 2000 DARPA Information Survivability Conference & Exposition (DISCEX'00), January 2000, Hilton Head, SC.

Software Fault Injection (PS / PDF)
J. Voas
IEEE Spectrum, to appear in 2000.

"User Participation"-Based Software Certification (PS / PDF / Word)
J. Voas
To appear in IEEE Computer, early 2000.

Dependability Certification of Software Components (PS / PDF)
J. Voas and J. Payne
Journal of Systems and Software, 2000.

RSA Based Auto-Recoverable Cryptosystems
A. Young, M. Yung
Proceedings of Public Key Cryptography (PKC), 2000.

Hash to the Rescue: Space Minimization for PKI Directories
A. Young, M. Yung
ICISC 2000 (International Conf. on Info. Sec. and Crypto).

Towards Signature-Only Signature Schemes
A. Young, M. Yung
Asiacrypt 2000.

Third-Party Usage Profiling: A Model for Optimizing the Mass-Marketed Software Industry (PS / PDF)
J. Voas
Submitted to IEEE Software.

Can Chaotic Methods Actually Improve Software Quality Predictions? (PS / PDF)
J. Voas
IEEE Software, to appear in 2000.

An Approach to Testing COTS Software for Robustness to Operating System Exceptions and Errors (PS / PDF)
A.K. Ghosh, M. Schmid
To appear in the 1999 International Symposium on Software Reliability Engineering (ISSRE99), November 1-4, 1999, Boca Raton, FL.

Software Malleability: We're Losing It! (PDF)
J. Voas
In the proceedings of the 2nd Annual Systems Engineering and Supportability Conference, September 1999, San Diego, CA.

How We Learned to Cheat in Online Poker: A Study in Software Security (PDF / HTML)
B. Arkin, F. Hill, S. Marks, M. Schmid, T.J. Walls, G. McGraw
Developer.Com, 09/28/99.

Predicting When to Reboot "Continuously Operating" Embedded Software (HTML)
J. Voas, F. Charron
In proceedings of CONQUEST'99, September 1999, Nuremburg, Germany.

Making software behave (HTML)
G. McGraw, J. Viega
IBM developerWorks (Sep 28, 1999)

This Decade's Eight Greatest Myths About Software Quality (PS / PDF)
J. Voas
IEEE Software, July 1999.

Inoculating Software for Survivability (PS / PDF)
A. Ghosh, J. Voas
Communications of the ACM, July 1999.

A Recipe for Certifying High Assurance Software (PS / PDF)
J. Voas
IEEE Software, July 1999.

Data Generation Techniques for Automated Software Robustness Testing (PDF / Word)
M. Schmid, F. Hill
Sixteenth International Conference on Testing Computer Software (ICTCS'99)

User Participation-Based Software Certification (PS / PDF)
J. Voas
In proceedings of Eurovav'99, Oslo, Norway, June 1999.

Quality Meets the CEO (PDF)
J. Payne
Software Testing & Quality Engineering, May/June 1999 (Vol. 1, Iss. 3)

Wrapping Windows NT Software for Robustness (PS / PDF)
A. Ghosh, M. Schmid, F. Hill
To appear in Proceedings of the 29th International Fault Tolerant Computer Symposium (FTCS-29), June 15-18, 1999, Madison, WI.

A Government-Controlled United States Software/IT Industry? (PS / PDF)
J. Voas
IEEE Software, May 1999.

Why COTS Software Increases Security Risks (PS / PDF)
G. McGraw, J. Viega
ICSE Workshop on Testing Distributed Component-Based Systems, May 1999.

Java 2 security and stack inspection (HTML)
G. McGraw
Gamelan.com, May 12, 1999.

Software Assurance for Security (PDF / Word)
G. McGraw
IEEE Computer 32(4), pages 103-105. April 1999.

Learning Program Behavior Profiles for Intrusion Detection (PS / PDF)
A.K. Ghosh, A. Schwartzbard, M. Schatz
To appear in Proceedings of the 1st USENIX Workshop on Intrusion Detection and Network Monitoring, April 9-12, 1999, Santa Clara, CA.

Can Critical Information Infrastructure Protection be Achieved with Untested Software? (PS / PDF)
J. Voas
IEEE Software, March 1999.

