- Home
- Revised Program
- Pictures
- Registration
- Call for Papers
- SW Testing Contest
- Important Dates
- Submission
- Twitter/FAQ
- Proceedings
- T-Rel Special Section
- Tutorials
- IoT Workshop
- Industry Track
- Best Paper Award
- Committee
- Workshops
- PC Login
- About Prague
- Conference Venue
- Hotel Reservation
- Visa Information
- General Inquiries
- Previous Conferences
NIST, Gaithersburg, USA
NIST, Gaithersburg, USA
Date
July 25 (Tuesday)
Duration
13:30 - 17:00 (Half-day)
Abstract
The Bugs Framework (BF) organizes software weaknesses (bugs) into distinct classes, such as buffer overflow (BOF), injection (INJ), faulty operation (FOP), and control of interaction frequency (CIF). Each BF class has an accurate and precise definition and comprises: • Attributes that identify the software fault; • Causes that bring about the fault; • Consequences the fault could lead to; • Sites in code where the fault might occur.
Through a “hands-on” approach the attendees will be able to analyze definitions and (static) attributes of bugs’ classes, along with their related dynamic properties, such as proximate, secondary and tertiary causes, consequences and sites. The focus will be on at least three of the developed BF classes, as well as on examples of applying the BF taxonomy to describe vulnerabilities such as Heartbleed, Ghost and Yoggie Pico. The audience will be involved in the development of at least one new BF class and in discussions about the benefits of BF and related future research opportunities. The organizers are the BF Principal Investigators and are proposing this tutorial as a way to share expertize with related communities such as the QRS community.
About the Speakers
Irena Bojanova is a computer scientist at NIST and the BF
Project Lead. Previously she was a program chair at UMUC, an academic director
at JHU-CTY, and a co-founder of OBS Ltd. (now CSC Bulgaria). She earned her
Ph.D. in Mathematics/Computer Science from the Bulgarian Academy of Sciences
in 1991. Irena serves on the IEEE CS Publications Board, AEIC of IEEE IT
Professional, co-chair of IEEE RS IoT TC and founding member of IEEE TSC on
Big Data. Irena was the founding chair of IEEE CS Cloud Computing STC and
EIC of IEEE Transactions on Cloud Computing. She writes cloud and IoT blogs
for IEEE CS Computing Now.
Paul E. Black has nearly 20 years of industrial experience in developing
software for IC design and verification, assuring software quality, and
managing business data processing. He is the founder and editor of the
Dictionary of Algorithms and Data Structures
http://www.nist.gov/dads/.
Black earned a Ph.D. from Brigham Young University in 1998. He taught
classes at Brigham Young University and Johns Hopkins University. He has
published in static analysis, software testing, networks and queuing
analysis, formal methods, software verification, quantum computing, and
computer forensics. He is a member of ACM and a senior member of IEEE.
Intended Audience
Computer Science and Cybersecurity students, educators and professionals.
[Back]
