Torbit: Design of an open source security flaw measurement suite

Article type: Research Article

Authors: Fourney, Robert S.^{; *} | Hanson, Austin D.

Affiliations: Department of Electrical Engineering and Computer Science, HH 215, Box 2220, South Dakota State University, Brookings, SD 57007, USA

Correspondence: [*] Corresponding author. Tel.: +1 605 688 4016; Fax: +1 605 688 4401; E-mail: [email protected].

Abstract: We present our experience in developing an open source tool for the measurement of security flaws. Since security flaws result from the unauthorized flow of information, our tool shows how these flaws can be measured and compared based on the amount of information that flows, how “far” it flows, and the value of the information. Flaws can then be compared and careful security testers can maximize the amount of security for a limited set of resources. The development of a tool to partially automate this process will prove to be an asset to the open source community in that the “many eyes” can be directed and these resources prioritized in order to patch flaws in the most efficient manner and minimize downtime and risk.

Keywords: Security, information flow, tool, database

DOI: 10.3233/JCM-2009-0242

Journal: Journal of Computational Methods in Sciences and Engineering, vol. 9, no. s2, pp. S137-S147, 2009