Disposable Information Systems: The Future of Software Maintenance? (PS / PDF)
J. Voas
Journal of Software Maintenance, March 1999.

Software Hazard Mining (PS / PDF)
J. Voas
For the IEEE Workshop on Application Specific Software Engineering and Technology (ASSET'99), March, 1999. Richardson, TX.

Using Program Behavior Profiles for Intrusion Detection (PS / PDF)
A.K. Ghosh, A. Schwartzbard, M. Schatz
SANS Conference and Workshop on Intrusion Detection and Response, Technical Conference, Workshop on the State of the Art and Future Directions of Intrusion Detection and Response, February 12-13, San Diego, CA, pp. 1-20 -- 1-26.

Protecting Against What? The Achilles Heel of Information Assurance (PDF)
J. Voas
IEEE Software, January 1999.

Auto-Recoverable Auto-Certifiable Cryptosystems (a survey)
A. Young, M. Yung
CQRE, Springer-Verlag, LNCS, 1999.

Auto-Recoverable Cryptosystems with Faster Initialization and the Escrow Hierarchy
A. Young, M. Yung
Proceedings of Public Key Cryptography (PKC), 1999.

NetHose: A Tool for Finding Vulnerabilities in Network Stacks (PS / PDF)
A. Ghosh, F. Hill, M. Schmid
Short talk at the 1999 IEEE Security and Privacy Symposium, Oakland, CA, 1999.

Using Assertions to Make Untestable Software More Testable (PS / PDF)
J. Voas, L. Kassab
Software Quality Professional.

Non-Interactive CryptoComputing for NC1
T. Sander, A. Young, M. Yung
40th Annual Symposium on Foundations of Computer Science (FOCS), IEEE Computer Society, pages 554-566, '99.

Third-Party Java Security Vendors: Solutions or Snake Oil? (Word)
G. McGraw, E. Felten
Java Report, December 1998.

Analyzing Software Sensitivity to Human Error (PS / PDF)
J. Voas
Failure and Lessons Learned in Information Technology Management - An International Journal 2(4), December, 1998.

Detecting Anomalous and Unknown Intrusions Against Programs (PS / PDF)
A.K. Ghosh, J. Wanken, F. Charron
Proceedings of Annual Computer Security Applications Conference (ACSAC'98), December 7-11, 1998, Scottsdale, AZ.

Twelve Rules for Developing More Secure Java Code (HTML)
G. McGraw, E. Felten
Java World, December 1998.

Mobile Code Security (HTML)
G. McGraw and E. Felten
Editors, IEEE Internet Computing, November/December 1998.

Will Software Failures Halt the Availablility of Business Insurance? (PS / PDF)
J. Voas
International Symposium on Software Reliability Engineering (ISSRE'98), November 4-7, 1998, Paderborn, GE.

Wrapping Windows NT Binary Executables for Failure Simulation (PS / PDF)
A.K. Ghosh, M. Schmid
Fast abstract to appear in the International Symposium on Software Reliability Engineering (ISSRE'98), November 4-7, 1998, Paderborn, GE.

Testing the Robustness of Windows NT Software (PS / PDF)
A.K. Ghosh, M. Schmid, and V. Shah
Experience report to appear in the International Symposium on Software Reliability Engineering (ISSRE'98), November 4-7, 1998, Paderborn, GE.

The Software Quality Certification Triangle (PS / PDF / HTML)
J. Voas
Crosstalk, November, 1998.

An Approach for Analyzing the Robustness of Windows NT Software (PS / PDF)
A. Ghosh, V. Shah, M. Schmid
Proceedings of the 21st National Information Systems Security Conference, October 5-8, 1998, p. 383-391. Crystal City, VA.

An Approach for Certifying Security in Software Components (PS / PDF)
A. Ghosh, G. McGraw
Proceedings of the 21st National Information Systems Security Conference, October 5-8, 1998, Crystal City, VA.

Automated Software Test Data Generation for Complex Programs (PS / PDF)
G. McGraw and C. Michael
Proceedings of the 13th IEEE Automated Software Engineering Conference, October 13-16, 1998, Honolulu, Hawaii.

Massive Games of Artificial Life on the Internet: A Testbed for Research on Survivability Architectures (Word)
G. McGraw, K. Sullivan
Proceedings of the Information Survivability Workshop, October 28-30 1998, Orlando, FL.

