Inlämning av Examensarbete / Submission of Thesis

Daniel Persson; Dejan Baca MCS-2004:13, pp. 20. TEK/avd. för interaktion och systemdesign, 2004.

The work

Författare / Author: Daniel Persson, Dejan Baca
daniel@dp.nu, me@dejan.se
Titel / Title: Software Security Analysis - Managing source code audit
Abstrakt Abstract:

Software users have become more conscious of security. More people have access to Internet and huge databases of security exploits. To make secure products, software developers must acknowledge this threat and take action. A first step is to perform a software security analysis. The software security analysis was performed using automatic
auditing tools. An experimental environment was constructed to check if the findings were exploitable or not. Open source projects were used as reference to learn what patterns to search for. The results of the investigation show the differences in the automatic auditing tools used. Common types of security threats found in the product have been presented. Four different types of software security exploits have also been presented. The discussion
presents the effectiveness of the automatic tools for auditing software. A comparison between the security in the examined product and the open source project Apache is presented. Furthermore, the incorporation of the software security analysis into the development process, and the results and cost of the security analysis is discussed. Finally some conclusions were drawn.

Ämnesord / Subject: Datavetenskap - Computer Science\Electronic Security
Datavetenskap - Computer Science\Software Engineering
Datavetenskap - Computer Science\General
Nyckelord / Keywords: Software security, audit, exploit, closed source, open source, buffer overflow

Publication info

Dokument id / Document id:
Program:/ Programme Magisterprogram Datavetenskap, 40 poäng/Master programme Computer Science
Registreringsdatum / Date of registration: 09/16/2004
Uppsatstyp / Type of thesis: D-Uppsats/Magister/Master

Context

Handledare / Supervisor: Bengt Carlsson, Perolof Bengtsson
bengt.carlsson@bth.se
Examinator / Examiner: Rune Gustavsson
Organisation / Organisation: Blekinge Institute of Technology
Institution / School: TEK/avd. för interaktion och systemdesign
S-372 25 Ronneby
+46 455 38 50 00
I samarbete med / In co-operation with: Ericsson AB

Files & Access

Bifogad uppsats fil(er) / Files attached: mcs-2004-13.pdf (384 kB, öppnas i nytt fönster)