Assessing Security of Software Components for Internet of Things: A Systematic Review and Future Directions

Liao, Zitian; Nazir, Shah; Khan, Habib Ullah; Shafiq, Muhammad

doi:https://doi.org/10.1155/2021/6677867

Security and Communication Networks

On this page

Abstract Introduction Results and Discussion Conclusion Data Availability Conflicts of Interest References Copyright Related Articles

Special Issue

Security, Trust and Privacy for Cloud, Fog and Internet of Things

View this Special Issue

Review Article | Open Access

Volume 2021 | Article ID 6677867 | https://doi.org/10.1155/2021/6677867

Assessing Security of Software Components for Internet of Things: A Systematic Review and Future Directions

Zitian Liao,¹Shah Nazir,²Habib Ullah Khan,³and Muhammad Shafiq⁴

Academic Editor: Shehzad Chaudhry

Received07 Dec 2020

Revised14 Jan 2021

Accepted04 Feb 2021

Published15 Feb 2021

Abstract

Software component plays a significant role in the functionality of software systems. Component of software is the existing and reusable parts of a software system that is formerly debugged, confirmed, and practiced. The use of such components in a newly developed software system can save effort, time, and many resources. Due to the practice of using components for new developments, security is one of the major concerns for researchers to tackle. Security of software components can save the software from the harm of illegal access and damages of its contents. Several existing approaches are available to solve the issues of security of components from different perspectives in general while security evaluation is specific. A detailed report of the existing approaches and techniques used for security purposes is needed for the researchers to know about the approaches. In order to tackle this issue, the current research presents a systematic literature review (SLR) of the present approaches used for assessing the security of software components in the literature by practitioners to protect software systems for the Internet of Things (IoT). The study searches the literature in the popular and well-known libraries, filters the relevant literature, organizes the filter papers, and extracts derivations from the selected studies based on different perspectives. The proposed study will benefit practitioners and researchers in support of the report and devise novel algorithms, techniques, and solutions for effective evaluation of the security of software components.

1. Introduction

The role of component-based software engineering (CBSE) is obvious in software development. Software is designed according to previous experiences and component reusability which can save a lot of time, effort, and resources [1, 2]. Its effort is to bring commercial, cost-effective, and quality system by integrating the existing components. A system is designed using available components which is cheap, already tested, and error-free [1, 3–6]. An individual component is a single part of a software system and is a unit to facilitate reputable functionality in the system. The functionality of such components is combined which forms a complete software system. Two types of interfaces are used in a component such as provided and required interfaces. Both of these interfaces are a source of communication inside the software system. A component can be replaced, modified, and changed according to the requirements of the system. The developments with the use of existing components can save about half of the complete developed software [7]. Compositional approaches have many benefits in the development of software systems from the appearance of development of components which has accordingly produced substantial attention in research and developments in business standards for architectures of domain-specific, component interaction, toolkits, and numerous other applicable fields.

A number of approaches exist for the security of systems [8–12]. The elementary prerequisites of security are demarcated in Availability, Integrity, and Confidentiality [10, 13–17]. Diverse reviews, frameworks, surveys, models, and analysis affecting the IoT security for security investigation are in use. Tekeoglu and Tosun [18] offered a framework of layer-based packet capturing for inspecting IoT devices’ privacy and security. Mazhelis and Tyrväinen [19] assessed platforms of IoT from application provider perceptions. Machine learning (ML) algorithms have exposed a substantial enactment in diverse applications and fields such as text recognition, facial recognition, and detection of spam. These applications of ML have understandable performance in different areas and domains [9, 12, 20–25]. The devices of the Internet of Medical Things (IoMT) are susceptible to quite a lot of security threats, attacks, and liabilities. IoMT devices are suffering commencing massive threats of security due to little costs and power, unlike typical mobile and desktop devices. The malware reproduces itself by negotiating the joining that links the devices of IoT [26]. Mao et al. [27] planned an approach for structuring dependencies of security to measure the implication of system security from an extensive perception. The consequence of small-world and power-law distribution for in- and out-degree in security dependence networks was observed. The authors in [28] planned a method to measure the performance and services’ evaluation of security for the cloud on the ground of a set of evaluation measures using Goal-Question-Metric. The authors in [29] conceived a framework for testing the security of interfaces of automotive Bluetooth with the help of a proof-of-concept tool for carrying out a test on a vehicle with the support of a planned framework. Nazir et al. [1] presented an approach for assessing software security of components via the analytic network process (ANP). The approach of ANP can work in a complex situation where the dependence arises among diverse network nodes.

The proposed research presents an SLR of the existing approaches used by practitioners to protect software systems. The protocol followed for conducting the proposed study is based on [3]. The study searches the literature in the popular and well-known libraries, filters the relevant literature, organizes the filter papers, and extracts derivations from the selected studies based on different perspectives. The following key contributions are achieved by the proposed study:(i)To study the security measures for assessing software security of components(ii)To identify the techniques and methods available for assessing software security of components(iii)To show how these techniques efficiently work for evaluating the security of components

The paper is structured as follows. Section 2 shows the research method focusing on SLR for showing the analysis of the current study. Section 3 shows the results and discussions of the paper with answers to the research questions. The conclusion is presented in Section 4.

2. Methodology

2.1. Research Plan and Process

The SLR is a formal way of searching the keywords, identifying the relevant materials associated with the research, organizing in an efficient way, and deriving meaningful information and derivations from the studies selected. Figure 1 represents the steps followed for the proposed research where firstly the review protocol is defined, then the search strategies are defined for the research, then the search strategies are documented, the relevant materials are included while the rest of the materials are excluded, the quality assessment is done for the selected papers, and lastly the data analysis is extracted from the included papers.

2.2. Research Questions

Below are the questions which were defined for the current study:(1)What can be the security measures for assessing software security of components?(2)What are the techniques and methods available for assessing the security of software components?(3)How efficiently the techniques work for evaluating component security?

