Your search keyword '"Glen Horton"' showing total 2 results

1. Detecting Software Security Vulnerabilities Via Requirements Dependency Analysis

Author

Glen Horton, Faryn Dumont, Nan Niu, and Wentao Wang

Subjects

Requirements engineering, Computer science, business.industry, 020207 software engineering, 02 engineering and technology, Tracing, Computer security, computer.software_genre, Security testing, Identification (information), Software, Software security assurance, Scalability, 0202 electrical engineering, electronic engineering, information engineering, Web application, business, computer

Abstract

Cyber attacks targeting software applications have a tremendous impact on our daily life. For example, attackers have utilized vulnerabilities of web applications to steal and gain unauthorized use of sensitive data stored in these systems. Previous studies indicate that security testing is highly precise, and therefore is widely applied to validate individual security requirements. However, dependencies between security requirements may cause additional vulnerabilities. Manual dependency detection faces scalability challenges, e.g., a previous study shows that the pairwise dependency analysis of 40 requirements would take around 12 hours. In this paper, we present a novel approach which integrates the interdependency among high-level security requirements, such as those documented in policies, regulations, and standards. We then use automated requirements tracing methods to identify product-level security requirements and their dependencies. Our manual analysis of HIPAA and FIPS 200 leads to the identification of five types of high-level security requirements dependencies, which further inform the automated tracing methods and guide the designs of system-level security tests. Experimental results on five projects in healthcare and education domains show the significant recall improvements at 81%. Our case study on a deployed production system uncovers four previously unknown vulnerabilities by using the detected requirements dependencies as test paths, demonstrating our approach's value in connecting requirements engineering with security testing.

Published

2022

2. QUOKKA, the pinhole small-angle neutron scattering instrument at the OPAL Research Reactor, Australia: design, performance, operation and scientific highlights

Author

David Federici, Shane J. Kennedy, Eno Imamovic, Friedl Bartsch, Robert A. Robinson, Christopher J. Garvey, Elliot P. Gilbert, Sungjoong Kim, Douglas Clowes, William A. Hamilton, John C. Osborn, Michael Deura, Peter Baxter, Terry Noakes, David Penny, Tony Lam, Nick Hauser, Kathleen Wood, Merv Perry, Chun-Ming Wu, Peter Abbeywick, Wai Tung Lee, Paolo Imperia, Jamie C. Schulz, Frank Darmann, Warren Brown, Norman Booth, Shane Harrison, Glen Horton, Stewart A Pullen, Norman Xiong, David Mannicke, Mark Lesha, Martin Jones, Jitendra P. Mata, Daniel Bartlett, Philip Hanson, Timothy D’Adam, Jason Christoforidis, Ferdi Franceschini, and Scott Olsen

Subjects

Neutron-velocity selector, Computer science, business.industry, Detector, Context (language use), 02 engineering and technology, Neutron scattering, 010402 general chemistry, 021001 nanoscience & nanotechnology, 01 natural sciences, General Biochemistry, Genetics and Molecular Biology, 0104 chemical sciences, law.invention, Lens (optics), law, Neutron, Pinhole (optics), Research reactor, Aerospace engineering, 0210 nano-technology, business

Abstract

QUOKKA is a 40 m pinhole small-angle neutron scattering instrument in routine user operation at the OPAL research reactor at the Australian Nuclear Science and Technology Organisation. Operating with a neutron velocity selector enabling variable wavelength, QUOKKA has an adjustable collimation system providing source–sample distances of up to 20 m. Following the large-area sample position, a two-dimensional 1 m2 position-sensitive detector measures neutrons scattered from the sample over a secondary flight path of up to 20 m. Also offering incident beam polarization and analysis capability as well as lens focusing optics, QUOKKA has been designed as a general purpose SANS instrument to conduct research across a broad range of scientific disciplines, from structural biology to magnetism. As it has recently generated its first 100 publications through serving the needs of the domestic and international user communities, it is timely to detail a description of its as-built design, performance and operation as well as its scientific highlights. Scientific examples presented here reflect the Australian context, as do the industrial applications, many combined with innovative and unique sample environments.

Published

2018