This paper presents results from analyzing the vulnerability of security-critical software applications to malicious threats and anomalous events using an automated fault injection analysis approach. The work is based on the well-understood premise that a large proportion of security violations result from errors in software source code and configuration. The methodology employs software fault injection to force anomalous program states during the execution of software and observes their corresponding effects on system security. If insecure behavior is detected, the perturbed location that resulted in the violation is isolated for further analysis and possibly retrofitting with fault-tolerant mechanisms.
展开▼