2.3. Keywords and Libraries

The keywords (“Software components” OR “components of software”) AND (“security” OR “protection”) AND (“evaluation” OR “assessment” OR “measuring”) were defined to search the libraries. The following libraries were adopted for the process of search. Other libraries were skipped due to the reason that these libraries are publishing materials which are peer-reviewed, while Google Scholar has all of the materials.(i)ACM(ii)Hindawi(iii)IEEE(iv)ScienceDirect(v)Springer

The following are the details of the process of the search for each of the selected library.(i)ACM: [[[All: “software components”] OR [All: “components of software”]] AND [[All: “security”] OR [All: “protection”]] AND [All: (]] OR [All: (] OR [All: “evaluation”] OR [All: “assessment”] OR [All: “measuring”](ii)Hindawi: “(“Software components” OR “components of software”) AND (“security” OR “protection”) AND (“evaluation” OR “assessment” OR “measuring”)”(iii)IEEE: (“All Metadata”:Software components) OR “All Metadata”:components of software) AND “All Metadata”:security) OR “All Metadata”:protection) AND “All Metadata”:evaluation) OR “All Metadata”:assessment) AND “All Metadata”:measuring)(iv)ScienceDirect: “(“Software components” OR “components of software”) AND (“security” OR “protection”) AND (“evaluation” OR “assessment” OR “measuring”)”(v)Springer: “(“Software components” OR “components of software”) AND (“security” OR “protection”) AND (“evaluation” OR “assessments” OR “measuring”)”

Figure 2 shows the process of searching the keywords in the given libraries with the results of the search obtained. The filtering process of papers by title, abstract, and finally contents is also shown in the figure. The figure is initially based on the research questions defined and then the search process in the given libraries with the use of Boolean operators “AND” and “OR.”

Figure 3 shows the number of papers filtered by title and then by an abstract in the given libraries. Initially, huge numbers of papers were obtained during the search process. It was considered that the analysis of all the searched papers was difficult, so due to this reason, the papers were filtered by title for obtaining the relevant papers. After this, a total of 264 papers were obtained which was also difficult to analyze in one process, so these articles were then filtered by abstract, and a total of 198 articles were achieved.

The articles were filtered based on content, and a total of 117 articles were achieved for the given libraries which are shown in Figure 4.

The articles selected are shown in Figure 5.

After this, the details of each library were analyzed which are given hereinafter. The library of ACM was analyzed in the first step for the research article type and content type. This search was for the initial results of the search which is shown in Figure 6.

The article type for the ACM library is shown in Figure 7.

After the initial search process, the materials were filtered to extract only relevant studies. Figure 8 shows the articles published in the mentioned years.

The article types were viewed in the given year. Figure 9 depicts article types and the total number of articles in given years.

After searching the ACM library, the library of the Hindawi publisher was checked for relevant materials related to the proposed study. Figure 10 presents year-wise publication numbers in the library of Hindawi.

Figure 11 represents the total number of articles published in given years based on the types of publications.

The library of IEEE was searched for identifying relevant studies to the proposed research. Figure 12 shows initial search results for publications with publication types in the IEEE library.

The obtained papers from the searched process in the IEEE were then filtered to extract only relevant papers. Figure 13 shows the total number of articles in given years in the IEEE library.

Figure 14 presents publication types with publication numbers in given years in the same library.

The library of ScienceDirect was considered to find the relevant materials to the proposed research. During the initial search process, the publication types were checked which is shown in Figure 15.

The total number of articles was checked in given years. The total number of articles with the year of articles is presented in Figure 16.

The publication titles were also checked that where the papers are published. Figure 17 presents the titles of the articles with a total number of articles.

After filtering the process of papers in the ScienceDirect library, the number of articles in given years was reviewed. The details are given in Figure 18.

Figure 19 presents the total number of articles with the types of publications in given years.

Finally, the library of Springer was searched to obtain the associated material to the proposed research. The initial search results for the number of publications with article types are shown in Figure 20.

After filtering the process of papers, the results were analyzed to obtain meaningful results related to the proposed research. Figure 21 represents article numbers in the given year in the library of Springer.

Figure 22 represents the total number of publications with the type of publications in the given year in the Springer library.

2.4. Quality Assessment of the Selected Papers

The quality assessment process of the carefully chosen articles was done in order to know how much the paper is related to the proposed study. A score of “1” was given to the research paper which completely fulfills the research question, “0.5” was given to the paper somewhat satisfying the research question, and “0” was given to the paper not satisfying the research question. Figure 23 shows the quality score for each paper based on the defined research questions.

Figure 24 shows the sum of the overall score for each paper. The assigned values of the selected papers for all the research questions were summed and the total score is shown in the figure.

3. Results and Discussion

After individual analysis of the libraries, all the references were merged into a single Endnote file to analyze them. It was found that there is an increase in the year-wise number of publications related to the proposed research. Figure 25 shows the number of publications in the given years for the overall libraries collectively.

Figure 26 shows the number of publications along with the type of publications in the given years for all the libraries collectively.

3.1. What Can Be the Security Measures for Assessing the Security of Software Components?

Security features can play a significant role in the smooth running of a particular system. A number of features were identified from the literature based on which the security is evaluated. Table 1 shows the identified list of features from the literature presented by different researchers.

3.2. What Are the Techniques and Methods Available for Assessing the Security of Software Components?

Diverse approaches are presented by the researchers to tackle the issue of security evaluation of software and its components. These approaches work from different perspectives. Table 2 shows the summary of the existing techniques available for security evaluation.

3.3. How Efficiently the Techniques Work for Assessing the Security of Components?

There is high need of effective security evaluation techniques which can efficiently evaluate the security of software system. Such techniques can be useful for the success of software from a business perspective. Table 3 shows the summary of the efficiently used techniques for evaluating the security of software systems.

4. Conclusion

Components of software play an important role in the functionality of the activities of software systems. Components are considered to be reused due to the properties that are already tested, debugged, and experienced in practice. The security of components is important for its nature due to avoidance of happening of illegal or malicious activities that can harm the success of the software system. The security of component can be high if it has a higher level of security. Security of software components can save the software from the harm of illegal access and damages of its contents. Diverse approaches are available to tackle the issues of security of components from diverse perceptions. A detailed report of the existing approaches and techniques used for security purposes is needed through which the researchers should know the in-depth knowledge of approaches, tools, and techniques. The proposed research presents an SLR of the approaches used by practitioners to protect software systems for IoT. The study has searched the literature in the popular and well-known libraries, filters the relevant literature, organizes the filter papers, and extracts derivations from the selected studies based on different perspectives. The proposed research will help practitioners and researchers in presenting new algorithms, techniques, and solutions for efficient assessment of the software components from security perspectives.

