A Study on Latent Vulnerabilities

Beng Heng Ng; Xin Hu; Atul Prakash

doi:10.1109/SRDS.2010.47

S
SRDS
2010
2010 29th IEEE Symposium on Reliable Distributed Systems
Abstract - A Study on Latent Vulnerabilities

	This Article
	Subscribers, please Login Purchase article: $19 PDF RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Beng Heng Ng Articles by Xin Hu Articles by Atul Prakash

2010 29th IEEE Symposium on Reliable Distributed Systems

A Study on Latent Vulnerabilities

New Delhi, Punjab India

October 31-November 03

ISBN: 978-0-7695-4250-8

	ASCII Text	x
	Beng Heng Ng, Xin Hu, Atul Prakash, "A Study on Latent Vulnerabilities," Reliable Distributed Systems, IEEE Symposium on, pp. 333-337, 2010 29th IEEE Symposium on Reliable Distributed Systems, 2010.

	BibTex	x
	@article{ 10.1109/SRDS.2010.47, author = {Beng Heng Ng and Xin Hu and Atul Prakash}, title = {A Study on Latent Vulnerabilities}, journal ={Reliable Distributed Systems, IEEE Symposium on}, volume = {0}, year = {2010}, issn = {1060-9857}, pages = {333-337}, doi = {http://doi.ieeecomputersociety.org/10.1109/SRDS.2010.47}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Reliable Distributed Systems, IEEE Symposium on TI - A Study on Latent Vulnerabilities SN - 1060-9857 SP333 EP337 A1 - Beng Heng Ng, A1 - Xin Hu, A1 - Atul Prakash, PY - 2010 KW - computer security KW - software safety KW - software protection KW - software reliability KW - software libraries VL - 0 JA - Reliable Distributed Systems, IEEE Symposium on ER -

Beng Heng Ng

Xin Hu

Atul Prakash

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SRDS.2010.47

Software code reuse has long been touted as a reliable and efficient software development paradigm. Whilst this practice has numerous benefits, it is inherently susceptible to latent vulnerabilities. Source code which is re-used without being patched for various reasons may result in vulnerable binaries, despite the vulnerabilities being made publicly known. To aggravate matters, crackers have access to information on these vulnerabilities as well. Defenders need to ensure all loopholes are patched, while attackers need just one such loophole. In this work, we define latent vulnerabilities, and study the prevalence of the problem. This provides us the motivation, and an insight into the future work to be done in solving the problem. Our results show that unpatched source files which are more than one year old are commonly used in the latest operating systems. In fact, several of these files are more than ten years old. We explore the premises of using symbols in identifying binaries and conclude that they are insufficient in solving the problem. Additionally, we discuss two possible approaches to solve the problem.

Index Terms:

computer security, software safety, software protection, software reliability, software libraries

Citation:

Beng Heng Ng, Xin Hu, Atul Prakash, "A Study on Latent Vulnerabilities," srds, pp.333-337, 2010 29th IEEE Symposium on Reliable Distributed Systems, 2010

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.