Studying Behavior to Unlock the Truth About Quality
J. Voas
Cutter IT Journal, September, 1998 (Volume 11, Number 9), p. 7-11.

Privileged code in Java: Why the API changed from JDK1.2beta3 to JDK1.2beta4 (HTML)
G. McGraw
developer.com, August 31, 1998.

E-Commerce Security: No Silver Bullet
A.K. Ghosh
In Proceedings of the IFIP WG 11.3 Working Conference on Database Security, July 15-17, 1998, Chalkidiki, GR.

Maintaining Component-based Systems (PS / PDF)
J. Voas
IEEE Software, July, 1998.

Agent Trustworthiness (PS / PDF)
L. Kassab, J. Voas
Workshop on Mobile Object Systems: Secure Internet Mobile, July, 1998, Brussels, Belgium.

Towards Fault-Tolerant Mobile Agents (PS / PDF)
L. Kassab, J. Voas
Workshop on Distributed Computing on the Web, June, 1998, Rostock, Germany.

Defensive Approaches to Testing Systems that Contain COTS and Third-Party Functionality (PS / PDF)
J. Voas
In Proc. of 15th Int'l. Conference and Exposition on Testing Computer Software, June, 1998.

An Approach to Certifying Off-the-Shelf Software Components (PS / PDF)
J. Voas
IEEE Computer, June, 1998.

An Automated Approach for Identifying Potential Vulnerabilities in Software (PS / PDF)
A. Ghosh, T. O'Connor, G. McGraw
Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA. May 3-6, 1998, pp. 104-114.

Independent Software Measurement's Role in the Liability Puzzle (PS / PDF)
J. Voas
In the Proceeding of The European Software Measurement Conference Antwerp, Belgium May 1998

Testing for Security During Development: Why we should scrap penetrate-and-patch. (PS / PDF)
G. McGraw
IEEE Aerospace and Electronic Systems, April 1998.

A Defensive Approach to Testing Systems that Contain COTS and Third-Party Functionality (PS / PDF)
J. Voas
In the Proceedings AQUIS '98, Venice, April 1998.

Software Certification Laboratories? (PS / PDF)
J. Voas
Crosstalk, April 1998.

OTS Software Failures: Can Anything be Done? (PS / PDF)
J. Voas, J. Payne
In Proceedings of the First IEEE Workshop on Application Specific Software Engineering and Technology (ASSET'98), March, 1998, Dallas

COTS: The Economical Choice? (PS)
J. Voas
IEEE Software (Manager Column), March 1998.

Error Propagation Analysis Studies in a Nuclear Research Code (PDF)
J. Voas, F. Charron, L. Beltracchi
In Proceedings of the 1998 IEEE Aerospace Conference, Snowmass, CO, March 1998.

Certifying Y2K 'Fixes' (PS / PDF)
J. Voas
Crosstalk, January 1998.

Implementing Assertions for Java (HTML)
J. Payne, M. Schatz, M. Schmid
Dr. Dobb's Journal, January 1998.

Smart Cards, Java Cards and Security (HTML)
G. McGraw
developer.com, January 19, 1998.

Finding Length-3 Positive Cunningham Chains and their Cryptographic Significance
A. Young, M. Yung
Algorithmic Number Theory III (ANTS), LNCS vol. 1423, 1998.

Black-Box Symmetric Ciphers Designed for Monopolizing Keys
A. Young, M. Yung
Fast Software Encryption Workshop, 1998.

Auto-Recoverable Auto-Certifiable Cryptosystems
A. Young, M. Yung
Advances in Cryptology, Eurocrypt '98.

Don't Push Me: The Security Implications of Push (HTML)
G. McGraw
developer.com, December 30, 1997.

Fault Injection for the Masses (PS / PDF)
J. Voas
IEEE Computer, December 1997.

Reducing Uncertainty About Common-Mode Failures (PS / PDF)
J. Voas, A. Ghosh, F. Charron, L. Kassab
In Proceedings of ISSRE, November 1997.

Genetic Algorithms for Dynamic Test Data Generation (PS / PDF)
C. Michael, G. McGraw, M. Schatz, and C. Walton
In Proceedings of IEEE International Automated Software Engineering Conference (ASE97), November 3-5, 1997.