Data Availability

No data were used to support this study.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

References

S. Nazir, S. Shahzad, M. Nazir, and H. U. Rehman, “Evaluating security of software components using analytic network process,” in Proceedings of the 11th International Conference on Frontiers of Information Technology (FIT), pp. 183–188, IEEE, Islamabad, Pakistan, December 2013.
View at: Publisher Site | Google Scholar
P. S. Sandhu and H. Singh, “A neuro-fuzzy based software reusability evaluation system with optimized rule selection,” in Proceedings of the 2006 International Conference on Emerging Technologies, pp. 664–669, Peshawar, Pakistan, November 2006.
View at: Publisher Site | Google Scholar
B. Liao, Y. Ali, S. Nazir, L. He, and H. U. Khan, “Security analysis of IoT devices by using mobile computing: a systematic literature review,” IEEE Access, vol. 8, pp. 120331–120350, 2020.
View at: Publisher Site | Google Scholar
M. Li, S. Nazir, H. U. Khan, S. Shahzad, and R. Amin, “Modelling features-based birthmarks for security of end-to-end communication system,” Security and Communication Networks, vol. 2020, Article ID 8852124, 9 pages, 2020.
View at: Publisher Site | Google Scholar
H. U. Rahman, A. U. Rehman, S. Nazir, I. U. Rehman, and N. Uddin, “Privacy and security—limits of personal information to minimize loss of privacy,” in Proceedings of the Future of Information and Communication Conference, pp. 964–974, 2019.
View at: Publisher Site | Google Scholar
S. Nazir, S. Shahzad, S. Mahfooz, and M. N. Jan, “Fuzzy logic based decision support system for component security evaluation,” International Arab Journal of Information and Technology, vol. 15, pp. 1–9, 2015.
View at: Google Scholar
A. Rawashdeh and B. Matalkah, “A new software quality model for evaluating COTS components,” Journal of Computer Science, vol. 2, no. 4, pp. 373–381, 2006.
View at: Publisher Site | Google Scholar
H. H. Song, “Testing and evaluation system for cloud computing information security products,” in Proceedings of the 3rd International Conference on Mechatronics and Intelligent Robotics (ICMIR-2019), pp. 84–87, Kunming, China, May 2019.
View at: Publisher Site | Google Scholar
B. K. Mohanta, D. Jena, U. Satapathy, and S. Patnaik, “Survey on IoT security: challenges and solution using machine learning, artificial intelligence and blockchain technology,” Internet of Things, vol. 11, 2020.
View at: Publisher Site | Google Scholar
R. Diesch, M. Pfaff, and H. Krcmar, “A comprehensive model of information security factors for decision-makers,” Computers & Security, vol. 92, p. 101747, 2020.
View at: Publisher Site | Google Scholar
N. A. B. Mohd and Z. F. Zaaba, “A review of usability and security evaluation model of ecommerce website,” in Proceedings of the Fifth Information Systems International Conference 2019, pp. 1199–1205, Surabaya, Indonesia, July 2019.
View at: Google Scholar
Z. Katzir and Y. Elovici, “Quantifying the resilience of machine learning classifiers used for cyber security,” Expert Systems with Applications, vol. 92, pp. 419–429, 2018.
View at: Publisher Site | Google Scholar
S. Alam, M. M. R. Chowdhury, and J. Noll, “Interoperability of security-enabled internet of things,” Wireless Personal Communications, vol. 61, no. 3, pp. 567–586, 2011.
View at: Publisher Site | Google Scholar
A. Dorri, S. S. Kanhere, R. Jurdak, and P. Gauravaram, “Blockchain for IoT security and privacy: the case study of a smart home,” in Proceedings of the 2017 IEEE international conference on pervasive computing and communications workshops (PerCom workshops), pp. 618–623, Kona, HI, USA, March 2017.
View at: Publisher Site | Google Scholar
R. Mahmoud, T. Yousuf, F. Aloul, and I. Zualkernan, “Internet of things (IoT) security: current status, challenges and prospective measures,” in Proceedings of the 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST), pp. 336–341, London, UK, December 2015.
View at: Publisher Site | Google Scholar
A. W. Atamli and A. Martin, “Threat-based security analysis for the internet of things,” in Proceedings of the 2014 International Workshop on Secure Internet of Things, pp. 35–43, Wroclaw, Poland, September 2014.
View at: Publisher Site | Google Scholar
K. C. Park and D.-H. Shin, “Security assessment framework for IoT service,” Telecommunication Systems, vol. 64, no. 1, pp. 193–209, 2017.
View at: Publisher Site | Google Scholar
A. Tekeoglu and A. Ş. Tosun, “An experimental framework for investigating security and privacy of IoT devices,” in Proceedings of the International Conference on Intelligent, Secure, and Dependable Systems in Distributed and Cloud Environments, pp. 63–83, Vancouver, Canada, November 2017.
View at: Publisher Site | Google Scholar
O. Mazhelis and P. Tyrväinen, “A framework for evaluating Internet-of-Things platforms: application provider viewpoint,” in Proceedings of the 2014 IEEE World Forum on Internet of Things (WF-IoT), pp. 147–152, Seoul, South Korea, March 2014.
View at: Publisher Site | Google Scholar
T. Saranya, S. Sridevi, C. Deisy, T. D. Chung, and M. K. A. A. Khan, “Performance analysis of machine learning algorithms in intrusion detection system: a review,” Procedia Computer Science, vol. 171, pp. 1251–1260, 2020.
View at: Publisher Site | Google Scholar
M. Shafiq, Z. Tian, Y. Sun, X. Du, and M. Guizani, “Selection of effective machine learning algorithm and Bot-IoT attacks traffic identification for internet of things in smart city,” Future Generation Computer Systems, vol. 107, pp. 433–442, 2020.
View at: Publisher Site | Google Scholar
S. Manjiatahsien, Hadiskarimipour, and Petrosspachos, “Machine learning based solutions for security of Internet of Things (IoT): a survey,” Journal of Network and Computer Applications, vol. 161, 2020.
View at: Publisher Site | Google Scholar
X. Wang, J. Li, X. Kuang, Y.-A. Tan, and J. Li, “The security of machine learning in an adversarial setting: a survey,” Journal of Parallel and Distributed Computing, vol. 130, pp. 12–23, 2019.
View at: Publisher Site | Google Scholar
