Lance Fiondella, Prof. e Diretor do Centro de Cibersegurança da University of Massachusetts Dartmouth, realiza palestra com o tema “Covariate Software Vulnerability Discovery Model to Support Cybersecurity Test & Evaluation”

Momento acontece na segunda-feira (15/05), às 10h, no anfiteatro do CIn-UFPE (Bloco B)

O Professor e Diretor do Centro de Cibersegurança da University of Massachusetts Dartmouth, Lance Fiondella, apresentará, na próxima segunda-feira (15), às 10h, no anfiteatro do CIn (Bloco B) a palestra intitulada “Covariate Software Vulnerability Discovery Model to Support Cybersecurity Test & Evaluation.” Fiondella realiza pesquisas nas áreas de confiabilidade de sistema e software e engenharia de resiliência. A apresentação será presencial e proferida em inglês.

Resumo da palestra em inglês:

Vulnerability discovery models (VDM) have been proposed as an application of software reliability growth models (SRGM) to software security related defects. VDM model the number of vulnerabilities discovered as a function of testing time, enabling quantitative measures of security. Despite their obvious utility, past VDM have been limited to parametric forms that do not consider the multiple activities software testers undertake in order to identify vulnerabilities. In contrast, covariate SRGM characterize the software defect discovery process in terms of one or more test activities. However, data sets documenting multiple security testing activities suitable for application of covariate models are not readily available in the open literature.

To demonstrate the applicability of covariate SRGM to vulnerability discovery, this research identified a web application to target as well as multiple tools and techniques to test for vulnerabilities. The time dedicated to each test activity and the corresponding number of unique vulnerabilities discovered were documented and prepared in a format suitable for application of covariate SRGM. Analysis and prediction were then performed and compared with a flexible VDM without covariates, namely the Alhazmi-Malaiya Logistic Model (AML). Our results indicate that covariate VDM significantly outperformed the AML model on predictive and information theoretic measures of goodness of fit, suggesting that covariate VDM are a suitable and effective method to predict the impact of applying specific vulnerability discovery tools and techniques.