Announcements

Center for Information Protection
UC Davis is planning to join the NSF I/UCRC Center for Information Protection. We are looking for companies to join our Industrial Advisory Board.
Find out more here!

Conferences and Workshops

• ISGIG 2009
• ACSAC 25
• PETRA 2010 (due 11/15)
• Oakland 2010 (due 11/18)

My Links

• My Home Page
• Books
• Classes
• Papers
• Reports and Notes
• Research
• Security in Programming
• Service
• Students
• Talks
• Miscellaneous
• My Family
• About Me (CV and such)

Other Links

• MyUCDavis
• Computer Security Lab
• Dept. of Computer Science
• College of Engineering
• University of California, Davis
• City of Davis
• County of Yolo
• State of California
• United States of America

This Quarter’s Classes

Office Hours for This Quarter

Contacting Me

Tree Approach to Vulnerability Classification

Citation

• S. Engle, S. Whalen, D. Howard, and M. Bishop, “Tree Approach to Vulnerability Classification”, Technical Report CSE-2006-10, Dept. of Computer Science, University of California at Davis, Davis, CA 95616-8562 (May 2006).

Paper

• PDF
  
• PS
  

Abstract

We present a classification scheme based on conditions which must hold for a vulnerability to exist. This scheme allows for vulnerabilities to fall into multiple classes without ambiguity, and enables analysts to focus on the causes of vulnerabilities. We use a tree-based approach to organize these conditions at different levels of abstraction.

Background