M. Marwan, A. Kartit, and H. Ouahmane, “Security enhancement in healthcare cloud using machine learning,” Procedia Computer Science, vol. 127, pp. 388–397, 2018.
View at: Publisher Site | Google Scholar
M. Belouch, S. El Hadaj, and M. Idhammad, “Performance evaluation of intrusion detection based on machine learning using Apache Spark,” Procedia Computer Science, vol. 127, pp. 1–6, 2018.
View at: Publisher Site | Google Scholar
C. Hosmer, “IoT vulnerabilities,” in Defending IoT Infrastructures with the Raspberry Pi: Monitoring and Detecting Nefarious Behavior in Real Time, pp. 1–15, Apress, Berkeley, CA, USA, 2018.
View at: Google Scholar
W. Mao, Z. Cai, D. Towsley, Q. Feng, and X. Guan, “Security importance assessment for system objects and malware detection,” Computers & Security, vol. 68, pp. 47–68, 2017.
View at: Publisher Site | Google Scholar
T. Halabi and M. Bellaiche, “Towards quantification and evaluation of security of cloud service providers,” Journal of Information Security and Applications, vol. 33, pp. 55–65, 2017.
View at: Publisher Site | Google Scholar
M. Cheah, S. A. Shaikh, O. Haas, and A. Ruddle, “Towards a systematic security evaluation of the automotive bluetooth interface,” Vehicular Communications, vol. 9, pp. 8–18, 2017.
View at: Publisher Site | Google Scholar
I. Sidenko, “Multi-Criteria selection of the wireless communication technology for specialized IoT network,” in Proceedings of the CEUR Workshop, Rome, Italy, November 2014.
View at: Google Scholar
B. Uslu, T. Eren, Ş. Gür, and E. Özcan, “Evaluation of the difficulties in the internet of things (IoT) with multi-criteria decision-making,” Processes, vol. 7, no. 3, p. 164, 2019.
View at: Publisher Site | Google Scholar
A. Hinduja and M. Pandey, “An ANP-GRA-based evaluation model for security features of IoT systems,” in Advances in Intelligent Systems and Computing,Intelligent Communication, Control and Devices, pp. 243–253, Springer, Berlin, Germany, 2020.
View at: Publisher Site | Google Scholar
I. Cvitić and M. Vujić, “Classification of security risks in the IoT environment,” Annals of DAAAM & Proceedings, vol. 26, no. 1, 2015.
View at: Google Scholar
J. Chen, Y. Lu, H. Wang, and C. Mao, “A quantitative assessment approach to COTS component security,” Mathematical Problems in Engineering, vol. 2013, Article ID 165029, 11 pages, 2013.
View at: Publisher Site | Google Scholar
J. I. Choi and K. R. B. Butler, “Secure multiparty computation and trusted hardware: examining adoption challenges and opportunities,” Security and Communication Networks, vol. 2019, Article ID 1368905, 28 pages, 2019.
View at: Publisher Site | Google Scholar
H. Zhang, Z. Cai, Q. Liu, Q. Xiao, Y. Li, and C. F. Cheang, “A survey on security-aware measurement in SDN,” Security and Communication Networks, vol. 2018, Article ID 2459154, 14 pages, 2018.
View at: Publisher Site | Google Scholar
X. Su, Z. Wang, X. Liu, C. Choi, and D. Choi, “Study to improve security for IoT smart device controller: drawbacks and countermeasures,” Security and Communication Networks, vol. 2018, Article ID 4296934, 14 pages, 2018.
View at: Publisher Site | Google Scholar
S. Zhang, X. Ou, and J. Homer, “Effective network vulnerability assessment through model abstraction,” in Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 17–34, Amsterdam, Netherlands, July 2011.
View at: Publisher Site | Google Scholar
P. Zech, M. Felderer, and R. Breu, “Knowledge-based security testing of web applications by logic programming,” International Journal on Software Tools for Technology Transfer, vol. 21, no. 2, pp. 221–246, 2019.
View at: Publisher Site | Google Scholar
C. Wijayarathna and N. A. G. Arachchilage, “Using cognitive dimensions to evaluate the usability of security APIs: an empirical investigation,” Information and Software Technology, vol. 115, pp. 5–19, 2019.
View at: Publisher Site | Google Scholar
R. Leszczyna, “Standards on cyber security assessment of smart grid,” International Journal of Critical Infrastructure Protection, vol. 22, pp. 70–89, 2018.
View at: Publisher Site | Google Scholar
O.-M. Latvala, J. Toivonen, A. Evesti, M. Sihvonen, and V. Jordan, “Security risk visualization with semantic risk model,” Procedia Computer Science, vol. 83, pp. 1194–1199, 2016.
View at: Publisher Site | Google Scholar
F. Munodawafa and A. I. Awad, “Security risk assessment within hybrid data centers: a case study of delay sensitive applications,” Journal of Information Security and Applications, vol. 43, pp. 61–72, 2018.
View at: Publisher Site | Google Scholar
N. Thompson, T. J. Mcgill, and X. Wang, ““Security begins at home”: determinants of home computer and mobile device security behavior,” Computers & Security, vol. 70, pp. 376–391, 2017.
View at: Publisher Site | Google Scholar
B. Robisson, M. Agoyan, P. Soquet et al., “Smart security management in secure devices,” Journal of Cryptographic Engineering, vol. 7, no. 1, pp. 47–61, 2017.
View at: Publisher Site | Google Scholar
F. Martín, E. Soriano, and J. M. Cañas, “Quantitative analysis of security in distributed robotic frameworks,” Robotics and Autonomous Systems, vol. 100, pp. 95–107, 2018.
View at: Publisher Site | Google Scholar
S. Ismail, E. Sitnikova, and J. Slay, “Towards developing scada systems security measures for critical infrastructures against cyber-terrorist attacks,” in Proceedings of the IFIP International Information Security Conference, pp. 242–249, Marrakech, Morocco, June 2014.
View at: Google Scholar
S. Wu, Y. Zhang, and W. Cao, “Network security assessment using a semantic reasoning and graph based approach,” Computers & Electrical Engineering, vol. 64, pp. 96–109, 2017.
View at: Publisher Site | Google Scholar
J. Almasizadeh and M. Abdollahi Azgomi, “Mean privacy: a metric for security of computer systems,” Computer Communications, vol. 52, pp. 47–59, 2014.
View at: Publisher Site | Google Scholar
M. Abadi, “Software security: a formal perspective,” in Proceedings of the International Symposium on Formal Methods, pp. 1–5, Paris, France, August 2012.
