Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Irena Bojanova (Fed)

Displaying 26 - 46 of 46

Measurements of the Most Significant Software Security Weaknesses

December 6, 2020

Author(s)

Carlos E. Cardoso Galhardo, Peter Mell, Irena Bojanova, Assane Gueye

In this work, we provide a metric to calculate the most significant software security weaknesses as defined by an aggregate metric of the frequency, exploitability, and impact of related vulnerabilities. The Common Weakness Enumeration (CWE) is a well

Information Exposure (IEX): A New Class in the Bugs Framework (BF)

July 9, 2019

Author(s)

Irena Bojanova, Yaacov Yesha, Paul E. Black, Yan Wu

Exposure of sensitive information can be harmful on its own and in addition could enable further attacks. A rigorous and unambiguous definition of information exposure faults can help researchers and practitioners identify them, thus avoiding security

Randomness Classes in Bugs Framework (BF): True-Random Number Bugs (TRN) and Pseudo-Random Number Bugs (PRN)

July 22, 2018

Author(s)

Irena Bojanova, Yaacov Yesha, Paul E. Black

Random number generators may have weaknesses (bugs) and the applications using them may become vulnerable to attacks. Formalization of randomness bugs would help researchers and practitioners identify them and avoid security failures. The Bugs Framework

Cryptography Classes in Bugs Framework (BF): Encryption Bugs (ENC), Verification Bugs (VRF), and Key Management Bugs (KMN)

December 25, 2017

Author(s)

Irena Bojanova, Paul E. Black, Yaacov Yesha

Abstract—Accurate, precise, and unambiguous definitions of software weaknesses (bugs) and clear descriptions of software vulnerabilities are vital for building the foundations of cybersecurity. The Bugs Framework (BF) comprises rigorous definitions and

Defeating Buffer Overflow: One of the Most Trivial and Dangerous Bugs of All!

October 31, 2016

Author(s)

Paul E. Black, Irena Bojanova

The C programming language was invented over 40 years ago. It is infamous for buffer overflows. We have learned a lot about computer science, language design, and software engineering since then. As it is unlikely that we will stop using C any time soon

The Bugs Framework (BF): A Structured Approach to Express Bugs

October 13, 2016

Author(s)

Irena Bojanova, Paul E. Black, Yaacov Yesha, Yan Wu

To achieve higher levels of assurance for digital systems, we need to answer questions such as, does this software have bugs of these critical classes? Do these two tools generally find the same set of bugs, or different, complimentary sets? Can we

Guest Editors Introduction: Cybersecurity or Privacy

September 1, 2016

Author(s)

Irena V. Bojanova, Jeffrey M. Voas

Cybersecurity is a major concern. Governments, industry, and even hospitals IT infrastructure is being penetrated with increasing frequency and sophistication. The growth of mobile and IoT devices and amateur software only add to that. But, privacy is

Learning Internet of Things Security "Hands-on"

February 3, 2016

Author(s)

Constantinos Kolias, Angelos Stavrou, Jeff Voas, Irena Bojanova, D. Richard Kuhn

Our research began from asking whether there is a science behind the Internet of Things (IoT). We started from zero knowledge and no bias. The results of that work determined that indeed there is a science, but it is a science of numerous actors, that when

Cyber-Physical Social Systems: Getting People into the Loop

January 1, 2016

Author(s)

Sulayman Sowe, Eric D. Simmon, Koji Zettsu, Frederic J. de Vaulx, Irena Bojanova

This paper outlines the need to effectively integrate people into the design of a new generation of Cyber-Physical Social Systems (CPSS) and proposes a Human Service Capability Description Model to do it.

Towards a Periodic Table of Bugs

June 19, 2015

Author(s)

Paul E. Black, Irena V. Bojanova, Yaacov Yesha, Yan Wu

High-confidence systems must not be vulnerable to attacks that reduce the security, reliability, or availability of the system as a whole. One collection of vulnerabilities is the Common Weakness Enumeration (CWE). It represents a considerable community

Towards a "Periodic Table" of Bugs

April 8, 2015

Author(s)

Irena Bojanova

Our vision for a "periodic table" of bugs is a "natural" organization of a catalog or dictionary or taxonomy to describe software weaknesses and vulnerabilities. Such an organization will help the community to: a) more closely explain the nature of

Formalizing Software Bugs

December 8, 2014

Author(s)

Irena Bojanova

Knowing what makes a software systems vulnerable to attacks is critical, as software vulnerabilities hurt security, reliability, and availability of the system as a whole. In addition, understanding how an adversary operates is essential to effective cyber