Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


Search Publications by

Irena Bojanova (Fed)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 1 - 13 of 13

Input/Output Check Bugs Taxonomy: Injection Errors in Spotlight

November 17, 2021
Irena Bojanova, Carlos Galhardo, Sara Moshtari
In this work, we present an orthogonal classification of input/output check bugs, allowing precise structured descriptions of related software vulnerabilities. We utilize the Bugs Framework (BF) approach to define two language-independent classes that

Classifying Memory Bugs Using Bugs Framework Approach

September 9, 2021
Irena Bojanova, Carlos Galhardo
In this work, we present an orthogonal classification of memory corruption bugs, allowing precise structured descriptions of related software vulnerabilities. The Common Weakness Enumeration (CWE) is a well-known and used list of software weaknesses

A Decade of Reoccurring Software Weaknesses

June 24, 2021
Assane Gueye, Carlos Galhardo, Irena Bojanova, Peter Mell
The Common Weakness Enumeration (CWE) community publishes an aggregate metric to calculate the 'Most Dangerous Software Errors.' However, the used equation highly biases frequency and almost ignores exploitability and impact. We provide a metric to

Measurements of the Most Significant Software Security Weaknesses

December 7, 2020
Carlos E. Cardoso Galhardo, Peter Mell, Irena Bojanova, Assane Gueye
In this work, we provide a metric to calculate the most significant software security weaknesses as defined by an aggregate metric of the frequency, exploitability, and impact of related vulnerabilities. The Common Weakness Enumeration (CWE) is a well

Information Exposure (IEX): A New Class in the Bugs Framework (BF)

July 9, 2019
Irena Bojanova, Yaacov Yesha, Paul E. Black, Yan Wu
Exposure of sensitive information can be harmful on its own and in addition could enable further attacks. A rigorous and unambiguous definition of information exposure faults can help researchers and practitioners identify them, thus avoiding security

Defeating Buffer Overflow: One of the Most Trivial and Dangerous Bugs of All!

October 31, 2016
Paul E. Black, Irena Bojanova
The C programming language was invented over 40 years ago. It is infamous for buffer overflows. We have learned a lot about computer science, language design, and software engineering since then. As it is unlikely that we will stop using C any time soon

The Bugs Framework (BF): A Structured Approach to Express Bugs

October 13, 2016
Irena Bojanova, Paul E. Black, Yaacov Yesha, Yan Wu
To achieve higher levels of assurance for digital systems, we need to answer questions such as, does this software have bugs of these critical classes? Do these two tools generally find the same set of bugs, or different, complimentary sets? Can we

Guest Editors’ Introduction: Cybersecurity or Privacy

September 1, 2016
Irena V. Bojanova, Jeffrey M. Voas
Cybersecurity is a major concern. Governments’, industry, and even hospitals’ IT infrastructure is being penetrated with increasing frequency and sophistication. The growth of mobile and IoT devices and amateur software only add to that. But, privacy is

Learning Internet of Things Security "Hands-on"

February 3, 2016
Constantinos Kolias, Angelos Stavrou, Jeff Voas, Irena Bojanova, D. Richard Kuhn
Our research began from asking whether there is a science behind the Internet of Things (IoT). We started from zero knowledge and no bias. The results of that work determined that indeed there is a science, but it is a science of numerous actors, that when

Cyber-Physical Social Systems: Getting People into the Loop

January 1, 2016
Sulayman Sowe, Eric D. Simmon, Koji Zettsu, Frederic J. de Vaulx, Irena Bojanova
This paper outlines the need to effectively integrate people into the design of a new generation of Cyber-Physical Social Systems (CPSS) and proposes a Human Service Capability Description Model to do it.

Towards a “Periodic Table” of Bugs

June 19, 2015
Paul E. Black, Irena V. Bojanova, Yaacov Yesha, Yan Wu
High-confidence systems must not be vulnerable to attacks that reduce the security, reliability, or availability of the system as a whole. One collection of vulnerabilities is the Common Weakness Enumeration (CWE). It represents a considerable community