View at: Google Scholar
L. Krautsevich, F. Martinelli, and A. Yautsiukhin, “Formal analysis of security metrics and risk,” in Proceedings of the IFIP International Workshop on Information Security Theory and Practices, pp. 304–319, Crete, Greece, June 2011.
View at: Google Scholar
I. Kotenko and E. Novikova, “Vissecanalyzer: a visual analytics tool for network security assessment,” in Proceedings of the International Conference on Availability, Reliability, and Security, pp. 345–360, Regensburg, Germany, September 2013.
View at: Google Scholar
H.-K. Kim, W.-H. So, and S.-M. Je, “A big data framework for network security of small and medium enterprises for future computing,” The Journal of Supercomputing, vol. 75, no. 6, pp. 3334–3367, 2019.
View at: Publisher Site | Google Scholar
T. Ibrahim, S. M. Furnell, M. Papadaki, and N. L. Clarke, “Assessing the usability of end-user security software,” in Proceedings of the International Conference on Trust, Privacy and Security in Digital Business, pp. 177–189, Bilbao, Spain, August 2010.
View at: Publisher Site | Google Scholar
S. H. Houmb, I. Ray, I. Ray, and S. Chakraborty, “Trust-based security level evaluation using Bayesian belief networks,” in Transactions on Computational Science X, pp. 154–186, Springer, Berlin, Germany, 2010.
View at: Google Scholar
I. Garitano, S. Fayyad, and J. Noll, “Multi-metrics approach for security, privacy and dependability in embedded systems,” Wireless Personal Communications, vol. 81, no. 4, pp. 1359–1376, 2015.
View at: Publisher Site | Google Scholar
J.-B. Gao, B.-W. Zhang, X.-H. Chen, and Z. Luo, “Ontology-based model of network and computer attacks for security assessment,” Journal of Shanghai Jiaotong University (Science), vol. 18, no. 5, pp. 554–562, 2013.
View at: Publisher Site | Google Scholar
G. Elahi, E. Yu, and N. Zannone, “A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities,” Requirements Engineering, vol. 15, no. 1, pp. 41–62, 2010.
View at: Publisher Site | Google Scholar
M. L. Hale, K. Lotfy, R. F. Gamble, C. Walter, and J. Lin, “Developing a platform to evaluate and assess the security of wearable devices,” Digital Communications and Networks, vol. 5, no. 3, pp. 147–159, 2019.
View at: Publisher Site | Google Scholar
S. Crane and S. Pearson, “Security/trustworthiness assessment of platforms,” in Digital Privacy, pp. 457–483, Springer, Berlin, Germany, 2011.
View at: Google Scholar
M. Compastié, R. M. Badonnel, O. Festor, R. He, and M. Kassi-Lahlou, “Towards a software-defined security framework for supporting distributed cloud,” in Proceedings of the IFIP International Conference on Autonomous Infrastructure, Management and Security, pp. 47–61, Zurich, Switzerland, July 2017.
View at: Google Scholar
M. Chen, Y. Qian, S. Mao, W. Tang, and X. Yang, “Software-defined mobile networks security,” Mobile Networks and Applications, vol. 21, no. 5, pp. 729–743, 2016.
View at: Publisher Site | Google Scholar
O. Kussul, N. Kussul, and S. Skakun, “Assessing security threat scenarios for utility-based reputation model in grids,” Computers & Security, vol. 34, pp. 1–15, 2013.
View at: Publisher Site | Google Scholar
V. Casola, A. De Benedictis, A. Riccio, D. Rivera, W. Mallouli, and E. M. De Oca, “A security monitoring system for internet of things,” Internet of Things, vol. 7, p. 100080, 2019.
View at: Publisher Site | Google Scholar
A. V. Uzunov, E. B. Fernandez, and K. Falkner, “ASE: a comprehensive pattern-driven security methodology for distributed systems,” Computer Standards & Interfaces, vol. 41, pp. 112–137, 2015.
View at: Publisher Site | Google Scholar
A. M. Hoole, I. Traore, and I. Simplot-Ryl, “Application of contract-based security assertion monitoring framework for telecommunications software engineering,” Mathematical and Computer Modelling, vol. 53, no. 3-4, pp. 522–537, 2011.
View at: Publisher Site | Google Scholar
I. Sharafaldin, A. H. Lashkari, and A. A. Ghorbani, “An evaluation framework for network security visualizations,” Computers & Security, vol. 84, pp. 70–92, 2019.
View at: Publisher Site | Google Scholar
H. Mumtaz, M. Alshayeb, S. Mahmood, and M. Niazi, “An empirical study to improve software security through the application of code refactoring,” Information and Software Technology, vol. 96, pp. 112–125, 2018.
View at: Publisher Site | Google Scholar
A. K. Srivastava and S. Kumar, “An effective computational technique for taxonomic position of security vulnerability in software development,” Journal of Computational Science, vol. 25, pp. 388–396, 2018.
View at: Publisher Site | Google Scholar
G. Spanos and L. Angelis, “A multi-target approach to estimate software vulnerability characteristics and severity scores,” Journal of Systems and Software, vol. 146, pp. 152–166, 2018.
View at: Publisher Site | Google Scholar
M. Jouini, L. B. A. Rabai, and R. Khedri, “A multidimensional approach towards a quantitative assessment of security threats,” Procedia Computer Science, vol. 52, pp. 507–514, 2015.
View at: Publisher Site | Google Scholar
W. Wang, K. R. Mahakala, A. Gupta, N. Hussein, and Y. Wang, “A linear classifier based approach for identifying security requirements in open source software development,” Journal of Industrial Information Integration, vol. 14, pp. 34–40, 2019.
View at: Publisher Site | Google Scholar
A. Alebrahim and M. Heisel, “Towards developing secure software using problem-oriented security patterns,” in Proceedings of the International Conference on Availability, Reliability, and Security, pp. 45–62, Fribourg, Switzerland, September 2014.
View at: Publisher Site | Google Scholar
J. Bürger, D. Strüber, S. Gärtner, T. Ruhroth, J. Jürjens, and K. Schneider, “A framework for semi-automated co-evolution of security knowledge and system models,” Journal of Systems and Software, vol. 139, pp. 142–160, 2018.
View at: Publisher Site | Google Scholar
J. Davies, “Measuring subversions: security and legal risk in reused software artifacts,” in Proceedings of the 33rd International Conference on Software Engineering, pp. 1149–1151, Honolulu, HI, USA, April 2011.
