Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptography Classes in Bugs Framework (BF): Encryption Bugs (ENC), Verification Bugs (VRF), and Key Management Bugs (KMN)

Published

Author(s)

Irena Bojanova, Paul E. Black, Yaacov Yesha

Abstract

Abstract—Accurate, precise, and unambiguous definitions of software weaknesses (bugs) and clear descriptions of software vulnerabilities are vital for building the foundations of cybersecurity. The Bugs Framework (BF) comprises rigorous definitions and (static) attributes of bug classes, along with their related dynamic properties, such as proximate, secondary and tertiary causes, consequences, and sites. This paper presents an overview of previously developed BF classes and the new cryptography related classes: encryption bugs (ENC), verification bugs (VRF), and key management bugs (KMN). We analyze corresponding vulnerabilities and provide their clear descriptions by applying the BF taxonomy. Finally, we discuss the lessons learned and share our plans for developing next BF classes.
Proceedings Title
2017 IEEE 28th Annual Software Technology Conference (STC)
Conference Dates
September 25-28, 2017
Conference Location
Gaithersburg, MD, US

Keywords

software weaknesses, bug taxonomy, attacks

Citation

Bojanova, I. , Black, P. and Yesha, Y. (2017), Cryptography Classes in Bugs Framework (BF): Encryption Bugs (ENC), Verification Bugs (VRF), and Key Management Bugs (KMN), 2017 IEEE 28th Annual Software Technology Conference (STC), Gaithersburg, MD, US, [online], https://doi.org/10.1109/STC.2017.8234453, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=923663 (Accessed April 18, 2024)
Created December 25, 2017, Updated November 17, 2021