Sandboxes and Signatures Part 1: The Future of Executable Content (HTML)
G. McGraw
developer.com, October 7, 1997.

Sandboxes and Signatures Part 2: How to Sign Code for Netscape Communicator (HTML)
G. McGraw, T. O'Connor
developer.com, October 14, 1997.

Simulating Specification Errors and Ambiguities in Systems Employing Diversity (PS / PDF)
J. Voas, L. Kassab
In the Proceedings of 1997 Pacific Northwest Software Quality Conference, October 27-29, 1997.

The Ability of Directed Tests to Predict Software Quality (PS)
C. Michael, J. Voas
In Annals of Software Engineering, August 1997.

Building Software Recovery Assertions from Fault Injection Analysis (PS / PDF)
J. Voas
In Proceedings of COMPSAC'97, August 1997, Washington DC.

Can Clean Pipes Produce Dirty Water? (PS / PDF)
J. Voas
IEEE Software (Quality Time Column), July 1997.

Predicting How Badly "Good" Software can Behave (PS)
J. Voas, F. Charron, G. McGraw, E. Miller, M. Friedman
IEEE Software, July 1997.

Can Clean Pipes Produce Dirty Water? (PS / PDF)
J. Voas
IEEE Software (Quality Time Column), July 1997.

Reusing Tests of Reusable Software Components (PS)
C. Michael
In Proceedings of COMPASS '97, June 1997.

Problems of Accuracy in the Prediction of Software Quality from Directed Tests (PS / PDF)
C. Michael, J. Voas
International Conference on Testing Computer Software, June 1997.

Fault-injection: A Crystal Ball for Software Quality (PS / PDF)
J. Voas, G. McGraw, L. Kassab, L. Voas
IEEE Computer, June 1997, Volume 30, Number 6, pp. 29-36.

Reducing Uncertainty About Common-Mode Failures (PS / PDF)
J. Voas, A. Ghosh, F. Charron, L. Kassab
Submitted to the 12th Annual Conference on Computer Assurance, June 16-20, 1997, Gaithersburg, MD.

Testing for Security During Development: Why We Should Scrap Penetrate-and-Patch (PS)
G. McGraw
In Proceedings of 12th Annual Conference on Computer Assurance, June 16-20, 1997, Gaithersburg, MD.

On the Uniformity of Error Propagation in Software (PS)
C. Michael and R. Jones
In Proceedings of COMPASS '97, June 1997.

Understanding the Keys to Java Security -- The Sandbox and Authentication (HTML)
G. McGraw, E. Felten
Java World, May 1997.

Avoiding Hostile Applets: How to Minimize the Risks of Executable Content (HTML)
G. McGraw, E. Felten
BYTE, May 1997.

Is Your Browser a Blabbermouth? Are Your Ports Being Scanned? (HTML)
G. McGraw
Java World, March 1997.

A Few Assertions about Information Hiding (PS / PDF)
J. Voas
IEEE Software (Quality Time Column), March 1997.

Using Evolution Constraints to Assess the Failure-proneness of Evolving Software (PS)
C. Michael
Proceedings of the First Euromicro Working Conference on Software Maintenance and Reengineering (CSMR97), March 17-19, 1997, Berlin, Germany.

Software Fault-injection: Growing 'Safer' Systems (PS / PDF)
J. Voas
In Proc. of IEEE Aerospace Conference, February, 1997, Snowmass, CO.

Reducing Uncertainty About Survivability (PS / PDF)
J. Voas, G. McGraw, A. Ghosh
Proc. of the 1997 Information Survivability Workshop, February 12-13, 1997, San Diego, CA

A Friendly Introduction to Hostile Applets (HTML)
G. McGraw, E. Felten
Netscape World, February 1997.

Plugs for Java's Security Holes (HTML)
G. McGraw
BYTE, January 1997.

Java Security and Type Safety (HTML)
G. McGraw, E. Felten
BYTE, January 1997.

Encryption Tools for Mobile Agents: Sliding Encryption
A. Young, M. Yung
Fast Software Encryption Workshop.

On the Use of Process Information in Directed Testing (PS)
C. Michael
Software Quality Engineering '97.