View at: Publisher Site | Google Scholar
D. Macdonald, S. L. Clements, S. W. Patrick et al., “Cyber/physical security vulnerability assessment integration,” in Proceedings of the 2013 IEEE PES Innovative Smart Grid Technologies Conference (ISGT), pp. 1–6, Washington, DC, USA, February 2013.
View at: Publisher Site | Google Scholar
M. S. Kozlovszky, “Cloud security monitoring and vulnerability management,” in Critical Infrastructure Protection Research, pp. 123–139, Springer, Berlin, Germany, 2016.
View at: Google Scholar
S. Panasenko, “Evaluation of distributed security systems server modules peak workload,” in Proceedings of the 2013 International Conference on Anti-Counterfeiting, Security and Identification (ASID), pp. 1–4, Shanghai, China, October 2013.
View at: Publisher Site | Google Scholar
M. R. Razian and H. M. Sangchi, “A threatened-based software security evaluation method,” in Proceedings of the 2014 11th International ISC Conference on Information Security and Cryptology, pp. 120–125, Tehran, Iran, September 2014.
View at: Publisher Site | Google Scholar
P. Morrison, “A security practices evaluation framework,” in Proceedings of the 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, pp. 935–938, Florence, Italy, May 2015.
View at: Publisher Site | Google Scholar
J. Zhang, Q. Wu, R. Zheng, J. Zhu, M. Zhang, and R. Liu, “A security monitoring method based on autonomic computing for the cloud platform,” Journal of Electrical and Computer Engineering, vol. 2018, Article ID 8309450, 9 pages, 2018.
View at: Publisher Site | Google Scholar
B. Bordel, R. Alcarria, D. M. De Andres, and I. You, “Securing Internet-of-Things systems through implicit and explicit reputation models,” IEEE Access, vol. 6, pp. 47472–47488, 2018.
View at: Publisher Site | Google Scholar
F. Hategekimana, J. M. Mbongue, M. J. H. Pantho, and C. Bobda, “Inheriting software security policies within hardware IP components,” in Proceedings of the 2018 IEEE 26th Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM), pp. 53–56, Boulder, CO, USA, April 2018.
View at: Publisher Site | Google Scholar
I. Alsmadi and F. Mira, “Website security analysis: variation of detection methods and decisions,” in Proceedings of the 2018 21st Saudi Computer Society National Computer Conference (NCC), pp. 1–5, Riyadh, Saudi Arabia, April 2018.
View at: Publisher Site | Google Scholar
A. R. S. Farhan and G. M. M. Mostafa, “A methodology for enhancing software security during development processes,” in Proceedings of the 2018 21st Saudi Computer Society National Computer Conference (NCC), pp. 1–6, Riyadh, Saudi Arabia, April 2018.
View at: Publisher Site | Google Scholar
A. Wanniarachchi and C. Gamage, “RECSRF: novel technique to evaluate program security using dynamic disassembly of machine instructions,” in Proceedings of the 2019 21st International Conference on Advanced Communication Technology (ICACT), pp. 545–551, PyeongChang, South Korea, February 2019.
View at: Publisher Site | Google Scholar
B. Cruz, S. Gómez-Meire, D. Ruano-Ordás, H. Janicke, I. Yevseyeva, and J. R. Méndez, “A practical approach to protect IoT devices against attacks and compile security incident datasets,” Scientific Programming, vol. 2019, Article ID 9067512, 11 pages, 2019.
View at: Publisher Site | Google Scholar
M. Saito, A. Hazeyama, N. Yoshioka et al., “A case-based management system for secure software development using software security knowledge,” Procedia Computer Science, vol. 60, pp. 1092–1100, 2015.
View at: Publisher Site | Google Scholar
M. Ahmad, V. Costamagna, B. Crispo, F. Bergadano, and Y. Zhauniarovich, “StaDART: addressing the problem of dynamic code updates in the security analysis of android applications,” Journal of Systems and Software, vol. 159, p. 110386, 2020.
View at: Publisher Site | Google Scholar
S. M. Ghaffarian and H. R. Shahriari, “Software vulnerability analysis and discovery using machine-learning and data-mining techniques: a survey,” ACM Computing Surveys, vol. 50, no. 4, pp. 1–36, 2017.
View at: Publisher Site | Google Scholar
N. Schagen, K. Koning, H. Bos, and C. Giuffrida, “Towards automated vulnerability scanning of network servers,” in Proceedings of the 11th European Workshop on Systems Security, pp. 1–6, Porto, Portugal, April 2018.
View at: Publisher Site | Google Scholar
G. Spanos, L. Angelis, and D. Toloudis, “Assessment of vulnerability severity using text mining,” in Proceedings of the 21st Pan-Hellenic Conference on Informatics, pp. 1–6, Larissa, Greece, September 2017.
View at: Publisher Site | Google Scholar
P. Rotella, “Software security vulnerabilities: baselining and benchmarking,” in Proceedings of the 1st International Workshop on Security Awareness from Design to Deployment, pp. 3–10, Gothenburg, Sweden, June 2018.
View at: Publisher Site | Google Scholar
C. Fruehwirth, S. Biffl, A. Schatten, D. Winkler, and W. D. Sunindyo, “Quantitative software security measurement in an engineering service bus platform,” in Proceedings of the 2010 ACM-IEEE International Symposium on Empirical Software Engineering and Measurement, p. 1, Bozen, Italy, September 2010.
View at: Publisher Site | Google Scholar
L. Allodi, S. Banescu, H. Femmer, and K. Beckers, “Identifying relevant information cues for vulnerability assessment using CVSS,” in Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy, pp. 119–126, Tempe, AZ, USA, March 2018.
View at: Publisher Site | Google Scholar
N. H. Pham, T. T. Nguyen, H. A. Nguyen, X. Wang, A. T. Nguyen, and T. N. Nguyen, “Detecting recurring and similar software vulnerabilities,” in Proceedings of the 2010 ACM/IEEE 32nd International Conference on Software Engineering, pp. 227–230, Cape Town, South Africa, May 2010.
View at: Publisher Site | Google Scholar
S. E. Sahin and A. Tosun, “A conceptual replication on predicting the severity of software vulnerabilities,” in Proceedings of the Evaluation and Assessment on Software Engineering, pp. 244–250, Copenhagen, Denmark, April 2019.
View at: Publisher Site | Google Scholar
