Horia V. Corcalciuc scite author profile

Software classifications have been created with the purpose of keeping track of attack patterns as well as providing a history of incidents for software packages. This article focuses on one single class of such attacks, conventionally known as "Time and State" attacks. We offer a method of analyzing the anatomy of such attacks by reasoning about vulnerabilities using "swimlane" diagrams annotated with some semantics of concurrent programming, such as the notions of traces and stability. We summarize our conclusions with a taxonomy based on abstraction layers, implying thereby some form of tree hierarchy where vulnerabilities inherit properties from the upper layers and share code-level flaws on the lower layers. This approach allows us to classify attacks by what they share in common, which is different from other classification attempts.

show abstract

A Taxonomy Built on Layers of Abstraction for Time and State Vulnerabilities

Corcalciuc

2013

View full text Add to dashboard Cite

Software classifications have been created before with the purpose of keeping track of attack patterns as well as providing a history for the various vulnerable software packages. This article focuses on one single class of such attacks, conventionally known as “Time and State” attacks. The authors offer a more fine-grained analysis of the anatomy of such attacks. They reason about vulnerabilities by using “swimlane” diagrams which are loosely derived from UML diagrams, annotated with semantics of concurrent programming, such as the notions of traces and stability. The authors offer a taxonomy based on abstraction layers, implying thereby some form of tree hierarchy where vulnerabilities inherit properties from the upper abstract layers and share code-level flaws on the lower layers. That allows them to classify attacks by what they share in common, which is a different approach than other related classification attempts.

show abstract

Low-Level Control-Flow Manipulation Techniques

Corcalciuc

2018

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.