Deniable Password Snatching: On the Possibility of Evasive Electronic Espionage
A. Young, M. Yung
IEEE Symposium on Security and Privacy, pages 224-235, 1997.

Kleptography: Using Cryptography against Cryptography
A. Young, M. Yung
Advances in Cryptology, Eurocrypt '97, pages 62-74, Springer, 1997.

The Prevalence of Kleptographic Attacks on Discrete-Log Based Cryptosystems
A. Young, M. Yung
Advances in Cryptology, CRYPTO '97, pages 264-276, Springer, 1997.

Software Testability: Investing in Testing (PS / PDF)
J. Voas, K. Miller
Proceedings of EuroStar'96, Amsterdam, December, 1996.

Glueing Together Software Components: How Good is Your Glue? (PS / PDF)
J. Voas, A. Ghosh, G. McGraw, K.Miller
Proceedings of Pacific Northwest Software Quality Conference, October, 1996.

Investigating Rare-Event Failure Tolerance: Reductions in Uncertainty (PS / PDF)
J. Voas, F. Charron, K. Miller
Proceedings of IEEE High-Assurance Systems Engineering Workshop (HASE'96), In conjunection with the 15th Symposium on Reliable Distributed Systems, Niagara-on-the-Lake, Canada, October, 1996.

Tolerant Software Interfaces: Can COTS-based Systems be Trusted Without Them? (PS / PDF)
J. Voas, F. Charron, K. Miller
Proceedings of the 15th Int'l. Conference on Computer Safety, Reliability, and Security (SAFECOMP'96), Vienna, October, 1996.

Emergent Letter Perception: Implementing the Role Hypothesis (PS / PDF)
G. McGraw, D. Hofstadter
Proceedings of the 18th Annual Conference of the Cognitive Science Society, July 1996.

Automatic Generation of Test-Cases for Software Testing (PS / PDF)
G. McGraw, C. Michael
Proceedings of the 18th Annual Conference of the Cognitive Science Society, July 1996.

Developing Expertise in Software Security: An Outsider's Perspective (PS / PDF)
G. McGraw, A.K. Ghosh
In working notes of the Invitational Workshop on Computer Vulnerability Data Sharing, NIST, June 1996.

Untangling the Woven Web: Testing Web-based Software (PS / PDF)
G. McGraw, D. Hovemeyer
Proceedings of the 13th International Conference on Testing Computer Software (ICTCS), June 1996.

Substituting Voas's Testability Measure for Musa's Fault Exposure Ratio (PS / PDF)
J. Voas, K. Miller
Proceedings of the Int'l. Communications Conference, June, 1996, Dallas, TX.

Building a Java Software Engineering Tool for Testing Applets (PS / PDF)
A.S. Binns, G. McGraw
Proceedings of the IntraNet 96 NY Conference, April 8-10, 1996, New York City.

Testing Software for Characteristics Other than Correctness: Safety, Failure-tolerance, and Security (PS / PDF)
J. Voas
Proceedings of the Int'l. Conf. on Testing Computer Software.

Cryptovirology: Extortion-Based Security Threats and Countermeasures
A. Young, M. Yung
IEEE Symposium on Security and Privacy, pages 129-140, 1996.

Defining an Adaptive Software Security Metric from a Dynamic Software Failure-tolerance Measure (PS / PDF)
J. Voas, G. McGraw, A.K. Ghosh, F. Charron, K. Miller
Proceedings of the 11th Annual Conference on Computer Assurance (COMPASS'96)

The Dark Side of 'Black-Box' Cryptography or: Should We Trust Capstone?
A. Young, M. Yung
Advances in Cryptology, CRYPTO '96, pages 89-103, Springer, 1996.

An Automated Code-based Fault-tree Mitigation Technique (PS / PDF)
J.Voas, K. Miller
Proceedings of 14th Int'l. Conf. on Computer Safety, Security, and Reliability. Italy, October, 1995.

Fault Injection for Logic Synthesis Design using VHDL (PS / PDF)
T.A. DeLong, A.K. Ghosh, B.W. Johnson, J.A. Profeta, III
Mentor Users' Group Symposium 12th Annual International Conference , October 23-27, 1995, Portland, OR.

Detecting Program Modules with Low Testability (PS)
T.M. Khoshgoftaar, R.M. Szabo, J.M. Voas
Proceedings of ICSM'95, Nice, France, October, 1995.