T. Casey, P. Koeberl, and C. Vishik, “Threat agents: a necessary component of threat analysis,” in Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research, pp. 1–4, Oak Ridge, TN, USA, April 2010.
View at: Publisher Site | Google Scholar
G. Grieco, G. L. Grinblat, L. Uzal, S. Rawat, J. Feist, and L. Mounier, “Toward large-scale vulnerability discovery using machine learning,” in Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy, pp. 85–96, New Orleans, LA, USA, March 2016.
View at: Publisher Site | Google Scholar
Y. Lu, K. Mitropoulos, R. Ostrovsky, A. Weinstock, and V. Zikas, “Cryptographically secure detection of injection attacks,” in Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 2240–2242, Toronto, Canada, October 2018.
View at: Publisher Site | Google Scholar
S. Hameed, F. I. Khan, and B. Hameed, “Understanding security requirements and challenges in Internet of Things (IoT): a review,” Journal of Computer Networks and Communications, vol. 2019, no. 11, pp. 1–14, 2019.
View at: Publisher Site | Google Scholar
A. Evesti and E. Ovaska, “Comparison of adaptive information security approaches,” International Scholarly Research Notices, vol. 2013, Article ID 482949, 18 pages, 2013.
View at: Publisher Site | Google Scholar
W. Shang, T. Gong, C. Chen, J. Hou, and P. Zeng, “Information security risk assessment method for ship control system based on fuzzy sets and attack trees,” Security and Communication Networks, vol. 2019, Article ID 3574675, 11 pages, 2019.
View at: Publisher Site | Google Scholar
J. Xu and D. Feng, “Identification of ICS security risks toward the analysis of packet interaction characteristics using state sequence matching based on SF-FSM,” Security and Communication Networks, vol. 2017, Article ID 2430835, 17 pages, 2017.
View at: Publisher Site | Google Scholar
G. Wangen, C. Hallstensen, and E. Snekkenes, “A framework for estimating information security risk assessment method completeness,” International Journal of Information Security, vol. 17, no. 6, pp. 681–699, 2018.
View at: Publisher Site | Google Scholar
S. Moshtari, A. Sami, and M. Azimi, “Using complexity metrics to improve software security,” Computer Fraud & Security, vol. 2013, no. 5, pp. 8–17, 2013.
View at: Publisher Site | Google Scholar
M. A. V. Staalduinen, F. Khan, and V. Gadag, “SVAPP methodology: a predictive security vulnerability assessment modeling method,” Journal of Loss Prevention in the Process Industries, vol. 43, pp. 397–413, 2016.
View at: Publisher Site | Google Scholar
H. Suleiman and D. Svetinovic, “Evaluating the effectiveness of the security quality requirements engineering (SQUARE) method: a case study using smart grid advanced metering infrastructure,” Requirements Engineering, vol. 18, no. 3, pp. 251–279, 2013.
View at: Publisher Site | Google Scholar
Y. Kim, J. Nam, T. Park, S. Scott-Hayward, and S. Shin, “SODA: a software-defined security framework for IoT environments,” Computer Networks, vol. 163, p. 106889, 2019.
View at: Publisher Site | Google Scholar
H. Maziku, S. Shetty, and D. M. Nicol, “Security risk assessment for SDN-enabled smart grids,” Computer Communications, vol. 133, pp. 1–11, 2019.
View at: Publisher Site | Google Scholar
W. Yang, J. Li, Y. Zhang, and D. Gu, “Security analysis of third-party in-app payment in mobile applications,” Journal of Information Security and Applications, vol. 48, p. 102358, 2019.
View at: Publisher Site | Google Scholar
S. Banescu, M. Ochoa, and A. Pretschner, “A framework for measuring software obfuscation resilience against automated attacks,” in Proceedings of the 2015 IEEE/ACM 1st International Workshop on Software Protection, pp. 45–51, Florence, Italy, May 2015.
View at: Publisher Site | Google Scholar
B. Chernis and R. Verma, “Machine learning methods for software vulnerability detection,” in Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics, pp. 31–39, Tempe, AZ, USA, March 2018.
View at: Google Scholar
S. Ouchani and M. Debbabi, “Specification, verification, and quantification of security in model-based systems,” Computing, vol. 97, no. 7, pp. 691–711, 2015.
View at: Publisher Site | Google Scholar
M. Elsayed and M. Zulkernine, “Offering security diagnosis as a service for cloud SaaS applications,” Journal of Information Security and Applications, vol. 44, pp. 32–48, 2019.
View at: Publisher Site | Google Scholar
C. Bodei, S. Chessa, and L. Galletta, “Measuring security in IoT communications,” Theoretical Computer Science, vol. 764, pp. 100–124, 2019.
View at: Publisher Site | Google Scholar
M. Ge, J. B. Hong, W. Guttmann, and D. S. Kim, “A framework for automating security analysis of the internet of things,” Journal of Network and Computer Applications, vol. 83, pp. 12–27, 2017.
View at: Publisher Site | Google Scholar
J. H. Lee and S. J. Kim, “Analysis and security evaluation of security threat on broadcasting service,” Wireless Personal Communications, vol. 95, no. 4, pp. 4149–4169, 2017.
View at: Publisher Site | Google Scholar
J. Jürjens, K. Schneider, J. Bürger et al., “Maintaining security in software evolution,” in Managed Software Evolution, pp. 207–253, Springer, Cham, Switzerland, 2019.
View at: Google Scholar
D. Gupta, K. Chatterjee, and S. Jaiswal, “A framework for security testing,” in Proceedings of the International Conference on Computational Science and Its Applications, pp. 187–198, Cagliari, Italy, July 2013.
View at: Google Scholar
A. Goldstein and U. Frank, “Components of a multi-perspective modeling method for designing and managing IT security systems,” Information Systems and E-Business Management, vol. 14, no. 1, pp. 101–140, 2016.
View at: Publisher Site | Google Scholar
V. Desnitsky and I. Kotenko, “Expert knowledge based design and verification of secure systems with embedded devices,” in Proceedings of the International Conference on Availability, Reliability, and Security, pp. 194–210, Fribourg, Switzerland, September 2014.
View at: Google Scholar
