Benjamin D. Rodes scite author profile

Benjamin D. Rodes

5Publications

28Citation Statements Received

18Citation Statements Given

How they've been cited

How they cite others

Affiliations

Dependable Computing (United States), University of Virginia, James Madison University

Publications

Order By: Most citations

A security metric based on security arguments

Rodes

Knight

Wasson

2014

View full text Add to dashboard Cite

Software security metrics that facilitate decision making at the enterprise design and operations levels are a topic of active research and debate. These metrics are desirable to support deployment decisions, upgrade decisions, and so on; however, no single metric or set of metrics is known to provide universally effective and appropriate measurements. Instead, engineers must choose, for each software system, what to measure, how and how much to measure, and must be able to justify the rationale for how these measurements are mapped to stakeholder security goals. An assurance argument for security (i.e., a security argument) provides comprehensive documentation of all evidence and rationales for justifying belief in a security claim about a software system. In this work, we motivate the need for security arguments to facilitate meaningful and comprehensive security metrics, and present a novel framework for assessing security arguments to generate and interpret security metrics.

show abstract

SpeAR v2.0: Formalized Past LTL Specification and Analysis of Requirements

Fifarek

Wagner

Hoffman

et al. 2017

View full text Add to dashboard Cite

Defense against Stack-Based Attacks Using Speculative Stack Layout Transformation

Rodes

Nguyen-Tuong

Hiser

et al. 2013

View full text Add to dashboard Cite

Security analysis of a fingerprint-protected USB drive

Rodes

Wang

2010

View full text Add to dashboard Cite

Fingerprint-protected Universal Serial Bus (USB) drives have seen increasing deployment recently to protect mobile data. Compared to regular USB drives, a fingerprint-protected USB drive has an integrated optical scanner and a private partition/drive (for example, drive G: on MS Windows), which is not accessible before a successful fingerprint authentication.This paper studies the security of a representative fingerprintprotected USB drive called AliceFDrive. Our results are twofold. First, through black-box reverse engineering and manipulation of binary code in a DLL, we bypassed AliceFDrive's fingerprint authentication and accessed the private drive without actually presenting a valid fingerprint. This authentication bypass is a class attack in that the modified DLL can be distributed to any naive users to bypass AliceFDrive's fingerprint authentication.Second, in our security analysis of AliceFDrive, we developed a program to automatically recover fingerprint reference templates from AliceFDrive, which may make AliceFDrive worse than a regular USB drive: when Alice loses her fingerprint-protected USB drive, she does not only lose her data, she also loses her good-quality fingerprints, which are hard to recover as Alice's fingerprints do not change much over a long period of time.

show abstract

A Proof Infrastructure for Binary Programs

Hocking

Rodes

Knight

et al. 2016

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Benjamin D. Rodes

A security metric based on security arguments

SpeAR v2.0: Formalized Past LTL Specification and Analysis of Requirements

Defense against Stack-Based Attacks Using Speculative Stack Layout Transformation

Security analysis of a fingerprint-protected USB drive

A Proof Infrastructure for Binary Programs

Contact Info

Product

Resources

About