Using Fault Injection to Assess Software Engineering Standards (PS / PDF)
J. Voas, K. Miller
Proceedings of Int'l. Symp. on Software Engineering Standards, August, 1995.

Examining Fault-tolerance Using Unlikely Inputs: Turning the Test Distribution Up-side Down (PS / PDF)
J. Voas, K. Miller
Proceedings of COMPASS'95, Gaithersburg, MD June, 1995.

Procedures for Reducing the Size of Coverage-based Test Sets (PS / PDF)
J. Offutt, J. Pan, J. Voas
Proceedings of 12th Int'l. Conf. on Testing Computer Software. Washington, DC. June, 1995.

Software Testability: The New Verification (PS / PDF)
J. Voas, K. Miller
IEEE Software. May, 1995.

Software Testability Measurement for Assertion Injection and Fault Localization (PS / PDF)
J. Voas
Proceedings of 2nd Int'l. Workshop on Automated and Algorithmic Debugging (AADEBUG'95), St. Malo, France, May, 1995.

Software Testability: An Experiment in Measuring Simulation Reusability (PS)
J. Voas, J. Payne, R. Mills, J. McManus
Proceedings of ACM Sigsoft (SSR'95), Seattle, April 29-30.

Predicting Software's Minimum-time-to-hazard and Mean-time-to-hazard for Rare Input Events (PS / PDF)
J. Voas, K. Miller
Proceedings of the 6th Int'l. Symp. on Softw. Reliability Engineering, 1995, Publisher: IEEE Computer Society.

Confidently Assessing a Zero Probability of Software Failure (PS)
J. Voas, C. Michael, K. Miller
High Integrity Systems Journal. Oxford University Press. 1(3):269-275, 1995.

Putting Assertions in Their Place (PS)
J. Voas, K. Miller
Proceedings of the Int'l. Symposium on Software Reliability Engineering, November 6-9, 1994, Monterey, CA.

A Comparison of a Dynamic Software Testability Metric to Static Cyclomatic Complexity (PS)
J. Voas, K. Miller, J. Payne
Proceedings of 2nd Int'l. Conf. on Software Quality Management, July, 1994, Edinburgh, Scotland, Publisher: Computational Mechanics Publications.

Dynamic Testability Analysis for Assessing Fault Tolerance (PS)
J. Voas, K. Miller
High Integrity Systems Journal. 1(2):171-178, 1994, Oxford University Press.

Formal Testability Analysis (PS)
J. Voas
In the Encyclopedia of Software Engineering, John Wiley & Sons, pp.517--518, 1994.

An Empirical Comparison of a Dynamic Software Testability Metric to Static Cyclomatic Complexity (PS / PDF)
J. Voas, K. Miller, J. Payne
Proceedings of the 18th Annual Software Engineering Workshop, December, 1993, NASA-Goddard Software Engineering Laboratory Series Report 93-003.

Software Testability and Its Application to Avionic Software (PS)
J. Voas, K. Miller, J. Payne
Proceedings of Computers in Aerospace 9, October, 1993, San Diego, CA. Publisher: AIAA.

Dynamic Testability Analysis for Software Safety (PS)
J. Voas, K. Miller, J. Payne
Proceedings of the 2nd IASTED Int'l. Conf. on Reliability, Quality Control and Risk Assessment, October, 1993, Cambridge, MA, Publisher: IASTED-ACTA Press, ISBN: 0-88986-181-1.

Automating Test Case Generation for Coverages Required by FAA Standard DO-178B (PS)
J. Voas, K. Miller, J. Payne
Proceedings of Computers in Aerospace 9, October, 1993, San Diego, CA. Publisher: AIAA.

Confidently Assessing a Zero Probability of Software Failure (PS)
J. Voas, C. Michael, K. Miller
Proceedings of the 12th Int'l. Conf. on Computer Safety, Reliability, and Security , October, 1993, pp. 197-206, Poznan, Poland. Publisher: Springer-Verlag, ISBN 3-540-19838-5.

Faults on Its Sleeve: Amplifying Software Reliability Testing (PS / PDF)
R. Hamlet, J. Voas
Proceedings of the ACM SIGSOFT Int'l. Symposium on Software Testing and Analysis, June, 1993, Cambridge, MA, Publisher: ACM.