M. Cheah, S. A. Shaikh, J. Bryans, and P. Wooderson, “Building an automotive security assurance case using systematic security evaluations,” Computers & Security, vol. 77, pp. 360–379, 2018.
View at: Publisher Site | Google Scholar
K. Beckers, I. Côté, S. Faßbender, M. Heisel, and S. Hofbauer, “A pattern-based method for establishing a cloud-specific information security management system,” Requirements Engineering, vol. 18, no. 4, pp. 343–395, 2013.
View at: Publisher Site | Google Scholar
S. Y. Enoch, M. Ge, J. B. Hong, H. Alzaid, and D. S. Kim, “A systematic evaluation of cybersecurity metrics for dynamic networks,” Computer Networks, vol. 144, pp. 216–229, 2018.
View at: Publisher Site | Google Scholar
J. Almasizadeh and M. A. Azgomi, “A stochastic model of attack process for the evaluation of security metrics,” Computer Networks, vol. 57, no. 10, pp. 2159–2180, 2013.
View at: Publisher Site | Google Scholar
R. A. Oliveira, N. Laranjeiro, and M. Vieira, “Assessing the security of web service frameworks against Denial of service attacks,” Journal of Systems and Software, vol. 109, pp. 18–31, 2015.
View at: Publisher Site | Google Scholar
A. R. Sai, J. Buckley, and A. Le Gear, “Assessing the security implication of Bitcoin exchange rates,” Computers & Security, vol. 86, pp. 206–222, 2019.
View at: Publisher Site | Google Scholar
M. Hussain, A. Al-Haiqi, A. A. Zaidan et al., “A security framework for mHealth apps on Android platform,” Computers & Security, vol. 75, pp. 191–217, 2018.
View at: Publisher Site | Google Scholar
G. Sciarretta, R. Carbone, S. Ranise, and A. Armando, “Anatomy of the facebook solution for mobile single sign-on: security assessment and improvements,” Computers & Security, vol. 71, pp. 71–86, 2017.
View at: Publisher Site | Google Scholar
M. S. Ahmed, E. Al-Shaer, M. Taibah, and L. Khan, “Objective risk evaluation for automated security management,” Journal of Network and Systems Management, vol. 19, no. 3, pp. 343–366, 2011.
View at: Publisher Site | Google Scholar
Z. Yan and C. Prehofer, “Autonomic trust management for a component-based software system,” IEEE Transactions on Dependable and Secure Computing, vol. 8, no. 6, pp. 810–823, 2010.
View at: Publisher Site | Google Scholar
H. H. Albreiki and Q. H. Mahmoud, “Evaluation of static analysis tools for software security,” in Proceedings of the 2014 10th International Conference on Innovations in Information Technology (IIT), pp. 93–98, Al Ain, UAE, November 2014.
View at: Publisher Site | Google Scholar
M. L. Hale, D. Ellis, R. Gamble, C. Waler, and J. Lin, “Secu Wear: an open source, multi-component hardware/software platform for exploring wearable security,” in Proceedings of the 2015 IEEE International Conference on Mobile Services, pp. 97–104, New York, NY, USA, June 2015.
View at: Publisher Site | Google Scholar
R. Al-Jaljouli, J. Abawajy, M. M. Hassan, and A. Alelaiwi, “Secure multi-attribute one-to-many bilateral negotiation framework for e-commerce,” IEEE Transactions on Services Computing, vol. 11, no. 2, pp. 415–429, 2016.
View at: Publisher Site | Google Scholar
B. Potteiger, W. Emfinger, H. Neema, X. Koutosukos, C. Tang, and K. Stouffer, “Evaluating the effects of cyber-attacks on cyber physical systems using a hardware-in-the-loop simulation testbed,” in Proceedings of the 2017 Resilience Week (RWS), pp. 177–183, Wilmington, DE, USA, September 2017.
View at: Publisher Site | Google Scholar
K.-O. Detken, M. Jahnke, T. Rix, and A. Rein, “Software-design for internal security checks with dynamic integrity measurement (DIM),” in Proceedings of the 2017 9th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), pp. 367–373, September 2017, Bucharest, Romania.
View at: Publisher Site | Google Scholar
D. Migault, M. A. Simplicio, B. M. Barros et al., “A framework for enabling security services collaboration across multiple domains,” in Proceedings of the 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), pp. 999–1010, Atlanta, GA, USA, June 2017.
View at: Publisher Site | Google Scholar
R. Bloomfield, K. Netkachova, and R. Stroud, “Security-informed safety: if it’s not secure, it’s not safe,” in Proceedings of the International Workshop on Software Engineering for Resilient Systems, pp. 17–32, Kiev, Ukraine, October 2013.
View at: Publisher Site | Google Scholar
D. W. Chadwick, W. Fan, G. Costantino et al., “A cloud-edge based data security architecture for sharing and analysing cyber threat information,” Future Generation Computer Systems, vol. 102, pp. 710–722, 2020.
View at: Publisher Site | Google Scholar
P. Doty, “U.S. homeland security and risk assessment,” Government Information Quarterly, vol. 32, no. 3, pp. 342–352, 2015.
View at: Publisher Site | Google Scholar
N. H. Pham, T. T. Nguyen, H. A. Nguyen, and T. N. Nguyen, “Detection of recurring software vulnerabilities,” in Proceedings of the IEEE/ACM International Conference on Automated Software Engineering, pp. 447–456, Antwerp, Belgium, September 2010.
View at: Publisher Site | Google Scholar
K. Oishi and T. Matsumoto, “Self destructive tamper response for software protection,” in Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, pp. 490–496, Hong Kong, China, March 2011.
View at: Publisher Site | Google Scholar
S. Zhang, X. Meng, L. Wang, L. Xu, and X. Han, “Secure virtualization environment based on advanced memory introspection,” Security and Communication Networks, vol. 2018, Article ID 9410278, 16 pages, 2018.
View at: Publisher Site | Google Scholar
H. Jo, J. Nam, and S. Shin, “NOSArmor: building a secure network operating system,” Security and Communication Networks, vol. 2018, Article ID 9178425, 14 pages, 2018.
View at: Publisher Site | Google Scholar
Z. Xu, B. Chen, M. Chandramohan, Y. Liu, and F. Song, “Spain: security patch analysis for binaries towards understanding the pain and pills,” in Proceedings of the 2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE), pp. 462–472, Buenos Aires, Argentina, May 2017.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2021 Zitian Liao et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

1372

Downloads

1085

Citations