A Software Analysis Technique for Quantifying Reliability in High-Risk Medical Devices (PS / PDF)
J. Voas, K. Miller, J. Payne
Proceedings of the 6th IEEE Symposium on Computer-Based Medical Systems, June, 1993, Ann Arbor, MI.

Semantic Metrics for Software Testability (PS)
J. Voas, K. Miller
The Journal of Systems and Software, Elsevier Science Publishers Ltd. 20:207-216, March, 1993.

A Framework for Defining Semantic Metrics (PS)
L. Morell, J. Voas
The Journal of Systems and Software, Elsevier Science Publishers Ltd. 20:245-251, March, 1993.

Applying a Dynamic Testability Technique to Debugging Certain Classes of Software Faults (PS / PDF)
J. Voas, K. Miller
Software Quality Journal, Chapman & Hall, March, 1993, p. 61-75.

Designing Programs That are Less Likely to Hide Faults (PS / PDF)
J. Voas, K. Miller, J. Payne
The Journal of Systems and Software, Elsevier Science Publishers Ltd. 20:93-100, January, 1993.

A Model for Detecting the Existence of Software Corruption in Real Time (PS / PDF)
J. Voas, J. Payne, F. Cohen
Computers and Security J., 11(8), Elsevier Science Publishers Ltd. 1993.

A Model for Assessing the Liability of Seemingly Correct Software (PS / PDF)
J. Voas, L. Voas, K. Miller
Proceedings of the IASTED Int'l. Conf. on Reliability, Quality Control and Risk Assessment, p. 32--35, November, 1992, Washington, D.C, Publisher: IASTED-ACTA Press, ISBN: 0-88986-171-4.

Improving the Software Development Process Using Testability Research (PS / PDF)
J. Voas, K. Miller
Proceedings of the 3rd Int'l. Symp. on Softw. Reliability Engineering , p. 114--121, October, 1992, RTP, NC, Publisher: IEEE Computer Society.

Designing Programs that do not Hide Data State Errors During Random Black-Box Testing (PS)
J. Voas, K. Miller, R. Noonan
Proceedings of the 5th Int'l. Conf. on Putting Into Practice Methods and Tools for Information System Design, September, 1992, Nantes, France.

PIE: A Dynamic Failure-Based Technique (PS / PDF)
J. Voas
IEEE Trans. on Softw. Eng., 18(8):717--727, August, 1992.

Dynamic Testing Complexity Metric (PS / PDF)
J. Voas
Software Quality Journal, 1(2):101--114, Chapman & Hall, June, 1992.

PISCES: A Tool for Predicting Software Testability (PS / PDF)
J. Voas, K. Miller, J. Payne
Proceedings of the Symp. on Assessment of Quality Software Development Tools, May, 1992, p. 297-309, New Orleans, LA, IEEE Computer Society, ISBN: 0-8186-2620-8.

The Revealing Power of a Test Case (PS / PDF)
J. Voas, K. Miller
Journal of Software Testing, Verification, and Reliability, John Wiley and Sons, 2(1):25-42, May, 1992.

Estimating the Probability of Failure when Testing Reveals No Failures (PS)
K. Miller, L. Morell, R. Noonan, S. Park, D. Nicol, B. Murrill, J. Voas
IEEE Trans. on Software Engineering, 18(1):33-44, Jan. 1992.

Factors that Affect Software Testability (PS / PDF)
J. Voas
Proceedings of the 9th Pacific Northwest Softw. Quality Conf., p. 235--247, October, 1991, Portland, OR. Publisher: Pacific Northwest Software Quality Conference, Inc.

A Dynamic Failure Model for Predicting the Impact that a Program Location has on the Program (PS / PDF)
J. Voas
Lecture Notes in Computer Science Series, Vol. 550: Proc. of the 3rd European Softw. Eng. Conf., p. 308--331, October, 1991, Italy, Publisher: Springer-Verlag, A. Van Lamsweerde and A. Fugetta (Eds.).

Predicting Where Faults Can Hide From Testing (PS / PDF)
J. Voas, L. Morell, K. Miller
IEEE Software, 8(2):41--47, March 1991.

Application and OS Security

Building Secure Software